SoylentNews is people
SoylentNews
Google is using the boiling frog method to exclude power users and custom ROMS from android.
A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here.
As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage", any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.
Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy roll back from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching netflix or accessing your banking sites if you dared to install linux or rollback windows.
To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health - "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues."
Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.
(Score: 3, Informative) by Pino P on Wednesday September 06 2017, @05:36PM (3 children)
All the Android devices I've owned already display separate screens for the bootloader and Android. The bootloader's screen is a still image, and Android's screen is what amounts to an animated GIF. An ASUS Nexus 7 (2012) tablet, for example, displays the word "Google" in white on black for a few seconds, followed by an animation depending on what version of Android is installed. If it's just 10 seconds, the customized boot modes would probably just put a conspicuous badge for the type of customization (end user key or unlocked) on the bootloader screen. So you might see something like this when you turn it on, while the bootloader is loading the kernel:
At least it isn't a Chromebook with its 30-second delay, loud beeping, and strong encouragement to press two keys to begin a factory reset.
(Score: 1, Insightful) by Anonymous Coward on Wednesday September 06 2017, @06:44PM (2 children)
who has never had to program real hardware in his life.
(Score: 2) by Pino P on Thursday September 07 2017, @04:46PM (1 child)
I have programmed real 8-bit hardware in the past two years, resulting in a physical product sold for money to end users.
The bootloader has to set up the chipset and load the kernel whether it is displaying a notice or not. In practice, how long does it take to set up the chipset and load the kernel? And how is it a bad idea to display some name associated with the kernel being booted so that the developer can be sure he has loaded the software that he thinks he has loaded?
(Score: 2) by jbernardo on Sunday September 10 2017, @08:23AM
The 10 seconds pause in the bootloader is exactly that - a pause of at least 10 seconds. The bootloader is doing nothing, just wasting the user's time. The rest of the bootloader time is around 1-2 seconds.
If you want to see how it will go, check a moto G4 plus (maybe even other models). Right now, they have implemented the stupidity with "only" 5 seconds, and it already feels like an eternity.