Comment by j4hdufd8
6 days ago
"Silicon baked private keys" are really vague buzzwords. That's pretty much standard and it can be implemented in a variety of ways.
Not sure why you're calling this non-unlockable. Everything is unlockable with enough money.
You're not going to be decapping and recapping SoCs at scale... Lots of eFuse implementations are just writable ROMs with erasing lines disabled, and people aren't taking out particle accelerators to wipe them.
Whatever silly OTP implementation is involved is 99.9% irrelevant to unlocking a phone, and OTP for root-of-trust has been in use in phones for 15+ years anyway.
Maybe we use some hardware-level trick to get to some protected firmware initially to reverse engineer it, but almost universally it's what reads the state of the fuses (or something after it) that actually gets exploited. That's changing, too, but in general very slowly and at at the pace of hardware manufacturers learning how to make software (aka, glacial with a few notable exceptions).