The question always arises why we chose PIXEL phone for MosaicOS. To make things clear it wasn’t our choice. We had to pick a phone where the basic OS system could be removed, and a new OS can be uploaded. We had to find a solution where the hardware was given for development. We live in this century seeing and recognizing the surveillance and since we have a passion for privacy, we wanted to do something not many do.
All phones are running with locked bootloader where the phone will only allow the system to boot if it has been signed by the manufacturer. If the bootloader can be unlocked the device allows to install or boot other system images. The Pixel phone is the only one which runs with a system signed with a custom key WITH LOCKED BOOTLOADER. This is why MosaicOS is only used on Pixel phones. Of course, our hope is that this will change sometime in the future.
So, the unlocked bootloader allows any modifications to the device: installing a custom ROM or rooting, recovery, system modifications and so on. Without an unlocked bootloader, the phone generally won’t allow a system that isn’t factory-signed to boot. This is intentional, as it protects both the user and the device. At Pixel phone the Bootloader can be opened and closed. For this reason, there is a built-in system check, the so-called Verified Boot. The purpose of Verified Boot is for the phone to verify the system’s integrity at startup.
On Android, this is Android Verified Boot (AVB) and its associated verification mechanisms. It checks whether the boot image file, the system partition, and other important components match the signed state that the device considers trustworthy. If the bootloader is locked and the official system is running on the phone, everything is fine, and the phone will boot up. If the bootloader is locked but something has been modified, then depending on which system is currently installed on the phone, it will issue a warning but still boot up.
To install MosaicOS, you must therefore enable OEM unlocking (Original Equipment Manufacturer) so that the bootloader can be unlocked, allowing you to install the system. After installation, it is recommended to lock the bootloader to make the system more secure.
Enabling OEM unlock in developer options allows the device’s bootloader to unlock. This is not the same as the unlock process itself. The option simply tells the phone to allow the bootloader unlock operation later using fastboot. If we leave it enabled, we can unlock the bootloader. This is good if a software issue (e.g., bootloop, etc.) arises with the device later, because we can fix it in most cases giving us a fixable device. On the other side it can cause some trouble, because anyone (e.g., in case of theft) can unlock the bootloader, thereby erasing all data from the device leaving us with a less secure phone. If the OEM is turned off the bootloader cannot be unlocked. It’s good, because no one can unlock the bootloader, and the phone cannot be tampered with in case of theft or if someone wants to hack it. This gives a secure device. But again, on the other hand it could become a less repairable device, because certain software bugs cannot be fixed, and the phone may become unusable, which could be fixed by unlocking the bootloader.
We come back to CHOICE again.
A locked bootloader is the foundation of verified boot. This is important because it ensures that only systems approved by the manufacturer can boot or, in the case of Pixels, systems signed with the device’s own key. With a locked bootloader, it is more difficult to hide rootkits or persistent malware, use a modified boot or other image file, even manipulate the system partition silently or execute an attack that embeds itself before the system boots.
MosaicOS developers are aware of the Pixels phone priorities, as they are expensive but not the fastest phones (cutting-edge technology). As the focus was decided by Google, the Pixel chips are being built specifically optimized for AI and Machine Learning. When you buy a Pixel, you aren’t just buying a phone; you are paying for a team of software engineers to maintain and update that phone for 7 years (Google’s new guarantee). That longevity must be factored into the upfront price. The Google Pixel is expensive because R&D is expensive. Google is trying to invent the future of AI-assisted computing. It prioritizes AI tasks over raw gaming/processing speed. You are paying for a smart phone (software and features), not a powerful phone (raw specs and hardware). It uses older modem tech and slower charging standards. If you value the best camera processing and clean Android, it’s worth it. It relies on software algorithms rather than top-tier camera hardware. If you value the absolute best screen, battery life, and performance, it often feels overpriced.
As GrapheneOS is working on new solutions, time will tell how MosaicOS can follow it.
