Are there actually (current, available, lineage-supported(1)) COTS phones, where you can add your own signing keys, and then re-lock the boot-loader? With mainline/non_ancient Linux kernel?
Because without that, aren't all (modded to unlocked_boot-loader) Android devices susceptible to an Evil-Maid attack? Even if the device/user uses FDE, the evil maid could just spoof the key-entry frontend, no?
> Are there actually (current, available, lineage-supported(1)) COTS phones, where you can add your own signing keys, and then re-lock the boot-loader? With mainline/non_ancient Linux kernel?
`fastboot flashing lock` is available on some phones, but is there a comprehensive list somewhere of devices, where you can freely/add remove signing keys?
Because without that, aren't all (modded to unlocked_boot-loader) Android devices susceptible to an Evil-Maid attack? Even if the device/user uses FDE, the evil maid could just spoof the key-entry frontend, no?
(1) or whatever other ALT-Android/Linux FW.