Bootloaders: More than you ever wanted to know

We're all pleased as punch that HTC has decided to shake things up a bit and stop locking the bootloader on its Android devices.  Cheers to the manufacturer for listening to the vocal minority, and for realizing the value that this will bring to its brand.  We'll get the full details, as well as answers to questions like when this policy goes into effect, as soon as we can.  In the meantime, there's a lot of questions about exactly what all this bootloader noise means. 

We're going to try to answer those questions, in as non-geeky a way as possible.  Hit the break, and have a read.

Who even cares about bootloaders and hboots and flashing?

Very few people, once you put it in perspective.  The majority of the 400,000 Android devices activated every day are users who have no idea (or would ever care) what a bootloader is.  They are the young girl you see at the hairdresser, texting her friends.  Or the guy in the hardware store, checking his notes to buy bolts for something.  Or the hipster guy at Starbucks showing off his EVO 4G to anyone who will look.  Android is now mainstream, and the simple fact that you're here, wanting to learn more about this bootloader stuff, means you're a more advanced user than most.

This is why HTC, Motorola, and other companies lock their bootloaders, even though many of us object -- it affects their bottom line very little in the grand scheme of things.  But it also shows that companies like Sony Ericsson and HTC, which have reversed their policies and will offer a real bootloader unlocking solution, want to please all their customers.  Even the few, but very loud, who want a more hackable Android device.

The people who do care -- and often are loudly passionate about it -- are the guys and gals who want to have complete control over what software goes on their Android phones.  They are the coders, themers, developers and hackers who endlessly tinker and improve the system they were given, and turn it into something better.  Or worse.  Either way -- it's theirs.  You'll find those folks in huge numbers on the Internet, which makes us feel that we're in the majority of users, even though we're not.

Why would phone manufacturers or carriers want a locked bootloader?  What does it really do?

It provides security -- both financially to your carrier, and to the end user. 

When we say locked bootloader, what we mean (most of the time) is a disk image that checks the important parts of the phone as it boots up, looking for the proper signature.  Let's break that down, as simple as we can. 

When you turn on your Atrix 4G, or HTC Sensation, the bootloader gets things going, then passes off control to the boot image (the part of the disk that holds the start-up files for your phone).  The boot image loads the phone's kernel, then loads Android, following instructions found in those files.  You copy this boot image to a phone by flashing it to the phones internal system memory -- not the RAM or running memory, but the physical flash storage in the phone. That's why there's a potential for danger. Screw this up, and you could really screw up your phone, turning it into a "brick." Depending on how you're hacking into it, that might be more than a mere possibility. It varies from phone to phone.

If you have a locked bootloader, you can only flash boot images that have been digitally signed with a string of information direct from the manufacturer.  You can't build you own and flash it to the phone.  The recovery partition is the same way -- it's checked for the right signature, and if it doesn't have it, you can't write a new one to the flash memory.  This really only means one thing:

We can't load custom kernels or start-up files on phones with a locked bootloader.

Gaining root access is still possible, even probable.  Root is just a security breach on a running system, then copying files that make it easy to break that security whenever we want to.  Every Android phone I have ever owned was rooted, even if I never decided to fool with a custom boot image or any serious hackery.  I just wanted the easy access.

Back to the security part.  If all you can run on your phone (mostly) is software that has been approved by both the manufacturer and the carrier, it's easier for them to keep your phone secure and working as intended.  This would be the perfect solution, except that by the time they send out a security or bug fix, new issues have been found.  It's a never-ending cycle, and locking the phone down to approved software helps the carriers and manufacturers administer it.  Remember, not everyone who owns an Android phone is reading this, so they have no idea how to go about loading patches and fixes themselves.  The folks who made your phone have your best interests in mind, if only to help their bottom line when it comes to support. And they're supporting millions of phones -- not just yours.

And then there's the monetary damage we can do to the carriers.  Yes, real damages.  PRL hacks that enable 3G roaming on Verizon towers with your Virgin Mobile Optimus V cost Sprint money.  So does enabling HSPA + on the HTC Inspire, bypassing T-Mobile's data throttling, unauthorized wireless tethering, changing slot cycles, and removing Bing and taking away the traffic that was promised to Microsoft.  These policies seem unfriendly to us, but your cell carrier loses revenue every time you do any of it. 

So, they decide to try to stop it.

But the Thunderbolt has a locked bootloader, right?  They have custom ROMs and CyanogenMod is in the works.

Indeed, both are true.  The developers who cracked the Thunderbolt used a mix of skill and luck -- they were able to get their hands on an older, unsigned newer bootloader that they could flash, break into the system, and flash a recovery that could in turn flash unsigned images.  Very skillful, very lucky; we shouldn't count on that sort of thing happening too often.

Enough, I get it. Unlocked is good, but what exactly can I do with it?

Anything.

The Droid X developers are an amazing, tenacious bunch of fellows.  They can't just flash ClockworkMod, and load kernels and ROMs, and they have to jump through hoops and do things the hard way.  But they've gotten some very cool stuff working anyway.  And the same thing would have happened with the Evo 3D, eventually.  In contrast, when the Nexus S 4G came out, it was rooted, kernels were built, and a customized recovery was made before the day was over, all because it was fully unlocked.

We don't know exactly how the bootloader unlock policy with HTC will work.  Personally, I hope it mimics Sony Ericsson's -- ship them locked, but offer a way for the tech savvy to unlock them that's supported by the manufacturer.  They could also appease the carriers by not allowing this on devices under contract, but all this is pure speculation.  I'm sure HTC will let us know more soon enough.

But when you get a new phone with an unlocked bootloader, the "hacker" type of development will come at a record pace.  Root, custom ROMs, ports of other device software -- all the things many of us love about Android.  And to top it off, unlocked bootloaders mean custom kernels -- overclocking, USB host, and all manner of other goodies that's pretty darn difficult to manage on phones with locked bootloaders, as well as an easy way to load it on your own phone.  And of course, it means MIUI and CyanogenMod, especially if they're HTC devices.

We're glad things happened the way they did, just like most of you are.  If you like to go the extra mile and hack at your phone, you should be able to do so with a new HTC device.  If you don't, you won't have to do a thing and enjoy the stability and have fun with your phone the way it was shipped to you.  Either way, hopefully we've answered most of your questions about locked bootloaders. 

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.