Samsung just does it to trigger Knox and not let you use some security minded things on the phone.
They also, however, have their phones pretty much impossible to root anymore. I don’t think most ever get a custom rom, because pretty much no one can get a Samsung phone to except one. I believe my old Note 20 Ultra is still not rootable.
I’d love to put a custom OS on mine, even if it tripped the Knox fuse (which disables the Samsung Pay NFC option). The issue I have is that no CFW allows / guarantees compatible VoLTE…and without that, phones don’t really work on Australian networks. Have to have 4G + white listed VoLTE.
Its a mess down here.
Ironically, my Duoquin F21 pro works perfectly. How they got white listed I have no idea
For me I found out when I wanted them to fix something and they refused to honour the warranty because of the blown fuse.
As far as I know, this is illegal, btw. They have to prove that the error you are reporting is caused by user action. If your battery craps out, they can’t blame it on you rooting your phone.
According to the linked article it prevents the use of Samsung Pay and access to the Secure Folder (an extra layer of security you can enable that requires a second PIN to be input before you can access certain apps and files). This seems pretty reasonable, the goal is clearly to prevent access to especially sensitive data if someone has stolen the phone.
I can maybe understand not wanting other operating systems in their attestation chain that is protecting a payment system from the standpoint of liability.
All of the other things are entirely hardware features that any OS should be able to use. They’re using the ARM Trusted Execution Environment (ARM TrustZone) and a embedded Secure Element to enable the ability to store cryptographiclly secured files without the system ever having access to the keys.
Both TEEs and eSEs are not a Samsung invention or IP and are enabled by hardware on the device, the TEE is part of the ARM standard and is used in a huge number of other OSs (https://en.wikipedia.org/wiki/ARM_architecture_family). Secure Elements are also widely used pieces of hardware supported by innumerable OSs and also a feature of the hardware that you paid for.
That makes sense. I figured they were worried that an alternate OS would be more likely to exploit their encryption somehow, but if it’s all using industry standard hardware then it really ought to be open.
GrapheneOS also claims it’s not defending against anything real. Which makes sense as Pixels can clearly maintain security while allowing alternate OSes. So this is just hostile vendor lock-in. Disappointing as there was some speculation that OP would be the GOS OEM, but there’s no way they would do this is that was true.
That’s what I heard. I know Samsung has been doing something like this as well.
Samsung has been blowing fuses in your phone when you root since at least 2015. I know because it happened to me. Never bought one again after that.
Samsung just does it to trigger Knox and not let you use some security minded things on the phone.
They also, however, have their phones pretty much impossible to root anymore. I don’t think most ever get a custom rom, because pretty much no one can get a Samsung phone to except one. I believe my old Note 20 Ultra is still not rootable.
I’d love to put a custom OS on mine, even if it tripped the Knox fuse (which disables the Samsung Pay NFC option). The issue I have is that no CFW allows / guarantees compatible VoLTE…and without that, phones don’t really work on Australian networks. Have to have 4G + white listed VoLTE.
Its a mess down here.
Ironically, my Duoquin F21 pro works perfectly. How they got white listed I have no idea
For me I found out when I wanted them to fix something and they refused to honour the warranty because of the blown fuse.
As far as I know, this is illegal, btw. They have to prove that the error you are reporting is caused by user action. If your battery craps out, they can’t blame it on you rooting your phone.
Yep, Samsung Knox is the feature name; does it actually prevent things or is it just “tamper evidence” for corporate devices?
According to the linked article it prevents the use of Samsung Pay and access to the Secure Folder (an extra layer of security you can enable that requires a second PIN to be input before you can access certain apps and files). This seems pretty reasonable, the goal is clearly to prevent access to especially sensitive data if someone has stolen the phone.
It’s not reasonable in my opinion.
I can maybe understand not wanting other operating systems in their attestation chain that is protecting a payment system from the standpoint of liability.
All of the other things are entirely hardware features that any OS should be able to use. They’re using the ARM Trusted Execution Environment (ARM TrustZone) and a embedded Secure Element to enable the ability to store cryptographiclly secured files without the system ever having access to the keys.
Both TEEs and eSEs are not a Samsung invention or IP and are enabled by hardware on the device, the TEE is part of the ARM standard and is used in a huge number of other OSs (https://en.wikipedia.org/wiki/ARM_architecture_family). Secure Elements are also widely used pieces of hardware supported by innumerable OSs and also a feature of the hardware that you paid for.
That makes sense. I figured they were worried that an alternate OS would be more likely to exploit their encryption somehow, but if it’s all using industry standard hardware then it really ought to be open.
GrapheneOS also claims it’s not defending against anything real. Which makes sense as Pixels can clearly maintain security while allowing alternate OSes. So this is just hostile vendor lock-in. Disappointing as there was some speculation that OP would be the GOS OEM, but there’s no way they would do this is that was true.