• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

Bootloader unlocking, relocking and security aspects

Search This thread

novabright

Member
Jun 23, 2021
7
0
I installed a custom operating system (LineageOS for microG) and a custom recovery environment (TWRP) into my Oneplus 3T recently. The bootloader had to be unlocked to do this of course.

As far as I understand, locking it again would prevent the phone from booting as custom operating systems are not signed with the phone manufacturer's keys. This also applies to custom recoveries, is that correct?

What are the exact security drawbacks of having an unlocked bootloader? Assuming the phone is encrypted, protected with a strong PIN code, developer mode and USB debugging options disabled, and there's an attacker who has physical access to the phone so he/she can boot the phone to bootloader or recovery interface using the special buttons.
Encryption should protect the user data, at least from unsophisticated attackers, but can the attacker install malicious software into the phone?
With an unlocked bootloader, does the phone respond to fastboot or ADB commands from a computer even if developer mode and USB debugging are disabled?
What is the difference if these options are disabled, the bootloader is locked and the "OEM unlock" option in the menu is also disabled?

Considering my possible phone upgrade in the far future, is there a phone that allows one to insert custom signing keys into the bootloader so that the bootloader could be kept locked while having a custom ROM? Or to flash an entirely custom bootloader with custom signing keys?
 

Stephanie_Sy

Member
Mar 1, 2021
10
2
All I know is that an unlocked bootloader is easier to root as commands can be sent to the device using the fastboot protocol used to boot it so it is not necessary to take advantage of an exploit on the device in order to root it
 
  • Like
Reactions: novabright

novabright

Member
Jun 23, 2021
7
0
unlocked bootloader allows the modification of the partitions and access to your data from a custom recovery.

So a threat actor with physical access to the phone could then install malware using the recovery environment, without the user ever noticing it?

Encryption should protect the data but having malware in the phone would quickly compromise it.

All I know is that an unlocked bootloader is easier to root as commands can be sent to the device using the fastboot protocol used to boot it so it is not necessary to take advantage of an exploit on the device in order to root it

Hm, so this means that a phone with an unlocked bootloader will reply to fastboot commands from a computer even if developer/debug settings etc. are not enabled inside the main OS?
 

Roizoulou

Member
May 16, 2019
27
4
So a threat actor with physical access to the phone could then install malware using the recovery environment, without the user ever noticing it?

Encryption should protect the data but having malware in the phone would quickly compromise it.



Hm, so this means that a phone with an unlocked bootloader will reply to fastboot commands from a computer even if developer/debug settings etc. are not enabled inside the main OS?
1. yes
2. yes
 
  • Like
Reactions: novabright

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    So a threat actor with physical access to the phone could then install malware using the recovery environment, without the user ever noticing it?

    Encryption should protect the data but having malware in the phone would quickly compromise it.



    Hm, so this means that a phone with an unlocked bootloader will reply to fastboot commands from a computer even if developer/debug settings etc. are not enabled inside the main OS?
    1. yes
    2. yes
  • 1
    unlocked bootloader allows the modification of the partitions and access to your data from a custom recovery.
    1
    All I know is that an unlocked bootloader is easier to root as commands can be sent to the device using the fastboot protocol used to boot it so it is not necessary to take advantage of an exploit on the device in order to root it
    1
    So a threat actor with physical access to the phone could then install malware using the recovery environment, without the user ever noticing it?

    Encryption should protect the data but having malware in the phone would quickly compromise it.



    Hm, so this means that a phone with an unlocked bootloader will reply to fastboot commands from a computer even if developer/debug settings etc. are not enabled inside the main OS?
    1. yes
    2. yes