Is there a way to lock the bootloader and keep a ROM different from the one the device shipped with? Or do I need to relock and reunlock every time I need to update the custom ROM, with all the data loss this implies?
Is there a way to lock the bootloader and keep a ROM different from the one the device shipped with?
That might depend on the device. I used to tinker and switch a lot, but haven’t in years. I do however have GrapheneOS (which is not a ROM, but “a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project”) on my Pixel and it gets regular updates. Most times weekly/every-other-week, but at worst monthly with the monthly security patches, often before Google releases them…all with the bootloader locked, per GrapheneOS’ recommendation.
I say all that to say…not 100% sure outside of my personal and recent experience with GrapheneOS on Pixels, and I haven’t had enough coffee yet to do research into phones I don’t have.
Since you cannot unlock the bootloader without going into the OS now, I prefer to leave it unlocked but stock.
That way, if the device ever cannot boot, I can at least Adb pull my data off the device from fastboot.
That’s makes it much less secure and is a wide attack surface.
https://grapheneos.org/install/web#locking-the-bootloader
Is there a way to lock the bootloader and keep a ROM different from the one the device shipped with? Or do I need to relock and reunlock every time I need to update the custom ROM, with all the data loss this implies?
That might depend on the device. I used to tinker and switch a lot, but haven’t in years. I do however have GrapheneOS (which is not a ROM, but “a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project”) on my Pixel and it gets regular updates. Most times weekly/every-other-week, but at worst monthly with the monthly security patches, often before Google releases them…all with the bootloader locked, per GrapheneOS’ recommendation.
I say all that to say…not 100% sure outside of my personal and recent experience with GrapheneOS on Pixels, and I haven’t had enough coffee yet to do research into phones I don’t have.