Comment by enthdegree

The details in this comment are messed up and shouldn't be taken as authoritative.

- Getting the device's BL1/BROM into download mode (where it waits for an upload of a Preloader/BL2 from outside), for these devices itself does not involve exploits. Kamakiri is an exploit in the upload process that gives an execution point at that stage.

- The BROM on Kobos (at least the old ones, P365's) don't have security enabled as far as I know. (Unless somehow they are lying to us when we ask, which there is no evidence of). They only do some integrity checks (header magic #s, checksums).

- Security on Kobos happens down the chain, starting at the Little Kernel apparently jumped to from the Preloader. I am still learning about the Clara BW's boot process.