Hello wonderful people of Droid Forums! This is my first post, so I apologize in advance if I am asking obvious questions.
So everyone is talking about the “locked” bootloaders present on several of the new Droid phones, including my beloved new D2G. This has been cited as the reason that the bootloader, recovery menu, and android kernel on these phones cannot be replaced with unofficial code. I was wondering if anyone here knew the exact technical details of the security systems that actually make up this so called “lock”.
One thread I read vaguely mentioned RSA keys, so I can only assume that something somewhere is signed. Is it the typical setup, with a bootloader that is signed with a key that is burned into the CPU, and a kernel that is signed with a key in the bootloader? Clearly the code on the /system partition is not signed, since I was able flash a custom ROM over it (not to mention install the bootstrap recovery).
Also, how much control does a root process really have? If it is possible to inject root code into the boot process just by modifying some things in init.rc (as the bootstrap recovery does), then shouldn’t it be possible to manually load whatever we want into memory after that point, including a new kernel? If so, then couldn’t we leave the (presumably) signed stock kernel in place, put our kernel in /system, and write some root code that copies it into memory and executes it (without checking any sigs)?
Forgive me if I have no idea what I am talking about. Like I said, I am new to the forum, and I just got my first Android phone less than a week ago.