Scribd
Upload
19 views25 pages

Bootloader and Custom ROM

Uploaded by

Vivek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
19 views25 pages

Bootloader and Custom ROM

Uploaded by

Vivek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Android Device and OS

Roadmap
• Android Read Only Memory

• What is a bootloader? What does it do? Why would I want to unlock it?

• Why do phones come with a locked bootloader from the factory?

• Are Custom ROMs Safe/Secure?


Android Read Only Memory
• A file containing the executable instructions (a system image) of an
Android OS and affiliated apps.

• The "stock ROM" comes installed on the phone or tablet, while a


"custom ROM" comes from a third party.

• The custom ROM is either a uniquely modified OS


Flashing the ROM

• Flashing a ROM means installing the system image into the device's
internal flash memory.

• Flash memory holds the Android's firmware, the same as most


portable devices with an embedded OS.
A Rather Misleading Name

• The Android ROM is actually flash memory, not ROM. A ROM is read-
only-memory that once programmed is unalterable.
Question
• What is a bootloader? What does it do? Why would I want to unlock
it?
Bootloader overview

• A bootloader is a vendor-proprietary image responsible for bringing


up the kernel on a device.

• The bootloader guards the device state and is responsible for


initializing the Trusted Execution Environment (TEE) and binding its
root of trust.

• The bootloader also verifies the integrity of the boot and recovery
partitions before moving execution to the kernel.
Example bootloader flow

• Load and initialize memory.

• Verify the device according to Verified Boot flow.

• Verify the boot partitions, including boot, dtbo, init_boot, and recovery,
according to the Verified Boot flow. As part of this step, check the boot
image header version and parse the header accordingly.

• If A/B updates are used, determine the current slot to boot.


• Determine if recovery mode should be booted.

• Load the boot images, such as [Link], vendor_boot.img, init_boot.img,


and other proprietary vendor boot images. These boot images contain the
kernel and ramdisk images.

• Load the kernel into memory as a self-executable compressed binary. The


kernel decompresses itself and starts executing into memory.

• Load ramdisks and the bootconfig section into memory to create initramfs.
Bootloader Simplified
• The bootloader is a set of codes that checks the integrity of a system
as it starts.

• Think of the bootloader as a simple lock on your door, that makes


sure that unauthorized people don’t enter your house, keeping stuff
inside your house safe, and you can unlock it with only the key
provided with it.
• When a device starts, the bootloader checks the file system and
partitions to make sure if they’re healthy, and then it runs the OS
kernel, which then launches the OS.

• This process is called a boot (OS booting). Once the OS starts booting,
the job of the bootloader is over, until the device
reboots/resets/restarts.
Bootloader states: locked &
unlocked
• A locked bootloader basically means that the bootloader will only let
the packages signed (digitially verified) from the respective
manufacturer to make changes to the system partitions.

• For example, wiping the system, or installing a system update. In


contrast, an unlocked bootloader can let the user modify system
partitions with third party software packages and codes, for example,
custom recoveries and custom de-bloating scripts.
Why do phones come with a locked bootloader
from the factory?

• Manufacturers do this so that the security of the OS and the phone


can be maintained by them without many problems.

• Take, for example, a phone with an unlocked bootloader can install


any third party recovery, which can install unverified software straight
into the system partition.

• Simply put, they lock the bootloaders to prevent the unauthorized


installation of custom recoveries and ROMs.
• This helps them take control of the device software and gather usage
data for R&D and/or advertising.

• Many manufacturers allow users to unlock the bootloader if they wish


to, and many don’t.

• Since the bootloader is literally the first point of interaction with the
device, it needs to be altered to be able to flash recoveries and stuff,
and therefore, a locked bootloader means no aftermarket software
development.
The pros of an unlocked
bootloader
• Letting you install any custom recovery of your choice (which further
allows you to install custom ROMs)

• It can allow you to move from your manufacturers bloated ROM to a


slick light custom ROM. It can allow you to gain superpowers by
rooting your phone.
Cons of an unlocked bootloader

• Firstly, and most importantly, most manufacturers don’t encourage


rooting and flashing, so unlocking your phone’s bootloader might get
your warranty void.

• Also, since unlocked bootloaders don’t verify digital signatures and


allow users to install custom recoveries, any malicious programs can
be pushed into the system partitions.

• ‘your device can’t be trusted’ message the phone shows every time
the phone boots up
Question
• Are Custom ROMs Safe/Secure?
• Are custom ROMs safe/secure?
– How safe/secure are custom ROMs?
– Are there any security issues in custom ROMs?
– Can I trust custom ROMs?
– How can I stay secure on custom ROMs?
• yes, custom ROMs are just as secure as stock ROMs, if not better, as
long as you’re installing the right one.

• There definitely are chances of a notorious developer putting some


malicious lines of code and getting access to your data, we aren’t
denying that possibility, but the chances of that happening are as thin
as the chances of the same being done by the stock OS developers.

• How you ask? Well, to understand this, you’ll need to know how and
why custom ROMs are made.
• Custom ROMs are made by developers and development groups out
of passion and hobby, and not to sell data and make money.

• As a reminder, Android itself is a platform that Google uses to gather a


major percentage of analytics and data for its advertising purposes.

• Some OEMs like Xiaomi decide to show intrusive ads in their stock
MIUI to earn a little more. In contrast, indie developers and small OS
development groups (like Lineage) do this to feed their appetite for
coding and OS development.
• They earn enough to keep the projects alive through donations and in
some cases, advertisements on their sites.

• Add to that, most custom ROMs are completely open source, just like
AOSP, and the codes are put out publicly for anyone to view, examine,
and even build ROMs over them. This means, even if someone
wanted to put bad codes or key-loggers or data miners, there is a high
chance that they’d be caught and abandoned from the developer
community.
Question
• What can you do to ensure maximum security on custom ROMs?
• First and foremost, download ROMs ONLY from where the developer
asks you to.

• That includes links on the official forum posts on XDA, official ROM
websites, or links sent by the developers on the group chat.

• Never include direct/self-hosted/mirrored download links, unless a


project has been abandoned and the official download links are dead.
• Secondly, if you’re a novice and you don’t know reading codes, like the
majority of people, stay away from ROMs that aren’t open source and the
ones which haven’t been tried by people already.

• Check the reviews of custom ROM out as well.

• And finally, just take care of what apps you install, what permissions
you give to your apps, and keep your ROM updated. That should solve
most of your security concerns.

You might also like