It's possible to unlock the bootloader of most Nexus devices from the normal android system without losing data once you have gained root access. This works by simply using dd to change the unlock state: https://play.google.com/store/apps/details?id=net.segv11.bootunlocker
I think you can have nearly the same level of security (minus allowing only your own keys) by keeping the bootloader locked and keeping the stock recovery. If you want to update, you have to: get root access (secured by PIN), unlock the bootloader, reboot into the bootloader, boot a custom recovery image (using 'fastboot boot', this won't flash it), install update, reboot, get root access, lock the bootloader again.
But there might still be a completely different attack vector, depending on some debug interfaces hidden behind multiplexers. This is a good starting point: http://greatscottgadgets.com/infiltrate2013/ossmann-osborn-bhusa2013-whitepaper.txt
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Alternative: unlock the bootloader without wiping
Date: 2014-07-07 08:34 pm (UTC)I think you can have nearly the same level of security (minus allowing only your own keys) by keeping the bootloader locked and keeping the stock recovery. If you want to update, you have to: get root access (secured by PIN), unlock the bootloader, reboot into the bootloader, boot a custom recovery image (using 'fastboot boot', this won't flash it), install update, reboot, get root access, lock the bootloader again.
But there might still be a completely different attack vector, depending on some debug interfaces hidden behind multiplexers. This is a good starting point: http://greatscottgadgets.com/infiltrate2013/ossmann-osborn-bhusa2013-whitepaper.txt