← Back to context

Comment by zb3

24 days ago

It's Google's fault. I want to buy a smartphone without AVB at all. With no "secure boot" fuse blown (yes I DO know that this is not the same fuse) and ideally I'd want to provision my own keys.

But vendors wouldn't be able to say the device runs "Android" as it's trademarked. AVB is therefore mandatory and in order for AVB to be enforced, you can't really control the device - unlocking the bootloader gives you only partial control, you can't flash your own "abl" to remove AVB entirely.

But I don't want AVB and I can't buy such device for money.. this isn't free market, this is Google monopoly..

4 comments

zb3

Reply
digiown  24 days ago

The closest thing you can get is probably the Pixel, ironically. You can provision your own keys, enroll it into AVB, and re-lock the bootloader. From the phone hardware's perspective there is no difference between your key and Google's. No fuse is ever blown.

  • zb3  24 days ago

    That's not really true, there will be a warning shown that "the phone is loading a different operating system" - I've seen that when installing GrapheneOS on my pixel.

    But it's not just about that, it's about the fact that I can't flash my own "abl" or the software running in the TrustZone there at all as I don't control the actual signing keys (not custom_avb_key) and I'm not "trusted" by my own device.. There were fuses blown as evident by examining abl with its fastboot commands - many refuse to work saying I can't use it on a "production device". Plus many of those low-level partitions are closed source proprietary blobs..

    Yes yes - I DO understand that for most people this warning is something positive, otherwise you could buy a phone with modified software without realizing it and these modifications could make it impossible to restore the original firmware.

    • digiown  24 days ago

      Ah, I forgot about the warning. Are the blown fuses you're talking about related to to your unlocking though? Or did they just remove the debug functions. I guess it reduces the attack surface somewhat.

      I do agree it's far from ideal though. But there are so many, much worse offenders that uses these fuses to actually remove features, and others that do not allow installing a different OS at all. The limited effort should probably be spent on getting rid of those first.

      1 reply →