top | item 44944454

(no title)

mckenzba | 6 months ago

What does giving apps root permissions have anything to do with rooting a device? Rooting in this context means unlocking the bootloader to allow for a custom OS/kernel that isn't signed by the OEM. You can have a rooted device while still running an OS that restricts apps (that behave) from having root account access.

I'd rather have the ability to enroll my own keys so I can boot my own signed OS and maintain a root of trust that I own much like what can be done on desktop Linux with a TPM. IIRC Google's Pixel phones have this ability (and are one of the few phones that have this ability if I'm not mistaken).

discuss

preisschild|6 months ago

> Rooting in this context means unlocking the bootloader to allow for a custom OS/kernel that isn't signed by the OEM

That would not be the correct usage of the term "rooting". "Rooting" on Android systems generally means to install a `su` binary (like Magisk) that you can use to give apps root permissions, thus completely circumventing the normal android app permission system.

> I'd rather have the ability to enroll my own keys so I can boot my own signed OS and maintain a root of trust that I own much like what can be done on desktop Linux with a TPM. IIRC Google's Pixel phones have this ability (and are one of the few phones that have this ability if I'm not mistaken).

I agree completely. I have a Google Pixel and use this with GrapheneOS.

This feature is `called avb_custom_key`, and yeah, unfortunately only some devices support it.

https://github.com/chenxiaolong/avbroot/issues/299