One Secure Boot to bring them all
and in the darkness bind them.
People in the Googleplex need to talk to each other more: the Chocolate Factory has launched a third product with “Titan” in its name, and it's only related to one of the other two bits of kit. The latest Titan to be welcomed by a waiting world is Titan M; a custom chip that adds extra security features to Mountain View's …
Google admitted today that there had been a Titan-ic blunder when they discovered the keys to Titan missile launch codes while pen-testing mobile products.
An anonymous, but senior source said "We take the security of the planet very seriously. I will be er, launching, an investigation into how project code names are generated as soon as possible"
Why bother? I'm not sure the Pixel hardware appeals to the Lineage OS crowd. Pixels main selling points are the camera software and co-processor to accelerate it, plus some extra Googley launcher. No SD card, no headphone socket. The screen is on Pixel 3 is superb*, but practically no better than the latest Samsungs - which are a more common target for alternative Android versions.
*In lab tests, the Note 9 had the best display crown, then the latest iPhone XS, now the latest Pixel. All panels made by Samsung (though Apple use their own display driver silicon)
"The screen is on Pixel 3 is superb*, but practically no better than the latest Samsungs"
The IFixit guys tore a Pixel 3XL down to find that the screen IS from Samsung.
They also say that the standard Pixel 3 uses an LG display.
Yeah, I meant the Samsung phones. Each new phone released recently with a Samsung panel, be it Samsung, Apple or Pixel phone, has a slightly better screen - according to DisplayMate - than the last. One would expect the next Samsung flagship to regain the crown and the cycle repeat.
However, the differences aren't that big, and one may be a tad brighter and one may have ever so slightly better colour accuracy.
Apple use their own 10bit colour display adapter on the iPhobe XS that consumes enough power that even when displaying a black image the OLED panel's efficiency advantage over LED is lost.
"Given the last paragraph, does this mean we can or can't install something like lineageOS on"
The main reason for all the "security features" in the smartphone world is to secure busines models.
If "lineageOS" threatens a busines model in any way (which it likely does) there is a motive to prevent it from booting.
where the each step of the boot verifies the next step, and any change to anything on the system partition changes the root signature. How is this any different? (except it's done in hardware?)
"The dm-verity feature lets you look at a block device, the underlying storage layer of the file system, and determine if it matches its expected configuration. It does this using a cryptographic hash tree. For every block (typically 4k), there is a SHA256 hash.
Because the hash values are stored in a tree of pages, only the top-level "root" hash must be trusted to verify the rest of the tree. The ability to modify any of the blocks would be equivalent to breaking the cryptographic hash."
If it's true (as it sounds like it is) that this prevents the owners of these phones from replacing the ROM or performing other system-level tinkering, then I am now convinced that Google is entirely uninterested in addressing any smartphone market except for the "stupid but rich" demographic.
...I actually consider that a good thing.
also records the last known “safe Android version,” and blocks attackers from trying to downgrade a device to an older and less secure version.
Google opinion of last safe may not equate to mine and I may want to downgrade to deal with regressions or them outright crippling the device deliberately so it is no longer usable. An example here would be they way they broke the original Nexus 7 upgrading from Android 4.x to 5. They broke a perfectly viable (by those days standards) device and refused to admit to it for half a year.
The few survivors of that upgrade had to "assemble" a viable bootloader + OS load from the older images floating online. I remember spending half an afternoon extracting images pulling the bootloader out of them and flashing different combinations.