[shadowpho]

>The company can just declare that replacing or altering the firmware voids the warranty

How can they know/figure it out? (They can't/or it's prohibitively expensive/difficult).

>it's very common to find my firmware reverse engineered and available within a month or so of the product being released.

Sure, but it's hidden from 99.99% of your user base

[rodgerd]

> How can they know/figure it out?

Sony's answer for Xperia phones used to be that you'd unlock the bootloader with a key you got from them by entering the serial number/IMEI. As part of that, they warn that using custom ROMs that damage the phone - by overclocking, for example - would void the warranty.

It's a reasonable compromise, in my opinion.

[selimthegrim]

Do they still do this?

[brokenmachine]

Lenovo does

[JohnFen]

> How can they know/figure it out?

That's not a difficult problem, technically. There are a number of ways it can be done. Anything from comparing checksums to eFuses.

> Sure, but it's hidden from 99.99% of your user base

Yes. My point is that avoiding open sourcing firmware because of the risk of piracy or reverse-engineering doesn't make sense because pirates and/or interested engineers will do it directly from the devices anyway.

[brokenmachine]

>pirates and/or interested engineers will do it directly from the devices anyway

But they don't need to make it too easy by giving the source on a silver platter.

[terribleperson]

Prusa (makers of the Prusa 3d printers) set it up so that you had to physically break part of your printer before you could flash custom firmware.

[yjftsjthsd-h]

You could also just blow a fuse; we do actually have ways to do write-once memory for this kind of thing

[nomel]

Could you describe a rough implementation, with the assumption that the vendor can still provide firmware updates?

[yjftsjthsd-h]

Sure. The vendor firmware contains an option in the settings, "unlock flashing". Enabling this (after a confirmation) will blow the "user modified fuse". When the system boots, the bootloader checks that fuse; if it's blown, then the bootloader will boot any firmware. If not, only boot images signed with the vendor's public key are allowed to boot. When the vendor gets a warranty claim, they check if that fuse is blown; if the fuse is blown and the damage could be software induced, they take that into account (IANAL, but they might not be able to immediately legally refuse it, but they can at least ask pointed questions about what exactly happened; YMMV).

Disclaimer: I didn't come up with this, I'm just summarizing approximately how I understand some Android devices to already work. This also makes me view this system as somewhat battle tested.

[folmar]

You have it in any unlockable Android phone.

In short - write the manufacturer public key in ROM and a fuse selects if signature check is enforce.

[crote]

You can't read a blown fuse when the entire MCU is toast, though.