Locked MK2 and Bootloader question
Trying to understand where the security/lock sit:
1) If the digcert was in the device
then bootloader, kernel, or both, can be tied to a device, and then protected from change. Is that the case?
2) If the digcert was in either the bootloader or
, they can be tied to one another, but then , if both were changed at the same time, security couldn't
3) Any digcert has to be validated vs. a matching digcert. Those can exist at Samsung, at ATT, or both. In fact, from descriptions in other threads, they seem to be present at certain Best Buy stores, at least temporarily.
4) If '3' is correct (ANDIF '1' is not correct), then all that is need to circumvent the lock is again, a dual change to bootloader and kernel, or am I missing something?
5) If '3' is correct, it seems that part of the public-private key may sit at ATT and
. While those two parts could
I] be different, the infrastructure to manage this would be more cumbersome then I give them credit to manage. Therefore, it would be a logical (yet WAG) assumption that VZW and ATT either
(a) rely on the Samsung master certificate and/or
(b) have the same certificate as each other. Is there a way to test this 'b' theory?