>not be able to lock the verified-boot keys to your own (to prevent others from flashing malicious firmware)
Am I mistaken in believing that installing GrapheneOS on a Google Pixel phone completely takes over the phone including taking over the phone's verified-boot subsystem with the result that GrapheneOS can tell if the boot process has been tampered with, e.g., by an evil maid?
Am I mistaken in believing that installing GrapheneOS on a Google Pixel phone completely takes over the phone including taking over the phone's verified-boot subsystem with the result that GrapheneOS can tell if the boot process has been tampered with, e.g., by an evil maid?