Does FP4 have secure boot or verified boot? Yes!

Hi @anon9989719 thanks for replying.
You are right, in the thread I’ve linked to they discuss this specific case where someone has unlocked their bootloader. However, in the post I linked to from @Micka he explains that “Fairphone 3 does not have ‘secure boot’ enabled [2]

I would like to clarify that unlocking and locking the bootloader and having secure boot are two different kind of security concepts and measurements. In principle even a locked bootloader would not protect you from an Evil maid attack if a sufficiently powerful and motivated adversary would implement it.
I’m not directly worried that someone can read my encrypted data if I just loose my phone.
I’m more worried that the following happens:

  • Adversary gets physical access to my phone and installs some kind of very low level malware that gets executed through the bootchain (again, this is possible even in the presence of a locked bootloader as long as there is no cryptographically verified boot chain (aka. secure boot or verified boot)
  • I don’t notice the attack and use my phone normally afterwards. This means I enter my decryption passwords.
  • The malware can then potentially log my passwords and could leak the password alongside all other information on my phone to the adversary.
3 Likes