Most modern manufacturers disallow unlocking the bootloader and flashing unsigned firmware, which is a requirement for this kind of thing.
c0l0•34m ago
LineageOS isn't unsigned, it just happens to be signed by keys that are not "trusted" (i.e., allowed - thanks for the correction!) by the phone's bootloaders.
dijit•30m ago
thats effectively the same thing.
The whole point of the majority of PKI (including secureboot) is that some third party agrees that the signature is valid; without that even though its “technically signed” it may as well not be.
c0l0•23m ago
I disagree. If LineageOS builds were actually unsigned, I would have no way of verifying that release N was signed by the same private-key-bearing entity that signed release N-1, which I happen to have installed. It could be construed as the effective difference between a Trust On First Use (TOFU) vs. a Certificate Authority (CA) style ecosystem. I hope you can agree that TOFU is worth MUCH more than having no assurance about (continued) authorship at all.
dijit•5m ago
Yes, I understand the value of signatures, but thats not how PKI works.
attila-lendvai•23m ago
not allowed is a clearer language here.
spaqin•6m ago
That's alright though. Recent devices still have manufacturer's support. LOS is a godsend for the older devices, often not as powerful as the new ones, that really need the lightweight, bloat free Android for smooth operation.
DeathArrow•1h ago
rixrax•45m ago
sspiff•43m ago
c0l0•34m ago
dijit•30m ago
The whole point of the majority of PKI (including secureboot) is that some third party agrees that the signature is valid; without that even though its “technically signed” it may as well not be.
c0l0•23m ago
dijit•5m ago
attila-lendvai•23m ago
spaqin•6m ago