What is the Bootloader?
The bootloader is the first program that runs when an Android device powers on. It initializes the hardware and verifies the authenticity of the operating system before passing control to it. It controls whether the system can boot into trusted or untrusted software.
Unlocking the Bootloader
Unlocking the bootloader removes manufacturer restrictions and allows users to flash custom firmware (such as ROMs, kernels, and recoveries). This grants full control over the device but significantly reduces its security.
When the bootloader is unlocked:
- The device can boot unsigned or modified operating systems.
- Verified Boot is disabled or bypassed.
- A factory reset is typically triggered to protect existing data.
- Encryption protections may be undermined if malicious software is installed.
Relocking the Bootloader
Relocking the bootloader restores original security controls:
- The device will only boot firmware that is digitally signed by the manufacturer.
- Verified Boot is re-enabled to ensure system integrity.
- A factory reset is usually performed to eliminate any residual untrusted code or data.
What Verified Boot Does
Verified Boot enforces a chain of trust from the bootloader to the operating system. It ensures that each stage of the boot process is signed and unmodified. If tampering is detected:
- The device may refuse to boot or display a warning.
- It helps prevent persistent malware from loading during startup.
- It ensures that user data is only accessible by trusted software.
Security Comparison: Locked vs Unlocked Bootloader
| Aspect | Locked Bootloader | Unlocked Bootloader |
|---|---|---|
| Boot Integrity Checks | Verified Boot enforced | Bypassed or disabled |
| OS Modification | Not allowed (only signed images) | Allowed (can flash any image) |
| Custom ROMs | Not permitted | Permitted |
| Firmware Tampering Protection | Strong — tampering blocks boot | Weak — modified firmware can be booted |
| Encryption Key Security | High — tied to hardware and OS integrity | Lower — may be accessed with modified OS |
| App Security Trust | Full — enables apps like Google Wallet | Limited — some apps may refuse to run |
| Risk of Persistent Malware | Low | Higher — malicious firmware can persist |
| Device Reset on Change | Yes — relocking or unlocking wipes data | Yes — unlocking triggers factory reset |
Can an Unlocked Bootloader Be Attacked Remotely?
Not directly.
An unlocked bootloader by itself does not introduce a remote vulnerability. However, it does significantly increase the risk in the event of a local or chain-based attack:
- Local Attack Risk:
If someone has physical access to the device, they can flash malicious firmware, extract data, or bypass security mechanisms. - Remote Attack Amplification:
If the device is compromised remotely (via malware or a zero-day), the attacker may:- Gain root access more easily.
- Install persistent malware at the firmware level, which would otherwise be blocked by Verified Boot on a locked device.
- Avoid detection or resistance from standard security checks.
So while the bootloader being unlocked is not itself a remote vulnerability, it increases the consequences of any remote compromise, especially in terms of persistence and stealth.
Bootloader relocking in iodéOS
Some manufacturers permit bootloader relocking, while others do not.
Bootloader relocking may be restricted because some devices use security mechanisms that permanently prevent relocking to avoid potential issues such as bricking the device or compromising device integrity. Additionally, manufacturers sometimes disable relocking to maintain warranty or enforce proprietary restrictions.
You can find details about whether we relock the bootloader on each of our supported devices here:
https://iode.tech/iodeos-official-supported-devices/
