Today's technology development ecosystem includes a large developer community that innovates by obtaining off-the-shelf electronic devices, and developing new technologies (e.g., flashing custom software and/or custom firmware to the device) to create modified devices that operate in an innovative way. This type of development requires access to the bootloader of the electronic device so that newly developed technologies can be tested for operability and performance.
Today's bootloaders can be offered in an unlocked, locked, or unlockable state. Permanently unlocked bootloaders, while convenient for developers, are not practical for the everyday user, as they leave the operating system and kernel on the device unprotected. For example, a user may (knowingly or unknowingly) install third party applications on the device that are infected with malware. Permanently locked bootloaders, on the other hand, offer increased security, but are not practical for developers. In some cases, persistent developers with some level of sophistication will nevertheless exploit vulnerabilities on the device to circumvent a locked bootloader in an unauthorized manner. Accordingly, many device manufacturers provide unlockable bootloaders (i.e., locked on purchase, but unlockable), which allows the everyday user to experience a device with adequate security that runs the operating system specifically designed for the device, while allowing developers to unlock the bootloader for development purposes.
Despite the advantages provided by unlockable bootloaders, a service provider associated with the electronic device may not be engaged with the unlocking of a bootloader that occurs after the device is purchased. As an example, a user of a handset (e.g., a smart phone) may subscribe to a service providing entity called a “carrier” to access carrier services (e.g., mobile telephony services). The carrier, in this example, may not have any knowledge as to whether the bootloader of a handset sold from their retail store has been subsequently unlocked or not.
Without service provider engagement in the unlocking of a bootloader, a device may be unable to apply over-the-air (OTA) updates (e.g., software updates, such as security patches, etc.) that are pushed to the device, and the device may get stuck in a futile update “loop” where the repeatedly attempts to apply an update, and fails to do so. To illustrate this issue, a user may purchase a handset, unlock the bootloader, and modify the operating system and/or kernel of the handset in some way, which breaks the root of trust on the device, and, in turn, breaks the OTA pathing for installing updates on the device. Thereafter, an update servers may push a new security update to the handset, not knowing that the bootloader has been unlocked and that the root of trust has been broken. Meanwhile, the handset's OTA handler authenticates the build fingerprint of the device, but does not detect the broken root of trust, and, as a result, the OTA handler is unsuccessful in applying the security update, so it backs out of the update process, and tries, over and over again, to apply the update again, but is unsuccessful at each iteration. A device stuck in this loop can drain the device's battery. Furthermore, unnecessary network exchanges (i.e., consumption of network bandwidth) have occurred in this scenario because an update that cannot be applied on the device was unnecessarily transmitted over a network to the device.
Another issue caused by a lack of service provider engagement in the unlocking of a bootloader is the additional expense of support personnel resources in reaction to device modifications. For instance, a user who has unlocked the bootloader of his/her device may experience issues with the device resulting therefrom, and may contact support personnel of a service provider to provide technical support. These support personnel have been trained on approved device software/features that have been fully tested, and may therefore be unable to provide technical support to the user. If device issues are caused by the inability to install updates, as described above, this may cause the service provider to expend its own resources to build and test different security update packages that might be operable with a modified device.
Lastly, a service providing entity may pay out for an exchange of a device whose value has been compromised due to the unlocking of its bootloader when the service providing entity cannot detect that the bootloader has been unlocked (an unlocked bootloader is often inconspicuous on the device). The value of the device may be compromised in various ways due to bootloader unlocking. For example, as noted above, unlocked bootloaders leave the operating system and kernel unprotected, which may make the device more susceptible to malware and other security issues. Even with the latest security updates, an unlocked bootloader can allow malware intrusions if third party applications are installed on the device. As another example, a user may, in the process of flashing custom software and/or firmware, may overclock the processors on the device by driving them at higher frequencies and voltages than the frequencies and voltages for which they were designed. This may impact chipset performance as well as thermal thresholds, which can lead to a shorter lifespan of the device regardless of it being re-flashed back to the original/stock software (factory) image and relocking the bootloader. In these scenarios, if the user were to exchange their device at an authorized dealer of the service provider, and the unlocked bootloader was undetected at the time of the exchange, the carrier may pay out for significantly devalued device.