Out of curiosity, I tried the following on my Nexus-S:
- relock bootloader using "fastboot oem lock" (worked fine, shows status locked; trying to fast-boot another kernel is refused by the device)
- boot CM11 which was already there before re-locking using the locked bootloader (worked fine as well, seems not to check kernel signatures)
- send "fastboot erase data" from locked bootloader (worked fine as well !?! phone booted to fresh data partition):
Recovery - no matter if password protected or not - was not involved at all in the process. In case the phone was not encrypted, stuff in userdata would be lost but I could easily access the emulated internal storage. With some file recovery techniques, I should be probably also able to restore most stuff in userdata, since the "wipe" by "fastboot erase", which took less than 300ms, probably just wrote a new filesystem signature to the data partition without really wiping anything.
Now, if I can get root (i.e. if the previous rom was rooted already or an exploit exists) I can now easily flash a new password-unprotected recovery and revert everything back to stock. And probably so can the burglar which you wanted to lock out with password-enabled TWRP. To put it with your terms, I don't consider this for the list of "other phones which actually make an effort to defend your data. "
Since you counted all Google Nexus devices in your whitelist of "secure phones", can you please confirm that newer devices like Nexus 4, Nexus 5 or OnePlus One are not affected by this vulnerability?
- relock bootloader using "fastboot oem lock" (worked fine, shows status locked; trying to fast-boot another kernel is refused by the device)
- boot CM11 which was already there before re-locking using the locked bootloader (worked fine as well, seems not to check kernel signatures)
- send "fastboot erase data" from locked bootloader (worked fine as well !?! phone booted to fresh data partition):
Code:
$ fastboot erase userdata
erasing 'userdata'...
OKAY [ 0.272s]
finished. total time: 0.273s
Recovery - no matter if password protected or not - was not involved at all in the process. In case the phone was not encrypted, stuff in userdata would be lost but I could easily access the emulated internal storage. With some file recovery techniques, I should be probably also able to restore most stuff in userdata, since the "wipe" by "fastboot erase", which took less than 300ms, probably just wrote a new filesystem signature to the data partition without really wiping anything.
Now, if I can get root (i.e. if the previous rom was rooted already or an exploit exists) I can now easily flash a new password-unprotected recovery and revert everything back to stock. And probably so can the burglar which you wanted to lock out with password-enabled TWRP. To put it with your terms, I don't consider this for the list of "other phones which actually make an effort to defend your data. "
Since you counted all Google Nexus devices in your whitelist of "secure phones", can you please confirm that newer devices like Nexus 4, Nexus 5 or OnePlus One are not affected by this vulnerability?