Hello,
I own a Fairphone 3+ and I would like to know if that would be possible to benefit from Verified Boot for this phone model in the future with iodéOS. Verified Boot | Android Open Source Project
I see that a custom key is provided for the Fairphone 4 model so I’m hoping this is not a huge work to do the same for the Fairphone 3+… iode / ota · GitLab
Well, this may be possible to provide a custom avb key but it would break OTAs for actual users that relocked their bootloader, so unfortunately we probably won’t do that.
However, if you relock your bootloader, you have a verified boot. The difference is that the keys are google public test keys (which Fairphone use to sign their kernels…). Using a custom key probably improves security, but with the bootloader locked, plus the fact that iodé’s signature is checked by the recovery/OTA mechanism, I don’t se well how a relocked device could be compromised.