The official answer is that with no bootloader locking, there is no way to prevent an evil maid attack (replace OS with a replica that logs your passwords, exfiltrate them later). The real reasons are anyone's best guess...
If the flash bootloader is failing to verify, I should be able to send a new one over the USB port, even if that requires wiping the device for security purposes. Defending against an evil maid attack doesn't explain why I can't do that.
Read the post from dmitrygr again or mine. The bootloader does not get loaded, because the verification fails. That means there is no way to wope or reset the device. Without a signed firehorse binary you can't do anything, because EDL just won't talk to you.
I get that, but there should be something in the ROM that can reflash the device.
It already has signature verification code, which is the hard part to fit into a tiny ROM.
> Without a signed firehorse binary you can't do anything, because EDL just won't talk to you.
So... either they should release a firehorse binary that can wipe devices, or they should add a small bit of code that can wipe and flash without needing a firehorse binary.
As I read it, dmitrygr was saying that the ostensible reason you can't do anything is fear of evil maid attacks, but that ostensible reason doesn't explain why there isn't a wipe+access mode. And "the bootloader is corrupt" isn't the reason, because this is about the pre-bootloader code.
> So... either they should release a firehorse binary that can wipe devices, or they should add a small bit of code that can wipe and flash without needing a firehorse binary.
And how should they add code to a ROM of yet bricked devices?
> As I read it, dmitrygr was saying that the ostensible reason you can't do anything is fear of evil maid attacks, but that ostensible reason doesn't explain why there isn't a wipe+access mode. And "the bootloader is corrupt" isn't the reason, because this is about the pre-bootloader code.
> And how should they add code to a ROM of yet bricked devices?
I'm criticising the original design. Read that "should" as talking about the past.
> Well, ask Google? :-)
Why? I don't care what they have to say (unless they have something surprisingly interesting to contribute), I'm just accusing them of doing this wrong.
