[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: EFI in Debian

On Sun, Jul 08, 2012 at 10:00:05AM -0600, Paul Wise wrote:
> On Sun, Jul 8, 2012 at 7:15 AM, Wookey wrote:
> > Will Android machines make secure boot turn-offable or another key
> > installable, or will thay follow the Microsoft lead and lock
> > everything down too?
> Are there any Android devices that aren't *already* bootloader locked
> or require jailbreaking to get root? I don't think Microsoft is
> creating a trend here, locked down ARM devices are already the norm

The Galaxy Nexus (and Nexus devices in general) can be unlocked by
simply running the "fastboot oem unlock" command which is distributed
as part of the Android SDK.  The unlock process will erase all of the
user data for security reasons (so that if someone steals your phone,
they can't use the unlock process to break security and grab all of
your data, including silly things like the authentication cookies
which would allow an attacker access to your google eaccount).

HTC and ASUS have also been selling their newer android with an
unlocked bootloader.  Most Samsung devices are shipped with unlocking
tools, so it came as a bit a surprise when the Verizon Samsung Galaxy
S3 came with a locked bootloader.  Some have blamed Verizon, but
there's no proof of that as far as I know.

So in answer to your question, there are plenty of Android devices
which are trivially unlockable.  (And once a Nexus phone is unlocked,
it's you can get a root shell trivially; no jail-breaking necessary.
Of course this is true for an attacker/thief who has managed to steal
your phone, but if you want to unlock the phone, it's easily doable on
many Android devices.)

	   	    	    	   - Ted

P.S.  Personally, I recommend that people buy SIM unlocked, and easily
boot-unlocked Android phones; and if you get Google Experience Nexus
that isn't subsidized by Carriers, its firmware updates don't have to
get approved by carriers.  It also means you don't get any
carrier-mandated or handset-manfacturer-mandated bloatware.

Reply to: