When you run an android phone with an unlocked bootloader one of your main security concerns has to be physical device security.
Even while your data is encrypted, on Android your OS is not and therefore someone with physical access to your device can trivially inject malware that runs with system permissions.
Same is true for the kernel of your notebook and desktop computer when it doesn't run "secureboot" or a comparable security measure.
Unfortunately, on some phones you can lock bootloader after flashing a custom ROM (Google) while on some you can't (OnePlus)
I've been researching / documenting devices that support verified boot with alternative operating system. Also operating systems that implement this.
Its looking like #Oneplus & Google may be the only vendors to offer support on all their devices
https://hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot
Ah, reading your page I guess maybe it was because the ROM I used did *not* support it...
Think you can possibly do it with most ROMs?
Although I've never tried and havent spent the time trying to understand all the implementation details as I'm unlikely to ever do this myself.
Think the link from the wiki to the details of the Oneplus 5/5t may be the most helpful for what you were trying?
@dazinism All of them are extremely helpful and provide exactly the type of details I need! @sheogorath @nurinoas
