Oneplus phone update introduces hardware anti-rollback

Original Article ↗ Hacker News Discussion ↗

Perceived shift in OnePlus’ philosophy

  • Commenters see this as OnePlus completing a long slide from “flagship killer / modder‑friendly” to ordinary locked‑down OEM, especially since Nord, Oppo integration, and rumours of brand wind‑down.
  • Some long‑time users say this is the final straw and plan to freeze updates or abandon OnePlus for Pixels or other alternatives.

What the anti‑rollback fuse actually does

  • Qualcomm SoCs include QFPROM eFuses and secure boot chain: ROM → XBL → ABL → AVB → OS.
  • New firmware burns an “anti‑rollback” version into fuses; on boot the loader compares the firmware’s embedded version to the fuse value.
  • If a lower version is flashed (including older stock firmware or ROM‑bundled firmware), boot is rejected; on these devices that can mean a hard brick, sometimes recoverable only by motherboard replacement or specialized EDL tooling.
  • Bootloader unlocking still works; the key change is that all older firmware trees, including those bundled in existing custom ROMs, become unusable on fused devices.

Motivations and security rationale

  • Supportive view: a serious low‑level bootloader/EDL vulnerability or theft‑lock bypass existed; without rollback protection, attackers with physical access could flash an old, signed, vulnerable image to extract data or bypass locks.
  • Critics argue this is also a convenient way to force stock updates, kill downgrades, and strengthen lock‑in, with anti‑theft and CVEs used as recurring justifications.

Impact on custom ROM community

  • Existing ROMs built against pre‑fuse firmware bases can immediately brick updated devices; users are told not to flash anything until ROM maintainers explicitly add support.
  • In principle, ROMs can be rebuilt against the new firmware/bootloader and made to work, but downgrading to earlier ROM builds or stock versions will remain impossible.

Security vs. ownership debate

  • Large subthread debates whether hardware anti‑rollback and trusted boot are legitimate security tools (anti‑downgrade, anti‑theft, anti‑Pegasus) or fundamentally anti‑ownership.
  • Many argue remote, irreversible hardware state changes by vendors undermine right to repair and even basic property rights; others counter that eFuses and rollback prevention are longstanding, industry‑standard practices.

Broader context and comparisons

  • eFuses and anti‑rollback are described as ubiquitous across SoCs and used for yield management, unique keys, secure boot, and Knox‑style features.
  • Similar downgrade‑blocking exists on iPhones (signature‑based), Samsungs (Knox), consoles, and is encouraged by Android certification; some fear upcoming EU cybersecurity rules will be used to tighten such controls further.