Deciphering phone and embedded security - Part 3: Unsigned, signed, locked and encrypted bootloaders

[Part 1 covers the general Android architecture, including a look at the basic Android platform and the associated framework, as well as commonly used terminology like "rooting" and "flashing." Part 2 takes a deep dive into what really happens at the hardware level during an unlock operation, and tricks that hackers use to fool or bypass bootloaders and install custom ROMs.]

As explained in the previous parts (I, II), the bootloader loads the operating system (OS). It basically allows you to install custom ROMs to customize your phone. To load a truly custom ROM though, one with lower level changes, like those that allow you to over clock your phone, the bootloader must be "unlocked".

Different manufacturers handle the bootloader differently, and it can even vary from one software version to the next.

Locked Bootloader:  A "locked" Bootloader prevents any changes that could be done including  custom ROM installation or alternation of system kernel. Almost all phones sold commercially have a locked bootloader. In most cases, these can be easily be unlocked by providing root access as mentioned before.

Unlocked Bootloader: Once a bootloader is "unlocked" one can install a custom ROM to customize the phone.

Signed Bootloader:  A "signed" bootloader means that it requires its firmware to be signed by a specific entity, in this case, the manufacturer.  The bootloader rejects the firmware image if it's not signed by the official source. These new bootloaders prevent you from flashing custom or otherwise unsigned kernels on the device. These are often also called "Encrypted" bootloaders, but that is not entirely correct (as explained later in the article).

Bootloader Lock down:  This generally means that a bootloader cannot be unlocked, at least not without the "keys" that were used to sign bootloader by the manufacturer. Usually signed bootloaders are considered locked down.

Most phones today have locked bootloaders, with a majority of them pretty simple to unlock. Some of the phones offer user unlockable bootloaders by design. So all you need to do is install Android SDK, boot into Bootloader mode and issue an unlocking command, while others can be unlocked by more sophisticated methods that require finding an exploit and rooting the device to unlock the bootloader.

In the past, hackers have been able to unlock almost all the bootloaders that come in a locked state. However problems start with the signed Bootloaders.

Signed Bootloader: An evil for hackers
To understand the concept of signed bootloaders, let’s understand "Asymmetric Cryptography" that is the basis of signature generation and code signing.

Asymmetric Cryptography works on a "key pair" as compared to symmetric cryptography where the same key is shared between the transmitter and the receiver. Key pair includes a "public key" and a "private key". The private key cannot be figured out from the public key. They only work in a pair that means if one of them is used for encryption, it can only be decrypted by the other. The public key is usually known to the public (not secret) and is used for encryption while the message can only be decrypted by one who has access to the private key, which in most cases is restricted to only the owner.

Figure 1 shows the usage of asymmetric key cryptography with signed Bootloader.

STEP 1: Phone manufacturer creates a hash of bootloader. Hash functions are well-suited for ensuring data integrity because any change made to the contents of a bootloader will result in a different hash value than the one placed originally by the manufacturer. Since it is highly unlikely that two different bootloaders will yield the same hash value, data integrity is ensured to a high degree of confidence. Note that there is no way to re-generate the bootloader back from the hash.

Figure 1: Remote update with Signed bootloader

STEP 2:  Manufacturer then encrypts the hash with his Private key. The result becomes the Digital Signature of the Manufacturer.

STEP 3: Bootloader along with the digital signature is stored in the phone’s Flash memory at the factory and is what comes as the factory Bootloader. This is what is officially called "signed Bootloader."

STEP4:  The manufacturer then signs an update they want to give the phone (shown as "OTA" in the figure). This follows the same steps that include calculating the hash of the update along with generation of a digital signature (not shown in the figure). Also note that the phone keeps a read-only copy of the manufacturer's public key internally.

STEP5:  When the phone receives the update, it verifies the signature to check that the update came from the manufacturer, and only then lets the firmware be updated.

This has a couple of benefits for the manufacturer. It stops customers from uploading unsigned changes to the phone, while allowing through only changes that the manufacturer has approved and signed. It also means that customers are getting official updates since none can hack an update on phone, or tamper with the manufacturer's before it gets to you (there is nothing called "No" in the security world, however you could safely assume this would be difficult to do).