Comment by palata
1 day ago
I think you're confused.
I you run GrapheneOS, it is an open source platform built on top of AOSP (the Android Open Source Project). Part of the security model is that you don't run as root. I am an advanced user and I don't want to run as root on my phone, I am happy with GrapheneOS as it is distributed.
Now if you want to be root, you can install an OS that allows you to be root. Just like I unlocked my bootloader, installed GrapheneOS and relocked my bootloader, you can do that and install whatever you please. I will keep using GrapheneOS because that is the most secure OS I can find for my phone.
The problem, IMO, is not that "some OS are opinionated and don't give you root access while other OSes do give you root access". The problem is that on many phones, you are not free to install the goddam OS you want (e.g. because you can't unlock or relock the bootloader).
Meh, I'm ok with not having root on my phone. What I'm not ok with is not being able to flash whatever I want to run on it later without unlocking and wiping. For this reason I have an automated script to verify Graphene's signatures and replace them with my own. This would give me the ability to extract data using root at a later date, for example.
> What I'm not ok with is not being able to flash whatever I want to run on it later without unlocking and wiping.
The wiping is a security feature: if someone installs a new random system ("random" being defined as "not signed by the same entity"), then they can modify the system in order to attack it. The whole secure boot idea is worthless if you allow that.
I don't disagree. I just don't want the trusted entity to be other than me.
Note that secure boot doesn't become worthless just because you can flash something different. The TPM should notice SB is turned off, and should refuse to decrypt, but there should be a way for the user to back up the key and use it to recover the data later.
Root used to just mean knowing an admin password and rarely using it on desktop platforms for making local changes. It's changed definition for mobile if it now means just being able to run and auto-update apps from fdroid or run an app without the attestation of the company that supplies the OS, which in the worst cases takes away control completely from the user.
Mobile platforms and developers solely supporting their attestation should allow other forms of self attestation that the users want. I don't think I'm confused about anything, and I don't need to muddy the definition of security or root to argue having control over my data and apps on platforms I want to use.
Respectfully, I genuinely don't understand what you are talking about.