Much has been made recently about the ASUS Transformer Prime bootloader being locked, and there is some misinformation floating around on other sites. So I spent some time with the two people in the Android community who know the most about the ASUS Transformer series – Bumble-Bee and RaYmAn – to get some clarity as to what is going on. I will first establish some background before clarifying the ASUS Transformer Prime bootloader. Click past the break for the entire article.
For those who don’t know, Bumble-Bee and RaYmAn are the developers who first rooted the OG ASUS Transformer and run AndroidRoot.mobi, an “Android Rooting Blog.” They also have provided the tools necessary over the past 6-9 months to unlock the bootloader on the Transformer pre-B60 series as well as the root methods to bypass the security and root the Transformer.
Locking the Bootloader
Recently Bumble-Bee posted “Thoughts on Android Tablet Security” where he gives us a pretty well-informed analysis of the state of the Android tablet landscape. He points to an increasing trend amongst some of the tablet manufacturers (ASUS, Acer, Toshiba and Lenovo) of locking down their bootloaders, thus preventing the purchasers of those devices from using their device as they would like. In the post he states:
I personally have an issue with manufacturers outright locking down a device that I own, preventing changes that I want to make to it, not just for custom ROMs, but for security and the ability to install other operating systems (like Ubuntu), that these tablets will be able to run.
Why Not Lock?
Many would probably wonder why it’s such a bad thing for the manufacturers to lock their devices down. Others might say it’s their right to do such a thing. Bumble-Bee lists some of the reasons why manufacturers should embrace not locking their devices:
- Security: the recent Razorclaw exploit that allowed the rooting of the TF101(G) / SL101 posed an issue, it highlighted a huge flaw in which any application could gain full control of a device, without the OS giving it any permissions. This could not be removed without first rooting a device. If this hole was found by an unsavory character first (as opposed to us), they might have used it to covertly exploit any affected device and the end-user would not have been able to secure their device on their own.
- Other OS: the Tegra2 platform can run Ubuntu very well (let alone what Tegra3 can do) in a portable form-factor. As such, an end-user could benefit greatly from running Ubuntu on these devices, providing them with a choice over the vendor-supplied OS.
- Controlled unlocking (primarily intended for manufacturers): When unofficial methods to gain full control of these devices are used, there is no control whatsoever by the manufacturer. This means that manufacturers have no idea if a device has been unlocked (causing warranty issues). If a controlled method was introduced, manufacturers could keep track of which devices were unlocked and void the warranty. This is obviously a trade-off for the end-user in exchange for more freedom, but it is a fair one at that.
His analysis is spot-on. HTC has implemented a “controlled unlocking” solution which, while it does require the consumer to provide certain pieces of information and accept that they void the warranty, does provide a situation where the consumer now has full control over the device they have purchased. It is a solution that makes sense for these manufacturers as there already is a precedent for it by one of the largest device manufacturers in the world.
The Transformer Prime
There have been recent conversations on various forums, including XDA, alluding to the Transformer Prime having a 128-bit AES-encrypted boot key (known as an SBK – secure boot key) and being unable to be unlocked and that this is something unique to the Transformer series.
The fact is that the OG Transformer also had a 128-bit AES-encrypted SBK and it was cracked and allowed for the Transformer models prior to serial numbers beginning in B60 to be unlocked and flashed with whatever OS the consumer desired. (NOTE: some B60’s were able to be unlocked – mid production cycle it would seem the SBK changed) The difference in this case is that ASUS has begun enforcing another security measure by making their “blob” packages (a file containing data for one or more partitions on a nVidia Tegra device) signature checked.
Right now, we don’t know what the future holds for locked bootloaders on tablets. There are some manufacturers who do not, ala Samsung, but that list is shrinking instead of growing. Add that to the number of issues the Prime seems to be having (light bleed, GPS, build-quality) and we’ll see if this version of the Transformer will be as successful as the original.