With this in mind, what is hindering the progress on the leaker side of things?
I don't know. All of the root development went sort of offline. Not exactly, but close - the devs seeking root started using IRC a long while back. That has advantages and disadvantages - the advantage being near real-time communication; the disadvantage being no cumulative record of what people tried and didn't try.
Look at the activity on XDA in the dev forum - it is largely centered on pushing out new ROM features. There are only so many Eris devs in the world, and if most of them are debugging applications to assemble new ROMs, they're not working on root for leakers.
Is the protection hard coded in the bios looking for specific signatures for each progressive iteration? Since I am running V2, my bios should be reporting that I have a previous version and allow a signed upgrade, right?
There are two separate hurdles that must be jumped to install a ROM using either a PB00IMG.ZIP method, or an update.zip method: version checking and signing. They appear to be independent from one another. (The public key shipped with the OTA updates is good until the year 2038, and is unlikely to be cracked, so there is very little need for them to change the encryption key with each release. Probably, however, HTC does use a different private key for each different phone so that a single key leak doesn't compromise their entire product portfolio. Easy enough to check, but I haven't done so.)
Versioin checking: Judging from the behavior that the bootloader (not bios) displays under a variety of successful and failed installation attempts, it appears that what is being checked
is not the version of the bootloader. The evidence for this is that the MR1 PB00IMG.ZIP can not be installed after a MR2 PB00IMG.ZIP has been installed - and they both use identical bootloaders, and identical NVRAM images. That seems to imply that the bootloader is inspecting contents of other partitions to determine whether or not "Main Version is Older!", or possibly something hidden in NVRAM. I don't think any of the devs have a good handle on exactly what is being checked here.
That's the version checking by the bootloader. When it comes to OTA or update.zip installations, a different method is used by the phone - the "mini Android" recovery partition boot is running in order to do the install, not the bootloader. This installation method is completely different from what the bootloader does with a PB00IMG.ZIP file. In that case, a script is running which explicitly checks versions of something - off the top of my head, I'm not sure if it checks the version of the recovery partition or system partition. That script can not be easily changed, because the payload that it comes from (the OTA zip file) is also protected by cryptographic signing methods.
I suppose a signature generator would be the ultimate weapon for combating the protection and give the developers unlimited power on the phone; however, I'm guessing no such thing has been leaked at this point.
It's called "jarsigner" and is available to anyone in the world by downloading Java. All the devs have it and you can have it too. That doesn't change the fact that you
still have to have HTC's private key to sign arbitrary files so that they appear to have come from HTC. (And yes, you are correct that the bootloader stores - somewhere - a copy of HTC's
public key so that it can check signatures. There's nothing secret about a public key - that's why it is called a "public" key.)
It's curious to see Google, who has supposedly always been about transparent open source projects go to such great lengths to protect a phone from modification. Perhaps this is more a protection for the phone companies than it is for proprietary concern.
They are trying to protect developers who invest their lives and money in making Android a better place to work and play. Having rooted phones allows people to steal applications and circumvent Android Market policy mechanisms. To a lesser extent, having folks screw up their phones and then run to Verizon for remediation is a real cost to Verizon - look at the number of posts on this very board where folks suggest defrauding their insurance carrier (or Verizon) in order to resolve mistakes they made.
Google is only trying to create a successful marketplace - a place where ideas are tested for their worth, and both the sellers and buyers obtain value.
It is a mis-perception that Android is open-source. Bits and pieces of it are, and - to their credit, they are leaps and bounds ahead of any competitor in this regard - but it's not really an open-source system. What Android/Google did was to shield themselves from lawsuits by only incorporating BSD- or Apache-style licenses in code they grabbed from other people. They did as much as they possibly could to avoid GPL-style licenses. They even created their own Java-like runtime engine (Dalvik); I suppose they did that to avoid licensing issues with Sun, but there might have been technical issues, too.
The only place they couldn't avoid the GPL was with the Linux kernel. That's why when HTC releases code, the only thing they release code for is the kernel - not any of the apps, not any of the system libraries, not any of the native applications, not any of the device drivers. And the bootloader is HTC's, not Google's
eu1