It works on some devices; they do sign the builds as far as I can tell. But the bootloader itself needs to be convinceable to trust the LOS signatures, and needs to understand the secure boot implementation used in the Android that the current LOS is built from (since Android has re-done it all a few times). Nobody knows anything about bootloaders to figure out which of them can do this or how they would be induced to do it.
This is not true at all. We know plenty of things about Android boot loaders since they are all mostly the same. The thing about relocking is that you need a boot loader that will allow adding custom keys. The common wisdom is that this is only possible on Pixel.
However, I think that wisdom is wrong. The reason I say that is that Calyx OS supports boot loader relocking on devices such as the G52. I think Motorola devices in particular are good candidates since Motorola generally one of the better ones for boot loader unlocking. Locked Moto devices don’t restrict the able to flash via fast boot but they do check signatures. If you could add a custom signature it would work.
Lineage OS is build in debug mode with no signing keys. I think the main reason for this is user freedom but I find it annoying. To do boot loader locking with Lineage OS you need to build from source with custom keys that are used for signing.
It works on some devices; they do sign the builds as far as I can tell. But the bootloader itself needs to be convinceable to trust the LOS signatures, and needs to understand the secure boot implementation used in the Android that the current LOS is built from (since Android has re-done it all a few times). Nobody knows anything about bootloaders to figure out which of them can do this or how they would be induced to do it.
This is not true at all. We know plenty of things about Android boot loaders since they are all mostly the same. The thing about relocking is that you need a boot loader that will allow adding custom keys. The common wisdom is that this is only possible on Pixel.
However, I think that wisdom is wrong. The reason I say that is that Calyx OS supports boot loader relocking on devices such as the G52. I think Motorola devices in particular are good candidates since Motorola generally one of the better ones for boot loader unlocking. Locked Moto devices don’t restrict the able to flash via fast boot but they do check signatures. If you could add a custom signature it would work.
Lineage OS is build in debug mode with no signing keys. I think the main reason for this is user freedom but I find it annoying. To do boot loader locking with Lineage OS you need to build from source with custom keys that are used for signing.