So I have a bootloader unlock, TWRP'd HTC 10 and I know that the Nexus 6P and many newer devices allow you to enable secure startup. When you set security to PIN, MM asks you if you want to require the PIN to boot the device. If you say yes, during boot the number keypad will be presented and you have 30 tries to enter the right PIN or it erases your device. Unfortunately, with this option enabled when I flash themes (tried different ROMs, different sources), it almost always hangs just before presenting this keypad with a message that says "Preparing Settings". The screen is normal with secure startup, but after a time it proceeds to the keypad. Anyway, I want to be secure so I've left it enabled and then I forget, flash a theme, and bang - phone is screwed up.
I believe that if I don't enable this then the data system is encrypted, and I know when I boot into TWRP it asks for a PIN to decrypt and mount data. If I encrypt my SD and store the TWRP backups there, (or password protect the backups) wouldn't that protect me from someone getting into one of those? At least the data partition? And any malcontent couldn't generate a new one including data to browse because they wouldn't be able to mount data in the first place without the PIN, right? If all this is true then I'm not sure what they could get with just the system partition (and boot and recovery of course)...
Can anyone shed light onto whether secure startup is really buying me anything with these other precautions in place, and if you think secure startup is worth it? Thanks!
I believe that if I don't enable this then the data system is encrypted, and I know when I boot into TWRP it asks for a PIN to decrypt and mount data. If I encrypt my SD and store the TWRP backups there, (or password protect the backups) wouldn't that protect me from someone getting into one of those? At least the data partition? And any malcontent couldn't generate a new one including data to browse because they wouldn't be able to mount data in the first place without the PIN, right? If all this is true then I'm not sure what they could get with just the system partition (and boot and recovery of course)...
Can anyone shed light onto whether secure startup is really buying me anything with these other precautions in place, and if you think secure startup is worth it? Thanks!
No comments:
Post a Comment