zlacker

For something like LineageOS, ironically, the solution is to root your device to adjust build properties so it looks signed.

My vanilla LineageOS install fails but I can root with Magisk, enable Zygisk to inject code into Android, edit build properties, add SafetyNet fix and now my device is good to go?

It's crazy to think the workaround is "enable arbitrary code injection" (Zygisk)

>>nijave+(OP)
This, or we could have dual booting that's relatively as easy to do on mobile as it is on PCs.

Currently, you'd have to do find an unlocked phone, hope there is a downloadable factory image, re-flash, re-lock, re-install to run whatever needs attestation. Potentially using something like Android's DSU feature, this could all be a click or two, and you could be back running Lineage with a restart.

>>nijave+(OP)
Yeah, that's the crazy thing: that this entire "verification" house of cards can be so easily defeated by just faking the response to an API call from code that you can control (after unlocking your bootloader and installing your own code). I guess this is why there is a push to stop allowing bootloaders to be unlocked.

>>ece+4V
I mean... no thanks? I remember dual-booting Windows and Linux (and macOS and Linux) for years back in the 00s, and it was inconvenient and annoying. I don't want to go back to that, even (especially?) on a phone.

>>kelnos+EYb
Even locked bootloaders only help a little. Afaik all iOS devices have locked bootloaders but that doesn't stop jailbreaking. I imagine Android, with spotty vendor support track record, would be even easier

>>kelnos+MYb
Dual booting isn't so bad, I've almost always had a gaming partition somewhere, while my current install doesn't even run 32-bit binaries. That said, attestation should be possible with user-locked bootloaders, not just vender-locked bootloaders. I suppose Magisk provides something close to this currently with bootloaders that can't be re-locked for custom roms, so more power to it.