Know Your Android Bootloader—What it is and Why it Matters

By Ryan Whitwam

Why you should care about your bootloader

With Android use, and therefore modding, on the rise, you've probably seen the term 'bootloader' come up. The  Atrix apparently has a locked and signed bootlaoder, and the Xoom is rumored to be unlocked. But what does that mean? Different manufacturers handle the bootloader differently, and it can even vary from one software version to the next. The bootloader may be a barrier to installing custom ROMs, but it is also of fundamental importance to the function of your phone. 


What is it?

In simple terms, a bootloader is the code that runs on a device (be it a phone or computer) before the operating system starts up. Almost all operating systems have bootloaders of some sort. This low-level code contains the instructions that tell a device how to start up and find the system kernel. The bootloader usually lives on the system board in non-volatile memory and is often specific to a device. It has to be, since the software and hardware loadout will vary so much from one device to the next. 
Every time your phone starts up, that bootloader code is telling your device what to do in order to get you to the home screen. As you can imagine, this process is vitally important. As such, manufacturers often use security measures to keep you from tampering with the bootloader. Why would you want to? Well, there's a whole internet full of custom ROM makers to entice you. It can be a lot of fun if you don't mind voiding your warranty.

Unlocking bootloaders 

The process for doing this will vary by phone, and even by the version of the software you are running. Many root tools will let you unlock the bootloader at the same time, but you may need to downgrade your software version to get a vulnerable bootloader. Manufacturers will push updates that block bootloader modification just like root exploits get patched. HTC also uses NAND lock which prevents root, and in turn bootloader access. Although, this is usually defeated on a per-handset basis.   
Some devices that are intended as a development unit have a leg up on the competition, though. The Nexus One, Nexus S, and possibly the Motorola Xoom have user unlockable bootloaders by design. In these cases, all you need to do is install the Android SDK, plug in the phone, and boot into the bootloader. Issuing the 'fastboot oem unlock' command will unlock your bootloader. Even these sanctioned methods take the security aspect into account. Unlocking the bootloader will cause the device to be factory reset to protect user data.     

Bootloader lock-down  

continued on with the Droid X, Droid 2 and now the Atrix.   
This presents new issues for software modders. If you can't unlock the bootloader, you can't change the stock recovery, and you can't install custom ROMs. Over time, the community has developed workarounds to get some lower-level control of these phones. With a recovery bootstrap, users can jump into a custom recovery, but the process comes with additional risks. Bricking a phone is easier to do when dealing with encrypted bootloaders.  
Even in the best of circumstances, a locked bootloader will prevent the wholesale alteration of the system kernel. Full-scale ROMs are not really possible. Still, users have managed a lot of impressive things even with locked bootloaders on phones like the Droid X.  
If you fancy yourself a serious modder or developer, a device with an easily unlockable bootloader is probably what you want. The Nexus phones are the easiest by far, but many other phones can be unlocked without too much problem as long as you can gain root. Manufacturers usually update to protect the bootloaders, or may rely on technologies like NAND lock to keep users out. But even at times when a signed bootloader rears its ugly head, users manage to make some customizations.