UPDATE May 26:
HTC announces they will NOT lock the bootloader.
"There has been... | Facebook
Behold, the Power of the Android Community: HTC to Unlock Future Bootloaders
For those of you who did your part and made your voice heard, kudos! For those of you who plan to buy an HTC phone, congratulations! Almost feels like one of those one-punch knockout fights. It's over already? Good job, HTC. Way to set a good example for the entire industry.
Historical stuff made obsolete by the news above:
HTC announces they will NOT lock the bootloader.
"There has been... | Facebook
Phandroid response:"There has been overwhelmingly customer feedback that people want access to open bootloaders on HTC phones. I want you to know that we've listened. Today, I'm confirming we will no longer be locking the bootloaders on our devices. Thanks for your passion, support and patience," Peter Chou, CEO of HTC
Behold, the Power of the Android Community: HTC to Unlock Future Bootloaders
For those of you who did your part and made your voice heard, kudos! For those of you who plan to buy an HTC phone, congratulations! Almost feels like one of those one-punch knockout fights. It's over already? Good job, HTC. Way to set a good example for the entire industry.
Historical stuff made obsolete by the news above:
This post may be deprecated by news on how HTC has changed things.
For the latest update on this issue, please the post at - http://androidforums.com/evo-3d-all...anic-about-locked-bootloader.html#post2725969
Posts immediately preceding and following that one may also shed some light on this.
~~~~~~~~The OP follows below, to be left in place until the issue is 100% resolved and clarified.
This thread applies to all existing HTC phones as of the date of this post.
Ever since mid-March, several sources online started to incite fear by reporting that someone discovered that the HTC Thunderbolt's bootloader was locked. Why would that be scary? Because we've all heard that Motorola's bootloaders are locked down, which severely limits how much you can do with a rooted phone, like flash custom ROMs. And Motorola has stated that it intends to do the same for all its future phones. Since the Thunderbolt's booloader is locked and signed, does this mean HTC is now headed down the same path?
No.
The first thing to understand is that the initial fear mongering was due to a huge lack of understanding about the nature of bootloaders. I'm going to explain it here in a clean thread and hope to counter all this misplaced concern for anyone looking for clarification.
What the authors of these reports failed to realize was that almost ALL phones' bootloaders come locked and signed. Always have. The Thunderbolt's bootloader security is no different than any of its HTC predecessors including the Droid Incredible, Evo 4G, and many others. They simply confused a "locked" bootloader to Motorola's bootloaders, which are also locked, but the key difference is the encryption layer that prevents the Moto bootloaders from being unlocked. There's a huge difference between being locked and being unlockable.
In a full root, one of the main objectives is to unlock the bootloader so you can flash custom ROMs. Here is a high-level overview of what happens during a full root:
1) find an exploit that tricks the phone in giving you temporary root privileges for that session. Typically some app has a vulnerability, and a root solution is available when a hacker finds an exploit.
2) Once a hacker has temp root, the superuser (su) binary is installed onto the system to make the root permanent. A user or app can simply call su to gain root privileges at will.
At this point, we've achieved a half-root. The phone is technically considered "root"ed. Now we move on to the juicy part of the root process: unlocking the bootloader.
3) The bootloader's stock firmware (HBOOT) can now be replaced with the pre-release Engineering version, which is a leaked HTC-signed image used when the phone firmware and OS was being developed. Since the image is properly signed, the bootloader accepts the firmware. The Engineering HBOOT comes with S-OFF, meaning it's unlocked by default (it makes sense that when the ROM is being developed, engineers wouldn't want to impose the lock on themselves). Once the bootloader is on the Engineering HBOOT, it is unlocked.
4) Now that the bootloader is unlocked (aka S-OFF, NAND unlocked), the factory recovery program is able to be replaced using the bootloader's fastboot flashing utility. Depending on the root method, you get either Clockworkmod or RA recovery, two widely available homebrew recovery programs.
5) with a custom recovery in place, you have the ability to flash images to various partitions that were previously protected by the bootloader, but now that the bootloader is unlocked, it essentially turns a blind eye to what the recovery image does.
Full root complete.
An encrypted bootloader means that the HBOOT image is cryptographically signed as opposed to an unencrypted signature. The only way to reproduce the encryption is with a very specific key, which is held by the manufacturer. Without the key, a custom HBOOT image cannot be signed in a way that the bootloader will accept it. So... no Eng HBOOT means S-ON remains (aka NAND locked, aka bootloader remains locked). Which means you can't ever have write access to key partitions of the filesystem that a custom kernel/ROM requires: /boot (kernel) and /system (Android OS). Furthermore, with Motorola bootloaders, there's something called an eFuse that checks to see if you've modified the bootloader. Assuming you do get the Eng HBOOT flashed, the eFuse may still kick in because of some checksum mismatch. Its job is to prevent the phone from booting into the OS when it detects that the bootloader has been tampered with.
So will the Evo 3D come with a locked and signed bootloader? Most likely. But does that mean anything of consequence? No. The Engineering HBOOT will be inevitably leaked, a hacker will discover a root exploit, and the Evo 3D will be fully rooted shortly after.
Is there a possibility that HTC starts encrypting their bootloaders like Motorola? Yes. But the Thunderbolt's bootloader is not a valid reason to think that HTC is considering this. In fact, HTC has done nothing to indicate it may suddenly decide to change its existing policies. So relax. Chances are very good that the Evo 3D will be rooted quickly with little fanfare.
Hopefully word of this thread gets around and can clear up all the FUD surrounding this issue.
For the latest update on this issue, please the post at - http://androidforums.com/evo-3d-all...anic-about-locked-bootloader.html#post2725969
Posts immediately preceding and following that one may also shed some light on this.
~~~~~~~~The OP follows below, to be left in place until the issue is 100% resolved and clarified.
This thread applies to all existing HTC phones as of the date of this post.
Ever since mid-March, several sources online started to incite fear by reporting that someone discovered that the HTC Thunderbolt's bootloader was locked. Why would that be scary? Because we've all heard that Motorola's bootloaders are locked down, which severely limits how much you can do with a rooted phone, like flash custom ROMs. And Motorola has stated that it intends to do the same for all its future phones. Since the Thunderbolt's booloader is locked and signed, does this mean HTC is now headed down the same path?
No.
The first thing to understand is that the initial fear mongering was due to a huge lack of understanding about the nature of bootloaders. I'm going to explain it here in a clean thread and hope to counter all this misplaced concern for anyone looking for clarification.
What the authors of these reports failed to realize was that almost ALL phones' bootloaders come locked and signed. Always have. The Thunderbolt's bootloader security is no different than any of its HTC predecessors including the Droid Incredible, Evo 4G, and many others. They simply confused a "locked" bootloader to Motorola's bootloaders, which are also locked, but the key difference is the encryption layer that prevents the Moto bootloaders from being unlocked. There's a huge difference between being locked and being unlockable.
In a full root, one of the main objectives is to unlock the bootloader so you can flash custom ROMs. Here is a high-level overview of what happens during a full root:
1) find an exploit that tricks the phone in giving you temporary root privileges for that session. Typically some app has a vulnerability, and a root solution is available when a hacker finds an exploit.
2) Once a hacker has temp root, the superuser (su) binary is installed onto the system to make the root permanent. A user or app can simply call su to gain root privileges at will.
At this point, we've achieved a half-root. The phone is technically considered "root"ed. Now we move on to the juicy part of the root process: unlocking the bootloader.
3) The bootloader's stock firmware (HBOOT) can now be replaced with the pre-release Engineering version, which is a leaked HTC-signed image used when the phone firmware and OS was being developed. Since the image is properly signed, the bootloader accepts the firmware. The Engineering HBOOT comes with S-OFF, meaning it's unlocked by default (it makes sense that when the ROM is being developed, engineers wouldn't want to impose the lock on themselves). Once the bootloader is on the Engineering HBOOT, it is unlocked.
4) Now that the bootloader is unlocked (aka S-OFF, NAND unlocked), the factory recovery program is able to be replaced using the bootloader's fastboot flashing utility. Depending on the root method, you get either Clockworkmod or RA recovery, two widely available homebrew recovery programs.
5) with a custom recovery in place, you have the ability to flash images to various partitions that were previously protected by the bootloader, but now that the bootloader is unlocked, it essentially turns a blind eye to what the recovery image does.
Full root complete.
An encrypted bootloader means that the HBOOT image is cryptographically signed as opposed to an unencrypted signature. The only way to reproduce the encryption is with a very specific key, which is held by the manufacturer. Without the key, a custom HBOOT image cannot be signed in a way that the bootloader will accept it. So... no Eng HBOOT means S-ON remains (aka NAND locked, aka bootloader remains locked). Which means you can't ever have write access to key partitions of the filesystem that a custom kernel/ROM requires: /boot (kernel) and /system (Android OS). Furthermore, with Motorola bootloaders, there's something called an eFuse that checks to see if you've modified the bootloader. Assuming you do get the Eng HBOOT flashed, the eFuse may still kick in because of some checksum mismatch. Its job is to prevent the phone from booting into the OS when it detects that the bootloader has been tampered with.
So will the Evo 3D come with a locked and signed bootloader? Most likely. But does that mean anything of consequence? No. The Engineering HBOOT will be inevitably leaked, a hacker will discover a root exploit, and the Evo 3D will be fully rooted shortly after.
Is there a possibility that HTC starts encrypting their bootloaders like Motorola? Yes. But the Thunderbolt's bootloader is not a valid reason to think that HTC is considering this. In fact, HTC has done nothing to indicate it may suddenly decide to change its existing policies. So relax. Chances are very good that the Evo 3D will be rooted quickly with little fanfare.
Hopefully word of this thread gets around and can clear up all the FUD surrounding this issue.