One question? How does it check this? is it via checksum or how?
it looks for the board specific signing key, IIRC.
if you flash a USB with the recovery tool cant you just yoink that signing key and put it on soemthing else?
it’s not a file, it’s a signature applied to the kernel
Yeah ik but maybe in some way you could like write that key to another kernel (not if it’s like a checksum)
ofc, that’s what all the ARM distros do
Yes but then you need to run
crossystem dev_boot_signed_only=0 to allow kernels not signed by google