this post was submitted on 05 Sep 2025
112 points (100.0% liked)

Linux

14542 readers
125 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
112
ELI 15: How do phone manufacturers "lock" bootloaders? Is that software truly unhackable? (lemmy.world)
submitted 3 months ago by Maroon@lemmy.world to c/linux@lemmy.world
30 comments fedilink hide all child comments
 

I am seeing a growing discussion on the need for more Linux phones in the market given Google's problematic behaviour w.r.t the changes that will be introduced to that OS.

One very good point that some community member raised was that Android itself wasn't the problem but the locking of the bootloader in the phone. If the bootloader could be unlocked, then it significantly lowers the bar for the end user to install their OS of choice.

I have dabbled with flashing OSs in old smartphones (GrapheneOS, Post market and Lineage). I commend the developers because I could do that without truly having to "understand the code" at the lower levels. But I assume that was possible because the boot loader could be unlocked somehow*. It seems that isn't the case with many/most phone fro. Samsung / Xiomi, etc.

Are their bootloaders truly unlockable? Is it simply impossible to unlock and relock bootloaders?

  • I know that with lineage, the bootloader couldn't be relocked and that was touted as a security flaw. If someone could explain why this lock/unlock is so complex, I'd appreciate it.
all 38 comments
sorted by: hot top controversial new old
[–] ragebutt@lemmy.dbzer0.com 63 points 3 months ago (5 children)

Different ways:

Sometimes it’s a cryptographic key thing, if the bootloader doesn’t see an image signed with a trusted key it won’t boot.

Sometimes it’s a flag set in storage that is secure and not writable. Bootloader checks the flag, if it’s set then it enforces signature verification.

Sometimes it’s a hardware thing. Newer chips can come with programmable fuses that can be set to pop. This literally severs an electrical connection within the soc or cpu or whatever and then that is the flag. The nintendo switch’s tegra used this to prevent downgrading; if you upgraded legitimately you’d “burn fuses” and then would be locked on that firmware permanently. downgrading could potentially brick the system. (Maybe someone’s figured out a way around this now, I haven’t fucked with switch stuff since tears of the kingdom came out).

There’s other ways too.

Defeating these methods is generally quite difficult. Sometimes you get lucky and a glaring bootloader exploit is found early on (fusee gelee for the switch) or one that applies to many generations of hardware (checkm8, unpatchable bootrom exploit for iphone 4s-iphone x) but at the same time companies have learned to harden their shit as much as possible and throw money at people who do find these exploits. Even nintendo, who has been notoriously laughably bad at this kind of thing seems to have come much harder at the switch 2. The only thing released to date is a minor userland exploit and even if something more substantial is released they’ll just brick your console for finding/running it

[–] TheLeadenSea@sh.itjust.works 5 points 3 months ago (2 children)

Why do people buy this hardware in the first place then if it won't be theirs?

[–] ragebutt@lemmy.dbzer0.com 53 points 3 months ago (3 children)

What kind of phone, laptop, game console, car, iot devices, etc do you have? I guarantee you support this stuff somewhere in your life. It’s inescapable.

But to answer you more directly apathy and consumerism. Why do people buy the switch 2 despite extremely anti consumer practices? Because they want to play slightly better Mario kart. Why do people buy a macbook? Because they want a computer that largely “just works”.

With phones it’s a bit different though. The choices are slowly being taken from you. It’s still possible right this second to buy something with an open bootloader but in 2030? Maybe not so much unless you’re cool with going back to a flip phone

[–] squaresinger@lemmy.world 5 points 3 months ago

With stuff like smartphones there's literally no choice that allows you to do all smartphone stuff while also keeping control.

Sure you can buy a Pinephone, but that's not a phone, it's just an idealistic toy.

If you want a phone that works for 2FA, works with your bank and with your city's public transport app, then there's no libre option.

Even a fairphone with /e/ OS isn't fully libre.

[–] bargo@mastodon.tn 3 points 3 months ago

@ragebutt @TheLeadenSea don't forget steriotypes, history and old habits almost always work for non-tech savvy, for example, many people avoid Samsung devices because they explode in spite that even happened last time years ago, I know they still explode but it is a rare even and its causes are known

[–] Goodlucksil@lemmy.dbzer0.com 0 points 3 months ago

You won't need a flip phone, a Nexus or OPO will work as well.

[–] HouseWolf@pawb.social 23 points 3 months ago

Simple answer most people don't know/care until it gets in their way.

And even then people have an incredible ability to just "get use to it" because for them it takes less effort that switching to a more ethical platform.

[–] Wispy2891@lemmy.world 3 points 3 months ago (1 children)

Even nintendo, who has been notoriously laughably bad at this kind of thing

It blew my mind that they implemented RSA cryptography for the DS, with every cartridge encrypted with an unique game specific key... but then forgot to check if the signature was valid, making this completely useless. And they left this unpatched for the whole console generation

[–] ragebutt@lemmy.dbzer0.com 4 points 3 months ago

The 3ds free shop debacle with titlekeys being easily reused was pretty bad too. Like I suppose it could happen to anyone but if that happened to MS or Sony you know it would be patched in a matter of days (or hours, even) whereas the free shop worked for almost 2 full years. It is absolutely unimaginable in the modern context to think that a modern gaming company would allow an exploit that allowed you to simply download any game or update you wanted from their cdn and have your console immediately see it as legit. To think that such a thing would go on for years is mind blowing nowadays (and partially explains why the switch 2 is draconian, though it doesn’t excuse it. Just do better at security)

[–] HiTekRedNek@lemmy.world 31 points 3 months ago* (last edited 3 months ago)

Obfuscation.

Nothing is truly unhackable. The difficulty lies in being unable to undo/retry any failed attempts because you don't have an easy way to read or write to the hardware once you've done it wrong.

Which means if your attempt fails, this probably just means that you're throwing the device away since you can't fix it without access

[–] MTK@lemmy.world 12 points 3 months ago (3 children)

Great answers here, just gonna add that practically everything is hackable, it's just a question of how hard and what level of access is needed.

Sometimes to hack a device you might need to remove parts and solder in replacements, and that is already a level that is unrealistic for most.

Sometimes it's worth the trouble:

https://www.youtube.com/watch?v=dT9y-KQbqi4

[–] hendrik@palaver.p3x.de 11 points 3 months ago* (last edited 3 months ago) (1 children)

I'd be willing to (mildly) disagree here. We had lots of locked bootloaders in the early days of Android. Lots have never been hacked. Same for secure boot on computers and other cryptographic means. It's more a theoretical thing if you have 2 years to spend on coding and replace half the phone with soldered parts. I'm pretty sure that level of dedication makes almost everything hackable. But in practice, we have lots of things that make it so difficult, it's never going to happen in reality.

I guess it's okay while we still have alternatives available. I mean as long as there are some hackable phones, we can just buy those.

[–] MTK@lemmy.world 3 points 3 months ago (1 children)

Yeah, I agree, I guess I just didn't specify that the scale is from running a simple command all the way to needing a dedicated team with hundreds of hours and millions of dollars.

A locked bootloader from a company that did it well and will actively protect against unlocking it can be near impossible for a single person with reasonable budgets to bypass.

[–] hendrik@palaver.p3x.de 7 points 3 months ago* (last edited 3 months ago)

Yes. I'm always amazed how people constantly find ways to jailbreak Apple devices, and they're a massive company and not that bad at locking down their stuff... Or how we hacked most of the gaming consoles out there, while Nintendo/Sony/... are super incentivised to make it impossible. Sometimes it takes quite some time, but someone will find a way. Though that's a bit more common with widespread devices. Sometimes I'll try to find a privacy-respecting tablet and there isn't even a single aftermarket operating system at all for a recent model and then I'm a bit disappointed in what we can achieve as a community.

[–] iglou@programming.dev 2 points 3 months ago

I'll add "how expensive" to the list. Sometimes you'll have to burn through devices.

[–] racketlauncher831@lemmy.ml 2 points 3 months ago (1 children)

Super relevant username.

[–] MTK@lemmy.world 2 points 3 months ago (1 children)

Why?

[–] racketlauncher831@lemmy.ml 1 points 3 months ago (1 children)
[–] MTK@lemmy.world 1 points 3 months ago

Oh, didn't know they named a company after me, cool

[–] gandalf_der_12te@discuss.tchncs.de 4 points 3 months ago

Uhm, so, the problem isn't only the unlocking but also the re-locking of the bootloader.

Leaving the bootloader unlocked while you're storing sensitive data on the phone means that thieves, but also law enforcement, can read the data that's stored on your phone if they guess the cryptographic key that protects your data correctly. If you're using a 4-digit PIN, there's only 9999 combinations, and guessing the PIN correctly can be done in a few minutes on a modern computer.

If you use a strong password, your data would be secured against thieves and law enforcement. But then you'd have to enter a strong password every time that you boot up the device, which is annoying.

So, if you can re-lock the bootloader after having installed the operating system, then an attacker can't just access the raw, encrypted data and try every possible PIN combination on it. Instead, they'd have to go through the operating system's user interface that's installed on the phone, and that can limit the number of allowed password attempts down to 10 or so, so they probably won't have access to the data on the phone if they don't guess the PIN correctly within 10 attempts.

[–] possiblylinux127@lemmy.zip 4 points 3 months ago* (last edited 3 months ago)

There would need to be either a flaw in the cryptography or a flaw in the bootloader. If the OS image is tampered will at all it will refuse to boot as it needs to be signed.

This can be really good for security as it means attacks on your device are very hard. However, it is also a tool to lock down vendor hardware.

[–] squaresinger@lemmy.world 4 points 3 months ago (1 children)

A locked bootloader works with a trusted chain.

That means:

  • There's a trusted enclave on your phone, usually inside the SoC but sometimes it's a dedicated chip. This chip has purposely very little access to it. This one contains the root keys for the encryption used on the phone.
  • The phone only boots a bootloader verified by the trusted enclave.
  • The verified bootloader verifies and only boots a verified system image.

If everything is implemented correctly and there are no bugs that can be exploited (like e.g. on newer Switch 1 models, older ones had a bug that was exploitable), then the only thing you can do is hardware exploits.

For that you could e.g. solder on a chip that hijacks the connection between the trusted enclave and the SoC (e.g. modchip on newer Switch 1 models) or you have to replace parts, e.g. the trusted enclave chip or the SoC (if the trusted enclave is within the SoC).

That's usually the point where it becomes too costly to be worth it.