Right, I didn't mean to use this whole using-root-to-dd-the-bootloader procedure as an attack vector, but as a simpler alternative to your solution (which is much more elegant and portable).
I don't see any way to crack either version of security - besides exploitable bugs in the bootloader or recovery system. The only way into a system secured like this I could think of, but didn't inspect any further, are these multiplexer-hidden interfaces. Once such an interface allows low-level write access (ignoring any key checking measurements), you're pwned. Might be a place for "data forensics" backdoors.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Alternative: unlock the bootloader without wiping
Date: 2014-07-07 09:00 pm (UTC)I don't see any way to crack either version of security - besides exploitable bugs in the bootloader or recovery system. The only way into a system secured like this I could think of, but didn't inspect any further, are these multiplexer-hidden interfaces. Once such an interface allows low-level write access (ignoring any key checking measurements), you're pwned. Might be a place for "data forensics" backdoors.