With Galaxy phones they are extremely hostile to unsigned flashes to the device. You essentially need to exploit a zero day in the stock rom to get temporary root and then while you have temporary root you flash a new recovery. And then you gotta make sure it doesn't flash the stock recovery back in the next boot by making sure your next reboot goes into the recovery. And then you can flash your custom ROM. I skipped some steps too.
After looking a bit into it, it looks like most US/Canada models have a locked bootloader. Other models, including mine (Europe) don't and it only needs booting into download mode using a key combination and flashing a custom recovery using Odin.
It doesn't matter anyway. Thanks to Google pushing remote attestation, all you can expect from a custom ROM is the actually important apps (like bank) no longer working.
I think you mean hardware attestation. And yes, it is the biggest problem I have. I can do without KNOX, but it is becoming harder to do without these locked down apps (ex: bank), and workarounds are harder to get by, no matter the manufacturer.
And of course forget about anything that isn't iOS or Android. I don't expect banks to support alternative OSes anytime soon.
I probably won't root my next phone, not worth the hassle for a daily driver.
What could be nice is if phones could run VMs, so you have your stock ROM with all your "important" apps, and a VM where you can run anything you want: hacked Android, Linux, maybe even a desktop OS. Modern phone hardware should be more than powerful enough to do that.
The only two apps that are affected by Knox is Samsung Pay and Samsung Health. And that is only an issue if you decide to flash the stock rom back on the device. If you use custom roms they typically have a workaround to get both of those apps working with the Knox fuse tripped.
The easiest daily driver to root is Sony and Google phones. You simply unlock the bootloader and flash. There's no nonsense to deal with.
