| 17 Jul 2021 |
 hmenke | For NFC payment you need Google's device attestation called SafetyNet. There is an implementation in microG, but that never worked for me. The only times I've seen SafetyNet work correctly was on stock ROMs. | 19:56:23 |
 samueldr | yeah, safetynet is the "secure" part I was thinking about but couldn't remember the name... | 20:04:33 |
| samueldr | ... and is the one what received further "enhancements" | 20:04:46 |
 Robin | I found a good overview about relocking the bootloader with your own keys:
"Oh, ok, but will it help me pass SafetyNet?
Not really, SafetyNet is dependent on many things, including a locked bootloader. If you want to relock your bootloader for this reason I suggest you go no farther. Google can change SafetyNet requirements at any time and do so reasonably often"
"isn't their an easier way?
Or use an custom ROM that is specifically designed to be used with relocked bootloaders. There are a few around but they often have (for all the reasons stated above) very limited device support."
https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/
| 22:33:07 |
| Robin | I think GrapheneOS with robotnix and a supported device is the best way to have a locked bootloader with custom keys. | 22:34:22 |
| 18 Jul 2021 |
 cde | https://hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot | 00:13:09 |
| 19 Jul 2021 |
 jack | grapheneos-2021.07.16.19 built and tested on redfin! | 18:53:06 |
| 18 Jul 2021 |
| cde | That gives a good overview of the whole bootloader locking situation | 00:13:28 |
 danielrf | Pushed grapheneos-2021.07.16.19 tag. Briefly tested working on sunfish and crosshatch. | 07:17:12 |
| 20 Jul 2021 |
|  Andrea Pascal joined the room. | 03:36:56 |
| 21 Jul 2021 |
| danielrf | Pushed grapheneos-2021.07.19.18 tag. Tested working on crosshatch. | 02:34:59 |
| jack | Works on redfin! | 22:46:44 |
| 23 Jul 2021 |
| Room Avatar Renderer. | 23:25:16 |
| 24 Jul 2021 |
 jaen | Thanks for the reponses re: locking. So from what I understand this basically means "well, you could try locking the bootloader, but you will still probably have the same kind of issues like with unlocked bootloader/root, because SafetyNet doesn't care about supporting custom roms and if it perchance works, no guarantee it will keep to", is that a correct understanding? | 11:47:11 |
| cde | you can't just relock the bootloader on any device, and also can't just do it on any rom - it has to be built to support that. | 13:10:24 |
| samueldr | relocking the bootloader without enrolling custom keys generally means the OEM's keys are used, and the custom ROM won't be signed with those keys, so it won't boot | 19:18:03 |
| samueldr | and as can be observed, few devices allow enrolling custom keys | 19:18:25 |
| samueldr | and even then, "locked / unlocked" is probably not what safetynet asks for about the device | 19:18:53 |
| samueldr | (really it's all of a blackbox that's not trivial) | 19:19:15 |
| 28 Jul 2021 |
| danielrf | Ok. Tagged and pushed `grapheneos-2021.07.26.20`. Tested working on `crosshatch` | 19:03:28 |
| danielrf | This is the first time I've done an update while away from my main workstation. Luckily it went fairly smoothly! | 19:04:52 |
| 29 Jul 2021 |
| hmenke | Has anybody tried out the new sandboxed Google Play services on GrapheneOS yet? https://grapheneos.org/usage#sandboxed-play-services | 11:06:05 |
| hmenke | I wonder whether this could replace microG for me, which I really only use to get push notifications via Google Cloud Messaging (GCM). | 11:06:36 |
| 30 Jul 2021 |
| jack | In reply to @danielrf:matrix.org
Ok. Tagged and pushed `grapheneos-2021.07.26.20`. Tested working on `crosshatch` Works on redfin. | 04:46:27 |
|  philipp changed their profile picture. | 20:22:28 |
| 3 Aug 2021 |
| danielrf | Pushed vanilla-2021.08.03.00. Tested working on sunfish. | 04:37:28 |
| danielrf | Pushed grapheneos-2021.08.03.03. Tested working on crosshatch. | 15:40:22 |
| danielrf | Pushed a new tag: grapheneos-2021.08.03.03-2 The previous tag was not correctly including the Updater application | 17:43:56 |
| danielrf | Here's the commit fixing that issue: https://github.com/danielfullmer/robotnix/commit/34d1c2a54a435f669061bd419cbebf8a716d6a26 | 17:45:04 |
| danielrf | If you've already pushed a build which has the issue to your device, you can still sideload an update in the future via the instructions here: https://docs.robotnix.org/installation.html#updating-by-sideloading-ota-files | 17:45:44 |
