Project

General

Profile

Re-locking the bootloader

Added by repli CAN almost 9 years ago

Ok, so I've got Replicant installed on my encrypted device (BIG thanks to Paulk & everyone working on this project); consequently, the bootloader is unlocked.
Is it possible to re-lock the bootloader without wiping the phone clean?
If so, what would be the advantages of doing this?
What would potential disadvantages be?
I have found this app: https://play.google.com/store/apps/details?id=net.segv11.bootunlocker&hl=en
Would this app add a layer of security for a thread model which included physical access to the device
...or just a false sense of security?

Thanks in advance :)


Replies (4)

RE: Re-locking the bootloader - Added by My Self almost 9 years ago

IMHO with a locked bootloader Replicant should not be able to boot anymore.
If you really mean your 'bootloader', this little article should answer your question(s): http://forum.xda-developers.com/wiki/Bootloader

RE: Re-locking the bootloader - Added by repli CAN almost 9 years ago

So could someone with physical access to the device add malicious software with access to the phone's "GRUB"?
Is there a way to protect access to "GRUB" like by password protecting it?

After reading the XDA link you posted & re-reading the app's description that I posted, I don't think this app could do what I was thinking it could do.

RE: Re-locking the bootloader - Added by Paul Kocialkowski almost 9 years ago

It really depends whether having a locked bootloader means that it will only boot kernels produced by Google (I doubt that a little).
One could try to install Replicant, lock it (fastboot oem lock) and see if it still boots. The advantage here is that reflashing the phone through the bootloader will require to unlock it and thus erase all personal data.

Nevertheless, bear in mind that there are other ways to reflash the phone, for instance through recovery or in the running system, with sufficient rights.
Generally speaking, anyone with physical access to the device is able to reflash it.

RE: Re-locking the bootloader - Added by My Self almost 9 years ago

It really depends whether having a locked bootloader means that it will only boot kernels produced by Google (I doubt that a little).

Sorry, I've forgotten to say that. In my special case, on a Samsung device with >non-free< bootloader (http://www.replicant.us/freedom-privacy-security-issues.php) it should not boot anymore...

Nevertheless, bear in mind that there are other ways to reflash the phone, for instance through recovery or in the running system, with sufficient rights.

This way please for the discussion about that: http://redmine.replicant.us/boards/39/topics/8883

Generally speaking, anyone with physical access to the device is able to reflash it.

That's the unfortunate truth.
With physical access you also (mostly simple) could reset BIOS protections of your desktop-PC/notebook/... and could reflash/modify/... these, too. The only way (and useless advice) is, trying to prevent unauthorized physical access from other people :-/

    (1-4/4)