That first link talks about how it requires an unlocked bootloader, therefore verified boot is disabled and the device is less secure.
While that is true, I think that’s a bit of an unfair thing to hold against it considering on most Android phones, you need to unlock the bootloader to run anything the OEM doesn’t approve, and most vendors do not support installing your own keys.
That should be a criticism against the OEM for forcing you to weaken the security of the device to have full control over it, not Lineage. That is not really their fault.
I think it would be nice of them to mention that the signing keys being held by the OEM and the OEM only is a massive security (and freedom!) weakness on it’s own, and that without being able to sign everything yourself, you can’t really be certain of the security of your device, as you cannot control everything on it.
Any source on this?
Lineage allows people to have newer android/security patches on end-of-life phones, that’s a pretty good security argument.
https://madaidans-insecurities.github.io/android.html#lineageos
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation
That first link talks about how it requires an unlocked bootloader, therefore verified boot is disabled and the device is less secure.
While that is true, I think that’s a bit of an unfair thing to hold against it considering on most Android phones, you need to unlock the bootloader to run anything the OEM doesn’t approve, and most vendors do not support installing your own keys.
That should be a criticism against the OEM for forcing you to weaken the security of the device to have full control over it, not Lineage. That is not really their fault.
I think it would be nice of them to mention that the signing keys being held by the OEM and the OEM only is a massive security (and freedom!) weakness on it’s own, and that without being able to sign everything yourself, you can’t really be certain of the security of your device, as you cannot control everything on it.