On Fri, 21 Apr 2023 22:34:54 +0100 J05HYYY via Replicant wrote: > However, if the bootloader is unlocked [...]
Is it? How do I know? > Furthermore, you can flash an unsigned boot.img if the system.img is > signed (I have just tried this and it boots ok) Thanks for the info. But is it correct and secure to do that? Also, is the original boot.img (or any of its parts) signed somehow? I am careful not to do something wrong and reduce the security of the system. I wonder if simply running a diff between the unpacked original boot.img and the unpacked compiled one would be meaningful to check that. IOW, are the builds supposed to binary identical in their non-signed parts? The documentation also says nothing about which particular files to flash to the device. My result when building the whole OS was similar to the one shown at the end of https://redmine.replicant.us/projects/replicant/wiki/GenericReplicant60Build However, it is not clear: What are signed-target_files-i9300.zip and signed-img-i9300.zip? Should one flash those or the other ones (which have names like the ones we download from the website)? If the signed-* files are to be flashed - why? If not - what is their role? There is a significant difference in their sizes, compared to replicant-* files. It is very confusing there is no documentation about that. I hope you can shed some light on these matters. _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
