What is it?In simple terms, a bootloader is the code that runs on a device (be it a phone or computer) before the operating system starts up. Almost all operating systems have bootloaders of some sort. This low-level code contains the instructions that tell a device how to start up and find the system kernel. The bootloader usually lives on the system board in non-volatile memory and is often specific to a device. It has to be, since the software and hardware loadout will vary so much from one device to the next.
Every time your phone starts up, that bootloader code is telling your device what to do in order to get you to the home screen. As you can imagine, this process is vitally important. As such, manufacturers often use security measures to keep you from tampering with the bootloader. Why would you want to? Well, there's a whole internet full of custom ROM makers to entice you. It can be a lot of fun if you don't mind voiding your warranty.
The process for doing this will vary by phone, and even by the version of the software you are running. Many root tools will let you unlock the bootloader at the same time, but you may need to downgrade your software version to get a vulnerable bootloader. Manufacturers will push updates that block bootloader modification just like root exploits get patched. HTC also uses NAND lock which prevents root, and in turn bootloader access. Although, this is usually defeated on a per-handset basis.
Some devices that are intended as a development unit have a leg up on the competition, though. The Nexus One, Nexus S, and possibly the Motorola Xoom have user unlockable bootloaders by design. In these cases, all you need to do is install the Android SDK, plug in the phone, and boot into the bootloader. Issuing the 'fastboot oem unlock' command will unlock your bootloader. Even these sanctioned methods take the security aspect into account. Unlocking the bootloader will cause the device to be factory reset to protect user data.
Bootloader lock-downcontinued on with the Droid X, Droid 2 and now the Atrix.
This presents new issues for software modders. If you can't unlock the bootloader, you can't change the stock recovery, and you can't install custom ROMs. Over time, the community has developed workarounds to get some lower-level control of these phones. With a recovery bootstrap, users can jump into a custom recovery, but the process comes with additional risks. Bricking a phone is easier to do when dealing with encrypted bootloaders.
Even in the best of circumstances, a locked bootloader will prevent the wholesale alteration of the system kernel. Full-scale ROMs are not really possible. Still, users have managed a lot of impressive things even with locked bootloaders on phones like the Droid X.
If you fancy yourself a serious modder or developer, a device with an easily unlockable bootloader is probably what you want. The Nexus phones are the easiest by far, but many other phones can be unlocked without too much problem as long as you can gain root. Manufacturers usually update to protect the bootloaders, or may rely on technologies like NAND lock to keep users out. But even at times when a signed bootloader rears its ugly head, users manage to make some customizations.