Could be a couple of workarounds : - Don't keep the flash driver in the operating system code - Send it as part of the update patch , which is of-course validated and has signed portions of both code and data. - Do an image "jump" instead of loading the update via the OS and then use the code in the update patch to actually do an upgrade and force a restart. So even if there was an escalation issue, inside you "patch" \updater code it really has no significance. - Don't do bootloader upgrades in the field :), but there might be some issues with that depending on the specifics that forced the bootloader upgrade.
-Abhinayak On Tue, Sep 22, 2009 at 11:40 AM, Jean-Baptiste Queru <[email protected]>wrote: > > Well, there's got to be some interplay between the plain system > operation and updating the bootloader if you want to be able to > initiate a system update from the regular system operation and have > that update flash a new bootloader. > > JBQ > > On Tue, Sep 22, 2009 at 11:36 AM, Abhinayak Mishra <[email protected]> > wrote: > > I would have expected the "root" privileges and fastboot to have been > kept > > independent of each other. If it is true that you can enable fastbot from > > inside the phone code, that for sure is worrying. Fastbot should be part > of > > the bootcode ideally and not the phone code itself. > > Getting root access on a phone would not be equivalent of unlocking it. > > Usually the subsidy locking would be implemented on the modem core and > > gaining root privileges on the application side would not allow you to > > change the modem image, but again if it allows you to enable flashing > using > > fastboot, then you for sure can replace the original modem image with any > > other image and be done with it. > > What is worrying is the fact that the phone code allows you to enable > > flashing because of a privilege escalation bug. Theoretically, you can > > replace the bootloader as well at this point and do away with any > signature > > validation making it equibvalent to your "dev" phone . The only saving > grace > > might be the way the ROM is set up to the secure boot and if it cannot be > > subverted. Then you would have to wait for some one to "accidentally" > > release a signed G1 bootloader which does not do signature validation. I > am > > sure they have a few of these bootloaders for development, you just have > to > > wait for one to leak out then! > > > > > > > > On Tue, Sep 22, 2009 at 11:25 AM, Jean-Baptiste Queru <[email protected]> > > wrote: > >> > >> There are 3 different aspects: > >> > >> -fastboot support in the bootloader: disabled (in theory) in consumer > >> devices, enabled in ADP1 (restricted to system, boot, recovery, cache > >> and userdata partitions, I think, i.e. stuff that can be flashed > >> safely without bricking), enabled in engineering devices with no > >> restrictions on partitions (i.e. can brick a device). > >> > >> -root access in the system image. disallowed (in theory) in user > >> builds (as used in consumer devices), allowed in userdebug builds (as > >> in the ADP1) and engineering builds. > >> > >> -SIM locking. US G1s are configured to only work with T-Mobile SIMs > >> (unless T-Mobile gives you an unlock code). Not sure about other > >> retail devices. ADP1 and engineering devices can use any SIM. > >> > >> Notice that the first two aspects are somewhat tied: if you have > >> fastboot access, you can flash a system that gives you root access, > >> and if you have root access (and access to the right files) you can > >> update the bootloader. Personally, I consider the second aspect to be > >> a weakness. > >> > >> JBQ > >> > >> On Tue, Sep 22, 2009 at 5:33 AM, nature <[email protected]> > >> wrote: > >> > > >> > I am confusion with the conceptions. what is the different with them? > >> > Does the G1 phone which is rooted become the dev phone? In my mind,the > >> > "rooted" make me have the root right for the phone.And the SIM card > >> > and the hardware in the dev phone is unlock.But I don't know what they > >> > mean for me. I want to customize own android system(and > >> > kernel).Through searching the information I found that the dev phone > >> > and the rooted G1 phone both can reach it.is it right? who can help > me? > >> > > >> > > > >> > > >> > >> > >> > >> -- > >> Jean-Baptiste M. "JBQ" Queru > >> Software Engineer, Android Open-Source Project, Google. > >> > >> Questions sent directly to me that have no reason for being private > >> will likely get ignored or forwarded to a public forum with no further > >> warning. > >> > >> > > > > > > > > > > > > > -- > Jean-Baptiste M. "JBQ" Queru > Software Engineer, Android Open-Source Project, Google. > > Questions sent directly to me that have no reason for being private > will likely get ignored or forwarded to a public forum with no further > warning. > > > > --~--~---------~--~----~------------~-------~--~----~ unsubscribe: [email protected] website: http://groups.google.com/group/android-porting -~----------~----~----~----~------~----~------~--~---
