Hacker News new | past | comments | ask | show | jobs | submit | SubzeroCarnage's comments login

The oneplus3 cannot be relocked as it wrongly trusts test-keys. It also has public EDL firehose files available allowing anyone to flash it arbitrarily even when locked or further dump ram or userdata.

I previously documented this here: https://web.archive.org/web/20250120181249/https://divestos....


Briar started in 2011: https://sourceforge.net/p/briar/mailman/message/27393146/


Briar is actually even older than that!

2011: https://sourceforge.net/p/briar/mailman/message/27393146/


recent microcode appears to be rejected by older agesa in my testing, so it is very possible it is more than an implementation issue

under agesa 1.2.0.2b

> microcode: CPU1: update failed for patch_level=0x0a60120c

under agesa 1.2.0.3a PatchA (which asus leaked that it fixes this issue)

> microcode: Updated early from: 0x0a60120c


They're trying to validate that you're using a trusted version of AGESA. This is probably intentional, the AMD bulletin[^1] mentions this (ie. for Milan):

> Minimum MilanPI_1.0.0.F is required to allow for hot-loading future microcode versions higher than those listed in the PI.

Now that runtime loading of microcode patches cannot be implicitly trusted, the machine should not attempt to prove AMD's authorship of the newly-loaded patch without a concrete guarantee that the current microcode patch is trustworthy.

Presumably (load-bearing italics), the contents of an AGESA release (which contains the patch applied by your BIOS at boot-time) can be verified in a different way that isn't broken.

[^1]: https://www.amd.com/en/resources/product-security/bulletin/a...


interesting!

I suppose a sufficiently older agesa may actually load the newer microcode then if that was a recent addition in preparation for this


Reminder that AMD has stopped providing microcode updates for consumer platforms via linux-firmware.

index of linux-firmware, 41 cpus supported: https://github.com/divestedcg/real-ucode/blob/master/index-a...

index of my real-ucode project, 106 cpus supported: https://github.com/divestedcg/real-ucode/blob/master/index-a...

sadly, unless you have this recent agesa update you can no longer load recent microcodes due to this fix

which very well means quite a substantial amount of models whose vendors don't provide a bios update for this (since it goes back to zen1) will not be able to load any future fixes via microcode


the updates were all on time: https://divestos.org/misc/ffa-dates.txt


But Mull is still discontinued, right? Or did I misunderstand?

Which alternative would you recommend?


the 21 port was actually largely complete: https://github.com/Divested-Mobile/DivestOS-Build/blob/maste...


it did https://divestos.org/pages/faq#microgEnable


Can confirm, I’m using it myself and it seems to work almost flawlessly.


ECH can be used regardless of DoT, DoH, dnscrypt, or plain as long as your resolver passes HTTPS queries.

You can easily test this: dig @8.8.8.8 https pq.cloudflareresearch.com


Please see https://eylenburg.github.io/android_comparison.htm


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: