1

I successfully flashed my device a few times, but I am still paranoid about hard bricks. I am sure I can use my Arduino to fix them, but this made me wonder why bootloaders are stored in rewritable storage. I am aware that there is a PBL and an SBL and all that, and the PBL is in ROM. In this context, "rewritable storage" means a storage medium that can be electronically rewritten (EEPROM, Flash, RAM, etc) and "ROM" means read only storage, not aftermarket Android distributions such as Lineage OS.

Summary: Why would code that is required to even turn the phone on, not to mention booting Android, be stored in a location that can be rewritten.

person
  • 15
  • 4

3 Answers3

2

Bootloaders, like other partitions, might be updated officially for various reasons:

  • Switching to a new partition layout (e.g. a bunch of older devices with life spanning across Gingerbread and Ice Cream Sandwich, the latter requiring considerably more space)
  • Implementing new security mechanisms (e.g. earlier Xiaomi devices, old bootloader readily unlockable, new bootloader requires logging in and verifying before unlocking)
  • Ensuring you're on a version the manufacturer wants you to be, i.e. preventing downgrades (e.g. Samsung, doing so will halt halfway).
Andy Yan
  • 9,554
  • 17
  • 31
  • 56
  • I still think there should be at least a bare-minum recovery in ROM, completely inaccessible to software. Something like inserting a MicroSD card, then pressing a power+volume up+volume down+home while the device is connected to a charging port causing the contents of the memory card to be duplicated into Flash. – person Sep 12 '17 at 04:23
  • @person That's an even larger loophole for devs to exploit (to achieve unlock, etc.). If you check out the 3DSHacks Reddit you'll see how many are willing to hardmod their devices for the freedom, and one of the recent discoveries is very similar, utilizing a hidden procedure to boot arbitrary code. It's best to keep those sealed. – Andy Yan Sep 12 '17 at 04:58
  • Also, Qualcomm does have an emergency mode (QDLoader 9008/900E) for the worst case users can handle, but unfortunately that one is not always available for all devices. – Andy Yan Sep 12 '17 at 04:59
  • @AndyYan So your interest covers 3DSes too, hmm? – Grimoire Sep 12 '17 at 14:24
  • @DeathMaskSalesman Haha sure, got an old variant on the shelf. I don't game much with it though, #PCMasterRace – Andy Yan Sep 12 '17 at 15:48
  • @AndyYan I just migrated to a new variant. Must say, that the 3DS seems like the easiest handheld to mod. – Grimoire Sep 12 '17 at 15:49
2

Andy mentions some of the benefits for later upgrade in the field, and these are good points, but there's more to it than that. The bootloader doesn't just need to boot the primary OS, but also the "charging mode", which is itself an embedded Linux kernel. The bootloader needs to bring up the hardware to be a USB endpoint and to talk the fastboot protocol, so that it can receive and flash new recovery and system images. It also has to perform signature validation on those images, using a quite complicated block-based scheme so validation doesn't slow down boot time.

So what? Why does any of this functionality need upgradeability? Because it's complex enough to contain bugs. The original XBox bootloader was 512 bytes long and contained two critical security errors, one of which made it possible to run unsigned code on consumer devices. It wasn't possible to update it in the field. Right away, their main security and anti-piracy mechanism became worthless. Phone manufacturers do not want to have those bugs. They make the bootloader updateable so that the device can be upgraded in the field, and so that it's easier to test and develop the bootloader against the real hardware. It's much harder to develop and test code that will be baked into a ROM - and that extra complexity means there would be more bugs and that phone development would be slower, missing the important launch deadlines.

Having an upgradeable bootloader is only a problem if you try to flash firmware to the phone and screw up. This simply isn't a problem for almost all of the phone market. It's only the crazy hobbyists who brick their phones this way. Worse yet, moving this complex bootloader into ROM wouldn't prevent bricking. There are still many ways a broken firmware can damage the device: by overheating it, by uploading a broken radio firmware, by blowing fuses in the secure element, &c.

So overall, there's a huge cost to putting more complex software somewhere that's hard to test and debug, and can't be patched to add functionality or fix bugs. There's no advantage at all for almost all users, and even those users who insist on shooting themselves in the foot would still have other ways to do that.

Dan Hulme
  • 35,000
  • 17
  • 90
  • 155
-4

Come to think of it, what a silly liability with such a set up, isn't it? My only assumption is so OEMs are able to push updates for new builds, in order to patch security issues, compatibility issues, etc. You bring up an excellent point though, this is a gigantic vulnerability and a gaping flaw in the process for sure.

person
  • 15
  • 4
robcore
  • 1