"A regression causing fwupd to interfere with using fastboot with all Pixel devices including blocking installation part of the way through has been fixed by the same contributor who fixed the previous issue:

https://github.com/fwupd/fwupd/commit/4650003e3da75c66470eb73c3727e57701682084

It hopefully won’t regress again after this.

It isn’t part of a stable release yet and it’s likely releases with the regressions will be included in frozen distributions for years, similarly to the previous issues. We’ll need to tell people to stop the fwupd service for years to come even if it’s the last fastboot breakage.

There was a fwupd fastboot configuration using the Google vendor ID and Pixel fastboot product ID used for one of their tests. It caused fwupd to always try to connect to these devices when detected including after reboots during the process of installing firmware and OS images.

Fastboot mainly exists for the purpose of unlocking a device, installing new firmware/OS images, flashing a verified boot key and locking the device. Fastboot isn’t an the update sideload protocol, isn’t a safe way to do that and isn’t used for updates by any reasonable device.

There are very strange cellular radio chips designed for use with Windows including both an actual cellular baseband running typical baseband firmware and a CPU next to it running a proprietary fork of an ancient Android version. They do this to use Android drivers for Windows.

These chips don’t implement Android’s A/B update system, verified boot, etc. and don’t provide proper security patches for the standard baseband firmware or their proprietary Android fork. They’re using a protocol for installing an OS as a super unsafe way to do firmware updates.

These radios are mostly connected via USB, which provides far worse isolation and far more attack surface than a typical cellular radio. These were clearly built for Windows to avoid porting drivers/services built for the Linux kernel to it. Pinephones use a variant for cellular.

That’s why fwupd implements fastboot. It was initially connecting to every fastboot device and never closing them, preventing using them for anything else. That was fixed, but it continued connecting and breaking installs after reboots. That was fixed, then undone for Pixels.

We filed an issue about this with fwupd in November 2023. The lead developer didn’t view it as a bug so we explained what we did here. We explained this is dangerous and people’s phones were being at least soft bricked by it. They responded with hostility and attacks on us.

We later learned that the fwupd developer supports Techlore and their project members including their attacks on the GrapheneOS project. Techlore is the origin of most of the harassment directed towards our team based on fabrications they published and pushed in their community.

Techlore’s community engaged in years of extreme raids on our chat rooms and harassment towards our developers as they encouraged it. It escalated to their community attempting to kill one of our developers with severe swatting attacks. Techlore doubled down on it following that.

The issue we filed is https://github.com/fwupd/fwupd/issues/6437. Despite the lead developer not acknowledging it as a problem, it was fixed via https://github.com/fwupd/fwupd/commit/cbc4821d8198ec79418a848525d74f24903cbce9. It only got fixed because there was someone else to do it. The problem was then reintroduced a year later but only for Pixels." - As posted by the Official GrapheneOS Account.