I am seeing a growing discussion on the need for more Linux phones in the market given Google’s problematic behaviour w.r.t the changes that will be introduced to that OS.

One very good point that some community member raised was that Android itself wasn’t the problem but the locking of the bootloader in the phone. If the bootloader could be unlocked, then it significantly lowers the bar for the end user to install their OS of choice.

I have dabbled with flashing OSs in old smartphones (GrapheneOS, Post market and Lineage). I commend the developers because I could do that without truly having to “understand the code” at the lower levels. But I assume that was possible because the boot loader could be unlocked somehow*. It seems that isn’t the case with many/most phone fro. Samsung / Xiomi, etc.

Are their bootloaders truly unlockable? Is it simply impossible to unlock and relock bootloaders?

  • I know that with lineage, the bootloader couldn’t be relocked and that was touted as a security flaw. If someone could explain why this lock/unlock is so complex, I’d appreciate it.
  • Wispy2891@lemmy.worldEnglish
    4·
    7 days ago

    Even nintendo, who has been notoriously laughably bad at this kind of thing

    It blew my mind that they implemented RSA cryptography for the DS, with every cartridge encrypted with an unique game specific key… but then forgot to check if the signature was valid, making this completely useless. And they left this unpatched for the whole console generation

    • ragebutt@lemmy.dbzer0.comEnglish
      5·
      7 days ago

      The 3ds free shop debacle with titlekeys being easily reused was pretty bad too. Like I suppose it could happen to anyone but if that happened to MS or Sony you know it would be patched in a matter of days (or hours, even) whereas the free shop worked for almost 2 full years. It is absolutely unimaginable in the modern context to think that a modern gaming company would allow an exploit that allowed you to simply download any game or update you wanted from their cdn and have your console immediately see it as legit. To think that such a thing would go on for years is mind blowing nowadays (and partially explains why the switch 2 is draconian, though it doesn’t excuse it. Just do better at security)