Replicant

h1. FindDevicesWithUnsignedBootloaedrs

Given the huge number of devices out there, buying each device and checking it doesn't scale. Especially as there are multiple variants and even multiple versions of the variants.

For instance for the Galaxy SII we have the GT-I9100 that has an Exynos4 and GT-I9100G that has an OMAP4. And for the GT-I9100G, there are multiple versions.

h2. Making it easy for people to check the devices they have

The first step would be to document what tools already exist to do that and the ones that are lacking.

|_. Tool |_. Uses |_. supported hardware |_. Pakckages | Howto |

| omap-usb-boot | * checking if the device is signed

                  * Loading bootloaders from USB

                  * booting on a different boot media | OMAP3, OMAP4, OMAP5 | Parabola, Archlinux through AUR | [[OmapUsbBootCheckSignedSOC]] |

| omap-u-boot-utils | * Loading bootloaders from USB

                      * Loading bootloaders from the UART | OMAP3, ? | Parabola, Archlinux through AUR | ? |

| crucible | * checking fuses settings | Some I.MX SOCs | ? | ? |

| cbootimage | ? | Tegra ? | |

| rcm-utils ? | | Tegra ? | |

| 0xFFFF | * Load signed bootloaders (-c) | OMAP3? | |

| sunxi-tools | ? | Allwinner SOCs? | Parabola, archlinux | |

* No tools (beside devmem2 and a good datasheet) to analyze boot settings and dump registers at runtime?

h2. Checking images at large scale

The idea would be to find a way to get a very large number of stock images for Android devices make tests on the images and automatically check if the bootloaders are signed.

If the bootloaders are under a free software license and are unsigned, once we get and identify the corresponding source code we could publish them.

For the signed bootloaders under a free software license we'd better check with the FSF what is best to do as we need not to redistribute any software that is practically nonfree.

Constraints:

* Check with FSF lawyers how to do it legally