this post was submitted on 01 Aug 2025

3 points (100.0% liked)

Technology

78964 readers

3822 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

Is this the end of Bootloader Unlocking in the EU? (en.xiaomitoday.it)

submitted 5 months ago by MazonnaCara89@lemmy.ml to c/technology@lemmy.world

44 comments fedilink hide all child comments

Samsung has decided to proceed with the Bootloader blocking also in Europe, a move that has caused a lot of discussion. Behind this choice is a European regulation that will come into force in August 2025 and which risks changing smartphone usage in Europe forever. This is why other manufacturers may soon follow suit.

From 1 August 2025, new provisions will come into force RED Directive (Radio Equipment Directive), which redefines the compliance requirements for all radio devices sold in Europe. This is a significant change, not so much for the amount of regulations introduced, but for the effect they will have on the entire Android ecosystem. The issue revolves around three articles that impose specific protections: against network interference, personal data compromise, and digital fraud. These are, in themselves, sacrosanct rules.

But the crux comes with the interpretation prevailingEach device must ensure full compliance not only with the hardware, but also with the software that controls the radio modules. This is where the bootloader comes in. Unlocking it essentially allows you to replace the original operating system with an alternative one, such as LineageOS or GrapheneOS.

But these systems, if they modify the radio drivers even minimally, invalidate the CE certification. An uncertified device can no longer be legally marketed or used, at least according to the most stringent reading of the law.

This scenario has therefore led Samsung to protect its devices. Not on a whim, but to avoid any software modifications falling under your legal liability. If a user installs a ROM that interferes with radio frequencies or compromises communications security, the manufacturer (and in some cases the importer) may be held directly liable.

RED does not explicitly talk about unlocking the Bootloader or custom ROM, but it opens one regulatory space in which the margins for maneuver are they narrow. And in doing so, it provides a solid argument for those who have been trying for years to close the loop between hardware, software, and services. After all, customizing the operating system also means breaking away from proprietary services and, therefore, from the model that ties the user to the brand.

Samsung is just the first to move, but it's hard to imagine it will be the only one. Starting in August 2025, it's very likely that other manufacturers will follow suit, at least for the European market.

top 44 comments

sorted by: hot top controversial new old

[–] j4k3@lemmy.world 4 points 5 months ago (1 children)

Fuck smart phones and neo feudalism. This is theft of ownership with a criminal complicit government. I applaud all Luigi's these people deserve it. These are the killers of democracy. If your device only runs factory filtered stalkerware garbage, all democracy is dead. All information is easily filtered by this proprietary shit. Freedom of the press is a bullshit tiny niche of the broader requirement for a fully informed public. The fucking "press" is bullshit to highlight. You must have fully informed citizens and you may not choose how that information is shared or disseminated between citizens. This is not democracy. People are so fucking stupid.

[–] WhatAmLemmy@lemmy.world 0 points 5 months ago* (last edited 5 months ago) (1 children)

Notice how the article implies Samsung and other corporations don't want to do this, even though it's something they've wanted to do for a long time? They almost certainly lobbied and ghost wrote most of this legislation to begin with; now they play the victim, even though they're a perpetrator.

[–] scrion@lemmy.world 1 points 5 months ago* (last edited 5 months ago)

Jesus, how do you people always come up with the most inane conspiracies. I have a company that manufactures devices that communicate wirelessly. The new RED is a huge pain in the ass, along with the CRA.

Absolutely no company pushed for this. The new legislations and directives cause a ton of additional work and obligations for companies, e. g. software has to be certified as part of the compliance check, things that were previously approved via self-reports now involve trusted 3rd parties, and reports of violations to government bodies are now mandatory.

And you know what, even though this costs a bunch of money that could go elsewhere and the whole thing is so new that even the certification bodies have no idea what is going on, even though we have to setup completely new processes, spend endless hours documenting things, I still appreciate both initiatives.

As an end customer, I would love if e. g. the software that runs on the mobile payment terminal taking my card info is certified. I would love if the developer of the software running on the PLC on my shop floor has to check CVEs, inform me about security issues and has to deliver 5 to 10 years of updates.

Not a fan of Samsung and their shitty software, but they're simply preemptively covering their ass, nothing more.

I'd also still want to unlock my bootloader. I'm sure the whole legal situation will become less muddled, enabling just that.

[–] MTK@lemmy.world 2 points 5 months ago

I hate the fact that the more technologically literate you are, the more you run away from it.

A smartphone with latest android, Gemini, google pay, a smartwatch, ChatGPT and a smart home?

Nope, I would rather have a Linux phone that is mostly incompatible with what is expected of modern smartphones, no AI please! Google pay? Only cash or monero! My watch is very smart, it can telle the time for a few years without a recharge, and nothing else!

[–] madcaesar@lemmy.world 1 points 5 months ago

The whole smart phone thing is such a lesson in letting go of the rope.

Once you let corporations get away with a little, they will eventually take everything.

Every time we lost a bit of control me and a few of enthusiasts were screaming, but the regular populace just shrugged...

Even on reddit you'd have to argue with idiots "oh just use Bluetooth headphones! Oh who needs sd cards, just use the cloud! Oh who needs rooting, it's not needed"

I swear to god if Windows / OS were invented today 80 of people would just shrug as all control of their PC was taken away.

[–] gandalf_der_12te@discuss.tchncs.de 1 points 5 months ago* (last edited 5 months ago)

Wait - is this about all radio devices or only mobile connectivity ones?

I.e., is WiFi affected as well? Or does it only affect internet that you access through your carrier?

The article says:

From 1 August 2025, new provisions will come into force RED Directive (Radio Equipment Directive), which redefines the compliance requirements for all radio devices sold in Europe.

Which technically would also affect WiFi.

[–] cley_faye@lemmy.world 1 points 5 months ago (1 children)

WTF just happened in Europe in the last few months. We used to be some sort of (dimmly lit) beacon of user freedom and privacy considerations. Now, I know there's been a push for new legislations that basically fuck individual privacy over, but last I checked it was just a proposal. And now we're doing a fucking 1260° turn toward full stanglehold on everything.

[–] gandalf_der_12te@discuss.tchncs.de 0 points 5 months ago (1 children)

There's also this article from yesterday: Austria legalises state spyware amidst strong opposition

i wonder what changed. these regulations are certainly a threat. they justified it with the "threat of (islamistic) terrorism", though i don't know what's really going on there.

[–] not_amm@lemmy.ml 1 points 5 months ago

I mean, Mexico has never been a beacon of privacy or regulations (just for super specific technologies that were implemented first, mostly banking ones), but the government has also been pushing weird changes to how they handle surveillance and personal identifications, giving more power to the authorities while they're exempt for most of the transparency laws (everything they do, even public infrastructure is managed as some kind of 'state secret').

I am scared.

[–] plyth@feddit.org 1 points 5 months ago

Chat message scanning can come in October, age verification is also introduced in various countries. Things are getting serious.

[–] gandalf_der_12te@discuss.tchncs.de 1 points 5 months ago* (last edited 5 months ago)

Wait, what does that mean for USB LTE devices? Devices that you can attack to a desktop computer to give you mobile internet. Last time i checked, they're widely available.

Would these become illegal as well?

[–] ExLisper@lemmy.curiana.net 1 points 5 months ago* (last edited 5 months ago)

This sounds like bullshit.

An uncertified device can no longer be legally marketed or used

Ok, but I'm not marketing my LineageOS phone and I don't believe Samsung can be responsible for me using it. It sounds like phones with custom ROM will simply lose CE certification (unless the custom ROM is itself certified). Samsung obtains the CE certification and sells certified phone. Making them responsible for anything that happens after that (besides regular updates) is something completely different than what this article talks about. It would basically mean that Samsung has to make sure that their devices cannot be hacked/rooted but ensuring security of hardware and software is something completely different and is covered by different laws. Even the RAD website clearly says this:

"In 2021, the Commission decided to pause the initiative following the announcement of the Cyber Resilience Act (CRA), due to potential overlaps. In 2023, it was agreed that cybersecurity requirements would transfer from the Radio Equipment Directive (RED) to the CRA."

[–] tabular@lemmy.world 1 points 5 months ago* (last edited 5 months ago)

Like how the cellular module is proprietary and locked down, even on something like a Librem phone. Or like how DVD players had to use proprietary software to force comply with DRM.

[–] Lembot_0004@discuss.online 1 points 5 months ago (1 children)

An uncertified device can no longer be ... used

Oh, fuck. Call the French, they have the most active civil society that actually can burn a thing or two during a week or two. That is the craziest law ever, denying the most basic human rights! That is literally a prohibition of DIY of any kind.

[–] thann@lemmy.dbzer0.com 1 points 5 months ago (1 children)

You connect a wire to a battery and you just created an illegal transmitter!

[–] pinball_wizard@lemmy.zip 1 points 5 months ago

Yes. I guess no more nine volt batteries in Europe. Or maybe we should focus on banning the sale of assorted lengths of wire.

[–] LeTak@feddit.org 1 points 5 months ago

This was the only reason I liked Android over iOS: the CFW community. I’ve been running some sort of CFW since Android 4.0. Now, the charm has gone. GrapheneOS, SailfishOS, e/OS, LineageOS, iode OS, and even CyanogenMod – I’ve used them all. Each one has its own target group and use case. I hope it turns into the better one again. It’s like forcing a PC to only run the OS it’s delivered with.

[–] MonkderVierte@lemmy.zip 1 points 4 months ago* (last edited 4 months ago)

The reasoning behind it is such bullshit, since the radio chip runs it's own OS anways.

Btw, the RIL partition (that can break radio if somethings wrong) only communicates with the chip OS. And it's finicky because every chip & OS version has different nuances in the protocol.

[–] qaz@lemmy.world 1 points 5 months ago* (last edited 5 months ago) (1 children)

Has anyone verified what this article says?

Here's the directive in question: https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng It doesn't seem to imply what the article implies.

Also, here are some things from the discussion on HN

As is usual, there seems to be a massive misunderstanding what the directive is and means. The TLDR is that the directive contains no clauses that compels phone makers to keep the Android bootloader locked or that forbids EU users from unlocking it.

Samsung's public reasoning might be that disabling unlocking the bootloader because of the directive, but there is nothing in the directive that forces them to lock the bootloader. It does sound like a convenient scapegoat if they don't want to talk about the real reasons though.

The phone makes who end up disabling the unlocking of bootloaders are all doing so on their own accord, not because some regulation is forcing them to.

Finally, the EU’s broader right-to-repair policies makes it kind of impossible that an outright prohibition of unlocking the bootloader could happen. But of course, nuance doesn't make people click article titles on the web...

[–] Wispy2891@lemmy.world 1 points 5 months ago

I think it's Samsung that interpreted the rule at their advantage in a way that sends more devices to the landfill

[–] mr_satan@lemmy.zip 1 points 5 months ago (1 children)

Lately I'm more and more disappointed in EU legislations. Especially having to live with them…

[–] ssfckdt@lemmy.blahaj.zone 1 points 5 months ago

I mean, this is corporations using decent regulations as an excuse to do something they've probably already wanted to do.

[–] Dasus@lemmy.world 1 points 5 months ago

If a user installs a ROM that interferes with radio frequencies or compromises communications security, the manufacturer (and in some cases the importer) may be held directly liable.

[–] deathbird@mander.xyz 1 points 5 months ago

This is really badly written, and that particularly annoys me because the subject matter is actually important.

[–] WhyJiffie@sh.itjust.works 1 points 5 months ago

what an utter bullshit! will the manufacturer be also directly held liable if someone uses a phone of their brand to make a picture about me without authorization! of fucking course not!

fuck samsung, and all the manufacturers that follow suit, because this is just not needed.

but also fuck the red directive's decision makers for their unsatiable creep of wanting ever more power over our devices! this is exactly like saying, that there is this illegal thing, and if you are not doing it, but just have the slightest ability to do it, that is also illegal. what the actual fuck! get off my fucking phone you scumbags!!

[–] Cricket@lemmy.zip 1 points 5 months ago (1 children)

Is this also the end of Software-Defined Radio in Europe?

[–] WhyJiffie@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago)

and by extension possibly secure router firmware like OpenWRT too?

[–] interdimensionalmeme@lemmy.ml 1 points 5 months ago (3 children)

PC Computers are next
This is why the big deal with TPM
Why TPM is never a removable security device
Why you can't save your old PC with a usb TPM device,
even though they are low power serial text devices

And TPM itself is just the thin side of the wedge.
It will grow more and more capable as an encrypted instructions processor
Eventually applications will run enough of their code
as encrypted instructions that they will become impossible to pirate.

This means application on your offline computer will be just as revocable as cloud application
and they will no longer be transferable, cryptographically tied to the processor core

[–] jacksilver@lemmy.world 1 points 5 months ago (1 children)

They probably want that, but also at the same time, that would kill software development.

[–] floofloof@lemmy.ca 1 points 5 months ago

Only approved AIs and humans carrying a corporately issued developer license will be allowed to develop software.

[–] interdimensionalmeme@lemmy.ml 1 points 5 months ago* (last edited 5 months ago)

Here is a taste of the future

You CAN'T Jailbreak Your PC

The days of "it’s my hardware, I’ll run what I want" are over.
TPM 2.0, Secure Boot, and Microsoft Pluton are forming a closed execution environment.

You can’t replace the bootloader.  
You can’t flash unsigned firmware.  
You can’t disable the vendor-approved certificate store.

Try to run an unsigned OS, and it will simply refuse to boot.
Your motherboard no longer listens to you.
It listens to Microsoft and OEMs.

You Will Own Nothing, and Even That Nothing Is Tied to Your Old PC

TPM stores your encryption keys in a non-exportable way.
Your files, apps, and even your OS activation are now bound to your specific machine.

Want to move them to another system?
Too bad. The TPM won’t let you.
Even if you own both devices.

The machine is yours. The data, software, and identity within it are not.

Installing Linux Will Be Illegal (Functionally, If Not Yet Legally)

Secure Boot + Remote Attestation is the death knell for freedom-focused OSes.

Your distro doesn’t carry the "right" signature?
Blocked.

You modify the kernel for performance or privacy?
No longer attested.

You write your own OS?
You don’t get to boot.

It’s not banned in law.
It’s banned by cryptographic gatekeeping.

Digital preservation will be technically impossible.

Encrypted execution + hardware-tied software =
No way to archive.
No way to emulate.
No way to restore.

Games, apps, creative tools, all gone when the keys expire or the vendor shuts down.

We won’t just lose software.
We’ll lose entire cultural eras.

It's like that Apple ad crushing musical instruments but for your entire digital life

https://adage.com/video/crush-ipad-pro-apple/ (I couldn't find it unedited on youtube sorry)

You Have No Mouth and Can’t Say NO

Vendor lock-in is no longer a commercial strategy.
It’s cryptographic reality.

You can’t deny updates.
You can’t run unsigned code.
You can’t refuse attestation.

Because your software won’t run without it.

The PC has become a compliance terminal.
Saying "no" is no longer supported behavior.

A hardware-enforced, cryptographically sealed cage.

Your freedom to compute is being revoked—quietly, efficiently, irreversibly.
The illusion of ownership is maintained only until enforcement becomes total.
This isn’t theory. It’s shipping now.

If we don’t fight back, there will be no root access left to reclaim.

[–] Korhaka@sopuli.xyz 0 points 5 months ago (1 children)

But if it doesn't run Linux I am not going to buy it

[–] interdimensionalmeme@lemmy.ml 1 points 5 months ago (1 children)

Microsoft is fine if you don't buy computers anymore
It won't miss you in particular

This is what's going to happen with PCs
https://lemmy.ml/post/33992840/20208076

[–] Korhaka@sopuli.xyz 1 points 5 months ago (1 children)

And the Linux foundation will just sit by letting it happen? Or Valve for that matter, they appear to have anticipated this risk over a decade ago.

[–] derpgon@programming.dev 0 points 5 months ago (1 children)

RISC-V's time to shine! (IIRC it is open source instruction set).

[–] floofloof@lemmy.ca 1 points 5 months ago (1 children)

And time to hold on to old devices. They'll become like old cars: the only ones the owner can fully control.

[–] moopet@sh.itjust.works 1 points 5 months ago

Storage and processors don't last forever. As parts break down, you won't be able to replace them. Need a new hard drive? Sorry, it'll only talk to motherboards that shake its hand.

[–] MonkderVierte@lemmy.zip 0 points 5 months ago* (last edited 5 months ago) (1 children)

So what? Linux computers are not compliant, can not use wifi, or what? I don't see how that prevents unlockable bootloaders, other than being used as an excuse by the manufacturers.

[–] FauxLiving@lemmy.world 1 points 5 months ago (1 children)

Any device that transmits radio frequencies wont be able to be sold in the EU.

The only way a manufacturer can be sure that won't happen is to create their hardware such that it isn't usable unless it can be sure its in an environment which won't do that.

Currently, that would mean a machine running Secure Boot and Windows 11 using driver signing.

Linux wouldn't be able to fake the verification to the hardware, due to not having the keys, and so could not create drivers for any hardware designed this way.

[–] FellowEnt@sh.itjust.works 1 points 5 months ago (1 children)

Hold up so theyre banning flippers and portapacks etc?

[–] FauxLiving@lemmy.world 1 points 5 months ago

Oh yeah, almost certainly; and software defined radios of all types.

[–] humanspiral@lemmy.ca 0 points 5 months ago (1 children)

If a user installs a ROM that interferes with radio frequencies

Do any "ROMs" or linuxes do this? Seems like you could get an "illegal USB bluetooth/wifi dongle" for shenanigans purposes instead. This all seems like such a pointless distraction that can only be to ensure that manufacturer backdoors are ensured as unescapable.

[–] bitwolf@sh.itjust.works 0 points 5 months ago (1 children)

I have never installed a ROM that touched the radio.

In fact most ROMs I've used warned against touching the radio because of the risk of damaging the device.

[–] humanspiral@lemmy.ca 1 points 5 months ago

sorry for Gemini link to prompt below, but google itself doesn't provide any top page links to answering the question, or questions about "software wifi to radio conversion". GrapheneOS does not provide the functionality. Seems like only process to transmit/receive at a different band is to use hardware that bridges from wifi signal to radio signal.

modify phone wifi frequency to arbitrary frequency

It is generally not possible to directly modify the WiFi frequency on a smartphone to an arbitrary frequency. Smartphones are designed to operate within the standard WiFi frequency bands (2.4 GHz and 5 GHz) and their corresponding channels. While you can influence which band your phone connects to (e.g., prioritizing 5 GHz for faster speeds), you can't arbitrarily set the frequency. Why you can't set an arbitrary frequency: Hardware limitations: Smartphones are built with hardware that supports specific frequency ranges (2.4 GHz and 5 GHz in most cases). Protocol compliance: WiFi communication relies on specific protocols (like 802.11 a/b/g/n/ac/ax) that are tied to these standard frequency bands. Router configuration: While you can configure your router to broadcast different SSIDs for each band (e.g., "MyWiFi_2.4GHz" and "MyWiFi_5GHz"), the phone's connection is still limited to the supported frequencies. What you CAN do: Prioritize a band: You can influence which band your phone connects to by adjusting settings on the phone (if available) or by configuring your router to have separate SSIDs for each band. Choose the right band: For faster speeds, prioritize the 5 GHz band when it's available. For better range and wall penetration, the 2.4 GHz band is better. Optimize router settings: Ensure your router is set up to broadcast on the desired bands and consider channel selection for optimal performance. In short, while you can influence the band your phone connects to, you cannot arbitrarily set the WiFi frequency on your smartphone.

After RTFAing, this seems to be Samsung just using an excuse to lock down their phone, rather than any specific order from EU telling them to.