Comment by fragmede

14 hours ago

There is and there isn't. Your phone, almost certainly, with a shorter list of exceptions than not, has a locked bootloader and consequently cannot run unsigned software with full permissions without additional work. Sometimes that work is impossible to do. In terms of capabilities, sure, your phone is as capable, if not more capable than a desktop computer from a decade or two ago. The phone in my hand that I'm writing this from is 100 times more powerful than the computer I had as a kid. So that's an important point to make. However the specialness of phone silicon is the locked down bootloader and the downstream effects of that. You can point out exceptions where you can unlock the bootloader, but those are exceptions. The vast majority of phones you aren't going to get root on. So in that dimension, that's what's special about phone silicon. The signed chain-of-trust that is baked in and prevents you from running unsigned binaries with full permissions on phone silicon.

3 comments

fragmede

Reply
xyzzy_plugh  14 hours ago

You are conflating many things here. A locked bootloader does not imply you cannot run unsigned software in user space. There are also many phones that do allow you to unlock the bootloader. I have a drawer full of them.

Finally, the ability to allow you to unlock your phone bootloader or to run custom firmware has nothing to do with the silicon. It's a software choice. The trusted software could most certainly decide to disable these safeguards.

  • fragmede  12 hours ago

    It most certainly could, but will it? I have that same drawer. There is absolutely custom silicon dedicated to putting up those safeguards. The problem is the trusted software decides wether or not to disable those safeguards is what makes it special.

  • beeflet  11 hours ago

    >A locked bootloader does not imply you cannot run unsigned software in user space.

    In the long term it does because the purpose is to provide the scaffolding for remote attestation. Once remote attestation becomes the norm, it transitions into becoming a de-facto requirement for doing pretty much anything in the real world. Today, banking apps. Tomorrow, getting past the cloudflare turnstyle. The next day, everything.