Comment by Retr0id
1 day ago
If you make a bootloader unlock require a full wipe/rekey of the device, and make unlock status visible at boot, most of the "someone might unlock my bootloader maliciously" concerns go away.
1 day ago
If you make a bootloader unlock require a full wipe/rekey of the device, and make unlock status visible at boot, most of the "someone might unlock my bootloader maliciously" concerns go away.
Right, but unless you prevent apps from being able to query for this status, the market will still force people into locked phones, because "sekhurity" isn't about actual security, but checking boxes and control.
Fairphone actually does this. My FP3+ displays a red bar with an open padlock as long as the bootloader is unlocked, and when one changes the bootloader lock one way or the other, the phone wipes itself.
Fair point, but that solution doesn't address the market for theft, so there's a tradeoff there.
If you put the icloud-lockout stuff early enough in the boot chain (which I believe is the case on apple silicon macs already?), that seems like a solvable problem too. I can understand why apple hasn't put the engineering effort into making something like this happen, but I don't think it's because they can't make it happen.
And it is not stopping people from steal IPhones as they can resell parts as usual.
The stolen parts have serials on them that get blacklisted. iOS isn't going to run with a camera that's been marked as stolen.
1 reply →