Verified Boot - Lock Bootloader

How can an end user set up verified boot for /e/?

If you are using /e/ the bootloader must stay unlocked because /e/ doesn’t have native support for verified boot. Verified boot is required to lock the bootloader after installing /e/.

Verified Boot is important for true device security and privacy. Any mainstream stock OS will use verified boot. It is counterintuitive to replace a stock OS with a “secure” OS that lacks stock OS security features.

How can verified boot be set up or /e/ to enable locking the bootloader?

5 Likes

@Manoj I think a e-developer should answer this. Could you pls assign ?
Thx

Thanks @harvey186 and @dow for raising this point. Will share with dev team and get back with the response.

1 Like

Hi @rhunault is it possible that this is addressed in the /e/ ROM.

We already had a look about this point. Unfortunately, it seems a bit difficult to lock the bootloader with another ROM than the official one. Please feel free to open an issue on our GitLab to discuss about that.

Just logged something
https://gitlab.e.foundation/e/os/android_build/issues/7

Is there a specific hurdle that prevents this from being possible, or is it just something that is difficult in general?

First of all, it’s just dangerous, because in case of any serious OS malfunction, your phone could be totally bricked. Also, if I understand it correctly, it is not possible to combine TWRP with a locked bootloader on the modern A/B devices, so this installation method isn’t suitable if Verified Boot is on. (There’s probably a way to sign TWRP with the same key to make it work, but I’m pretty unsure about that.)

Simply use encryption and make a complete reinstallation (includes recovery) if your device has been out of your sight for a long time in suspicious hands.

And take another look to: GrapheneOS — privacy and security focused mobile OS

I’m happy, that my bootloader is unlocked, because I love the freedom to do what I want on my device

I like the concept “privacy” with “verified boot” and “enable locking the bootloader” from GrapheneOS. That this should be possible exclusively with Google Phone - is pure irony.

1 Like

i think if its possible even for just a selected few devices to re-lock the bootloader it would be nice. @e.follower encryption is cool, but locked bootloader is cooler. One of the things I heard Gael say over and over is that /e/ is targeting average users, not just geeks. Locking the bootloader and therefore skipping the boot message saying “your phone is at risk” would definitely help giving the OS a more professional image that’s a viable alternative to pre-installed android or IOS.

2 Likes

There are only a small number of devices which are known to relock the bootloader. I am trying GrapheneOS on a Pixel 2 and the locked boot loader definitely looks more developed than the unlocked bootloader. It is also quite important for security as it closes a large door for hacking attempts. Note that CalyxOS also supports a locked bootloader.

Yes, CalyxOS »A mobile phone operating system built with “Privacy by Design”« supports like GrapheneOS only G-Pixel phones. I avoid “G” wherever possible. That’s why G-devices are out of the question.

If you followed my link above, you might have found out that Xiaomi’s Android One devices have the same capabilities.

The locking of the bootloader on Pixels (and Nexus before that) is there as these are the devices used to develop Android. It is thus necessary for a developer to be able to lock and unlock as required to modify the system easily. Other manufacturers have little incentive to offer such functionality.

@archie as much as you dislike G-devices they are what Android is developed for, and while I too was reluctant to go with the Pixel at the start, android and derivatives run extremely well on them. And in the end we are using a G developed OS.

@anon84098008, I appreciate the services that Google has provided for the Internet and Android. But Google has developed such a great supremacy, or in other words, monopolistic market structure, which is not conducive to a free society.

Years ago, I was still using various Google services. For years I haven’t even used the really fantastic G-Serach, no G-Mail, no G-Hardware. Google’s “Don’t be evil” is no longer true for me. By the way, my attitude also applies to Amazon, Facebook, Twitter & Co.

1 Like

/e/ is in beta-stage and We/ are beta-testeurs, maybe the stable-final-commercial version should/could be relocked if it present sécurity interest regarding non geek using.

1 Like

I agree, we can say a lot of bad things about Google when it comes to privacy, but their security is quite ok. Verified Boot is also done at OEM-level:

Verified Boot

Verified Boot strives to ensure all executed code comes from a trusted source (usually device OEMs), rather than from an attacker or corruption. It establishes a full chain of trust, starting from a hardware-protected root of trust to the bootloader, to the boot partition and other verified partitions including system , vendor , and optionally oem partitions. During device boot up, each stage verifies the integrity and authenticity of the next stage before handing over execution.

In addition to ensuring that devices are running a safe version of Android, Verified Boot checks for the correct version of Android with rollback protection. Rollback protection helps to prevent a possible exploit from becoming persistent by ensuring devices only update to newer versions of Android.

In addition to verifying the OS, Verified Boot also allows Android devices to communicate their state of integrity to the user.

When the e.foundation starts to work with OEM’s that provide /e/ on their phones they will probably talk about verified boot.

There is a very helpful explanation on this issue here: https://community.fxtec.com/topic/2606-rom-ungoogled-stock/page/2/ (starting at about 2/3 of the comments)

In short: it is not really worth it.

1 Like