So AFAICT, in practice a locked bootloader makes no difference to the most common attacks I've seen on my devices and that of friends&family. Seems like a far cry from your original claim that "This means that the most essential feature for your safety, the metaphorical lock on the front door of your house, is left broken and loose."
monnier
joined 2 years ago
But my point is that a remote attacker using privilege escalation can already do all of that even with a locked bootloader. "rootkits" don't need an unlocked bootloader.
Sorry, but that page does not seem to say what you wrote. E.g. I can't see how a remote attacker (such as a malign webpage, email, application, ...) could take advantage of an unlocked bootloader without being able to see (and modify) all the data on your phone. IOW I think what you write applies only to an attacker who has physically taken your phone (temporarily).
Your links are all broken (because of "..." elision)
Can someone point me at technical info about the risks of having an unlocked bootloader? From where I stand, the risks seem completely irrelevant (to take advantage of an unlocked bootloader, the attacker would need to have full access to your OS already). AFAIK, locking of bootloaders was never designed to protect the user, but only to let cell-phone providers restrict what phone users can do.
Ouais, et en plus tout semble indiquer que le PQ va venir au pouvoir (bien logiquement) juste après la CAQ. Malheureusement, tout indique aussi qu'ils ne vont rien nettoyer.
The question is: are they going to do something about it?
Encore des mesures anti-musulmans. Avec le PQ et leurs pubs anti-immigrants, c'est une course au racisme à vomir!
Ce serait pas caritatif, ce serait du simple gros bon sens, vu que c'est moins cher.
You make it sound like optical mouses were a no-brainer, but they were very much non trivial: it required both ingenuity and fairly sophisticated tech to make them work well.
Donner-leur un logement, ça coûte moins cher!
view more: next ›
I don't think it's a question of willingness to understand, but one of disagreement about the seriousness of the problem. Not to mention the implict idea that a "verified boot" is the only way to get that result. E.g. it's very easy to get to a "safe factory state" without that kind of locking, for example with an immutable boot loader, as is typically present in many ARM SoCs (Allwinner, Rockchip, ...). In that case you can revert to a safe state by downloading a known good OS image (using a trusted machine) and installing that image using only the immutable bootloader.