Originally Posted by Primokorn
Even with a password we can fastboot flash new images.
Team Win explains this on their website.
Yes and no.. Actually we can lock the bootloader so fastboot flash wont work.... All we need is for the recovery password to block the following to secure your data (on the nexus 5):
- Mount of external (OTG) media
- adb access
- file manager capabilities
This would mean you can still boot into recovery and flash / backup (although not to removable media) until you went into a security menu to "unlock recovery". This would even mean that your automated jobs can still occur without having to face a "boot password". The password could be stored on /sdcard in clear test and there could be an option to delete the password incase you forgot it in this same recovery menu, which also wipes the device.
recovery is the only weak point of my device.
Sure, Samsung's Odin will get round this password on their devices as the BL is not locked but any device with a locked bootloader (locakbale bootloader) will benefit.
Another caveat is that this is not to prevent the device being wiped.... unlocking the bootloader will wipe the device, and this is what I want. I don't care about getting the phone back as much as I would care about securing my data. Its all backed up. Nothing is lost. I just might not want someone else getting access to it.
Although this is beyond the extent of my knowledge to achieve, I don't think it would be hard for anyone who knows what they're doing with code.