Bootloader unlocking[a] is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.
Bootloader unlocking is also done for mobile forensics purposes, to extract digital evidence from mobile devices, using tools such as Cellebrite UFED.
Unlocking the bootloader usually voids any warranties and may make the device susceptible to data theft. On Chromebooks, enabling developer mode makes the system less secure than a standard laptop running Linux. Unlocking the bootloader may lead to data loss on Android and ChromeOS devices, as some data is impossible to back up without root permission.
Sascha Segan from PCMag considered a locked bootloader a mistake on the Qualcomm Snapdragon Insiders phone, which is targeted at advanced users.
Unlocking the bootloader is typically done during the process to obtain root access.
|Easy||Command-line (unlocked variant, not restricted to carrier)|
|Samsung||Easy||Development settings (except North America variants)|
|Xiaomi||Very Hard||Add account, request code, wait a week|
|Sony||Hard||Command-line, request code at Sony website|
|Fairphone||Hard||Command-line, request code at Fairphone website|
|Motorola||Hard||Command-line, request code at Motorola website|
|Realme||Hard||Command-line, after installation of realme-app|
The bootloaders of Nexus and Pixel devices can be unlocked by using the fastboot command
When Motorola released a bootloader unlocking tool for the Droid Razr, Verizon removed the tool from their models.
In 2011, Sony Ericsson released an online bootloader unlocking tool. Sony requires the IMEI number to be filled in on their website. For the Asus Transformer Prime TF201, Asus has released a special bootloader unlock tool.
In 2012, Motorola released a limited tool for unlocking bootloaders. They require accepting terms and conditions and creating an account before the bootloader can be unlocked for a Moto G.
HTC phones have an additional layer of lock called "S-OFF/S-ON".
Bootloaders can be unlocked using an exploit or using a way that the vendor supplied. The latter method usually requires wiping all data on the device. In addition, some manufacturers prohibit unlocking on carrier locked phones. Samsung's US and Canadian Snapdragon phones do not allow unlocks regardless if the phone was bought from a carrier or not.
In 2018, a developer from XDA Developers launched a service which allowed users to unlock the bootloader of some Nokia smartphone models. Similarly, another developer from XDA Developers launched a service to allow users to unlock the bootloaders of Samsung Galaxy S20 and Samsung Galaxy S21 Phones.
Huawei announced plans to allow users to unlock the bootloader of the Mate 30 series, but later retracted that. Huawei has stopped providing bootloader unlock codes since 2018. A bootloader exploit named checkm30 has been developed for HiSilicon based Huawei phones.[non-primary source needed]
When the bootloader of the Samsung Galaxy Z Fold 3 was unlocked, the camera became less functional. This could be restored by re-locking the bootloader. This issue was later fixed by Samsung. For the Samsung Galaxy S22 series, unlocking the bootloader has no effect on the camera.
The WPInternals tool is able to unlock bootloaders of all Nokia Lumia phones running Windows Phone, but not phones like the Alcatel Idol 4 or HP Elite x3. Version 1.0 was released in November 2015. In October 2018, the tool was released as open source software when the main developer René Lergner (also known as HeathCliff74) stepped down.
The slab bootloader used by Windows RT could be unlocked using a vulnerability, but was silently patched by Microsoft in 2016. UEFI Secure Boot on x86 systems can generally be unlocked.
The boot ROM protection on iOS devices with an A11 processor or older can be bypassed with a hardware exploit known as checkm8, which makes it possible to run other operating systems including Linux.
The bootloader on M1 based Macs can be unlocked.
The equivalent of bootloader unlocking is called developer mode in Chromebooks. Chromebooks use custom bootloaders that can be modified or overwritten by removing a Write-protect screw.
In 2013, the bootloader of the Chromecast was hacked using an exploit. In 2021, it was hacked again for newer versions.
In August 2022, security researcher Lennert Wouters applied a voltage injection attack to bypass firmware verification of a Starlink satellite dish from SpaceX.
On Android, it is possible to relock the bootloader.
((cite web)): CS1 maint: url-status (link)