About disabling "Secure Boot" (S-ON) on the N5X. - Nexus 5X General

Secure Boot (aka S-ON, aka other names) is the responsible for checking and validating the entire chain of trust from the psychical bootloader (BootRom) to the Android Bootloader (aboot). From there on, validating boot.img (kernels) and recoveries are checked via the lock/unlock state of the device, and validating system is duty of the Verified Boot (dm-verity) feature on the kernel.
Unlike the old days with the Nexus One and its S-OFF achievement (for reformatting the nand and others), I haven't seen any S-OFF or bootloader/radio development on any Nexus device from that point. Has been any exception for the N5X for some rare chance?
I know that disabling Secure Boot wouldn't be much useful considering there doesn't seem to be any radio or bootloader development at all, but the truth is that without the chance to flash and test it no development can appear from the nothing either. I honestly do not have any idea if by chance secure boot was disabled, anyone will jump into developing a better radio or more feature rich bootloader..
Just wondering, has this been ever attempted or anything? It seems that any HTC is attacked in this sense, but others aren't, even if Nexus are considered development freely, the truth is that they're all S-ON by default and no development of a radio or a bootloader seems to be in place ever. If It was able to happen with the Nexus One, why not for latter nexus devices?
And I don't agree to the point of "we don't need Secure Boot disabled because we would be able to really brick our Nexuses!!", because you can still brick any nexus by flashing any (signed) bootloader or radio from another device, for example N5 bootloader into a N5X (and a ton of more examples with other signed images, and let's not talk about inside android with root.. literally the first Nexus 5/5X were bricked by kernel auto uploaders because they had hardcoded the partition for the kernel, and it happened to be the bootloader one on the new device..). The S-ON check is only to guarantee you don't flash unauthorized stuff from the point of view of Google, not for your security of not bricking the device at all.

Agree
Sent from my Pixel using Tapatalk

there is really no point here because we can actually flash anything without any problem...
on htc devices (I had last 5 year's flagships, so I know something about it) you need it to flash unsigned factory images, zips with firmware files, change your phone's id and in some cases (htc one x) even flash a kernel from recovery! yes, you had to flash manually boot.img every time you change kernel/rom
but here...really....no need, unless some really crazy guy wants to make a bootloader from scratch and load something like windows phone

throcker said:
there is really no point here because we can actually flash anything without any problem...
on htc devices (I had last 5 year's flagships, so I know something about it) you need it to flash unsigned factory images, zips with firmware files, change your phone's id and in some cases (htc one x) even flash a kernel from recovery! yes, you had to flash manually boot.img every time you change kernel/rom
but here...really....no need, unless some really crazy guy wants to make a bootloader from scratch and load something like windows phone
Click to expand...
Click to collapse
I agree on that we don't "need" it for basic rom flashing stuff, but your last line defines why it would be awesome to have it. It would give out options not only to "boot Windows", but also add features to the bootloader, repartition as we please (reduce system partition after debloating), adding a mechanism to prevent any bricking by adding a safe first bootloader sequence (like it was done for the N7 2012, via nv flashing if I don't remember bad), stuff like removing the damn bootloader unlock orange or other warnings (not only changing the images but also deleting the damn timeouts at boot), being able to add passwords for bootloaders, and a ton more **** could be done.
And let's not talk about "Radios". That garbage partition is a GIANT security hole and for the worse it boots BEFORE the main cpu and controls everything, from the application cpu to the memory it's using. Literally the radio controls the phone, it's the most important partition, it's FULL of backdoors (like the Replicant guys demonstrated for the Nexus S/Galaxy S2), it's FULL of unintended security holes (because no one develops for it decently, there have been some hacking conferences having fun at them) and it's the worst we all having running on the phone right now. It doesn't matter your Android Version or security patch date, you have security holes that date from years ago opened and being probably exploited by goverments as we speak.
There are great devs around, the bootloaders are usually decompiled to find exploits to be unlocked, for S-OFF and a lot of stuff. I'm sure people could jump on radio cleaning and fixing. There is a great community and great potential unused.
Until we fix the radio and the BL, "our" N5X is not our phone. Secure Boot should be killed and development would take place.

Really interesting ! Thanks

Aww, no one is interested in this .
Sometimes I wish that the Nexus weren't so unlocked and that we would need S-OFF to even flash custom roms, so a lot more development would appear, like it did for the Nexus One.

Well, I really dont see such a point of locking down the choice. If I buy something, then its mine. So what I do with mine should really be mine choice, dispite warranty. If I break it, its still mine.
Sent from my Pixel using Tapatalk

jugoslavpetrovic said:
Well, I really dont see such a point of locking down the choice. If I buy something, then its mine. So what I do with mine should really be mine choice, dispite warranty. If I break it, its still mine.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
Yes, this is the point, but we are accepting nowdays devices that are full-locked except some partitions for us to play with. All is good while the bootloader is completely locked on and the radio is even more untouchable, literally making everyone able to spy on us.
The funniest part is that only "we", the users, are locked. Because I am expecting malware to grow up to the point that it will be able to get root, then unlock, then turn secure boot OFF, and then overwrite the bootloader and radio in a ransomware form blocking the boot of the device until payment is done or something like that.

RusherDude said:
Yes, this is the point, but we are accepting nowdays devices that are full-locked except some partitions for us to play with. All is good while the bootloader is completely locked on and the radio is even more untouchable, literally making everyone able to spy on us.
The funniest part is that only "we", the users, are locked. Because I am expecting malware to grow up to the point that it will be able to get root, then unlock, then turn secure boot OFF, and then overwrite the bootloader and radio in a ransomware form blocking the boot of the device until payment is done or something like that.
Click to expand...
Click to collapse
Exactly. Scary. That reminded me of a movie I have seen recently called Zero Day.
Sent from my Pixel using Tapatalk

jugoslavpetrovic said:
Exactly. Scary. That reminded me of a movie I have seen recently called Zero Day.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
I wonder if it's as easy as flipping some bits like for unlocking bootloader..
@segv11 @osm0sis , hey guys! you both worked for BootUnlocker, so you may know something about this : do you know if a value is stored in memory to control "Secure Boot enabled" or "Secure boot disabled" like for bootloader locked or unlocked? Have you ever found this or something related by accident? Thanks!

RusherDude said:
I wonder if it's as easy as flipping some bits like for unlocking bootloader..
@segv11 @osm0sis , hey guys! you both worked for BootUnlocker, so you may know something about this : do you know if a value is stored in memory to control "Secure Boot enabled" or "Secure boot disabled" like for bootloader locked or unlocked? Have you ever found this or something related by accident? Thanks!
Click to expand...
Click to collapse
Don't think so.. that's all secure bootchain stuff.. some is open source and some is not.
Google the following: lk bootloader
That's what the LG devices use if I recall correctly. Checking out some of the public source will be your best bet of finding if it even possibly can be disabled.

osm0sis said:
Don't think so.. that's all secure bootchain stuff.. some is open source and some is not.
Google the following: lk bootloader
That's what the LG devices use if I recall correctly. Checking out some of the public source will be your best bet of finding if it even possibly can be disabled.
Click to expand...
Click to collapse
Thanks a lot for the input! I think it can be disabled because apparently some N5 users made it, and considering that the N5 is the N5X's brother from LG, it should be doable too:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The image is from http://bbs.gfan.com/android-7753460-1-1.html , apparently a chinese site about a tool? for disabling secure boot? no idea honestly
So it probably is doable on N5X too, the question is how . If its a bit flip for unlock, it is probably just another value for secure boot, I wonder if adjacent to the unlock one or something like that. I'll search for lk bootloader stuff but I have not the bootloaders knowledge (or tools like IDA2 pro to get it done anyway, which sucks ) for making it anyway
Thanks a lot!

I definitely think it can be disabled and I found some rather interesting things by reading up on a site, where someone has actually spent time reverse engineering what's most likely a signed and compiled version of ABoot (LK Bootloader). I thought it was interesting as it covers the actual process of disassembling the image, which may expose the values that need to be changed to actually achieve a true state of disabled secureboot.
http://newandroidbook.com/Articles/aboot.html
What worries me however, is if the signature is checked upon flashing, as if that's the case then replacing the bootloader may in fact be next to impossible. I'm not all that interested to try it out either, as I simply don't want to risk ending up with a hardbricked phone as that wouldn't be all that great so to say. However, if someone is successful making a patch that really works and release it, I'll definitely give it a go after it has been comfirmed to work.

Doenms't the PixelROM flash a custom bootloader?
So what's the "fastboot unlock bootloader" command for?

LazerL0rd said:
Doenms't the PixelROM flash a custom bootloader?
So what's the "fastboot unlock bootloader" command for?
Click to expand...
Click to collapse
No it doesn't.
Unlocking the bootloader is the ability to ask the bootloader it self to boot a different/custom rom.

scr60 said:
No it doesn't.
Unlocking the bootloader is the ability to ask the bootloader it self to boot a different/custom rom.
Click to expand...
Click to collapse
Well, actually it does. It's using the Google Pixel Bootloader. Check is files. It's a custom bootloader.

LazerL0rd said:
Well, actually it does. It's using the Google Pixel Bootloader. Check is files. It's a custom bootloader.
Click to expand...
Click to collapse
It's not a custom bootloader, it only changes the imagdata, the graphical aspect of it that you see when the phone boots. Iit's far from being a custom bootloader

Gr0vk said:
It's not a custom bootloader, it only changes the imagdata, the graphical aspect of it that you see when the phone boots. Iit's far from being a custom bootloader
Click to expand...
Click to collapse
Okay. Thank you for correcting me there!

LazerL0rd said:
Okay. Thank you for correcting me there!
Click to expand...
Click to collapse
Should exist more people like you on the internet

I haven't been able to find a way. Probably have to burn your own bootloader onto the emmc board.

Related

[PSA] Do not accept ota updates! No more s-off for speedy as of right now

So after my experimenting with the latest OTA update I cannot attain s-off, and I don't think you will be able to with the new bootloader.
I think the people that were able to downgrade with the latest OTA were able to do it before they rebooted with the new hboot.
It seems that we are going to end up like the Evo 3D people where you have to use fastboot to flash a kernel boot.img and clock to flash the kernel/rom.
If anyone can come up with any other work arounds please feel free to suggest them.
I had the unlocked bootloader, running UKE AOSP ROM (CM7) and tried the misc.img trick. When I rebooted to flash PG06IMG.zip I noticed my bootloader went from unlocked to locked.
It seems that HTC has patched the misc.img trick.
Again, I am more than willing to admit I am wrong and hope someone can prove me wrong on this.
Maybe you should stop "experimenting" on things that will cause serious issues to your phone
It says in the title do not accept ota updates and I think that is a valid point. Only developers should accept and download the ota updates so they can make revisions on rom/fimeware updates to avoid loosing the eng s-off bootloader.
2+ thoughts:
First, the 2.3.4 update is actually pretty damn good. Even if we were on a locked bootloader with no other options, this is the closest to acceptable stock performance we've had on this hardware.
Second, with one remark I'll follow up with, I don't think being stuck without an S-OFF bootloader is really all that big a problem for a casual power user. We have to remember there are kind of three categories of people who will use a smartphone - people that don't care about root and custom software, people like me who will happily install things if it means better performance but don't necessarily need to be doing so constantly, and people like those of you who hang out in the dev forum who flash software constantly.
I got tired of having to constantly reinstall all my old apps and restore SMS data and whatever else every time I changed roms to try, and with all due respect to the guys pumping out remarkably high quality work on Sense 3.0/3.5 roms, there are too many problems with that software on our hardware for my tastes. I flashed new software on my Hero constantly and that was kinda fun, but as my life's gone on, I don't really like it the same way I used to, and a bugfix release seems somewhat less magical than it used to.
For someone like me, only being able to flash boot and system doesn't represent a substantial problem.
Now! The remark is that I think the limited unlock is stupid and hinders the community, despite the fact that I don't need it. You guys (active devs) do a hell of a lot for the lives of these phones that the companies crap out as fast as they can and then shovel into "release worthless maintenance releases every 4 months" as soon as the container ship leaves port. I will admit: we have been lucky with the 2.3.4 update. This seems to be well tested and deals with a number of outstanding problems with our phones, not the least of which was the awful performance of the 2.3.3 updates. Unfortunately, the limited unlock and its two-step flash process only serve to slow down your progress. That's it. I cannot conceive of any reason HTC would have been able to use to justify making the choice. I actually went in and complained at them about it through htcdev just because I feel like this is going to, in the long run, only serve to destroy the active communities surrounding many of these phones.
What's the solution we can suggest (since we all know HTC doesn't care enough to read this)? Instead of a halfassed unlock state that takes all of 20 seconds to attain, we need at least the ability to have recovery flash to the boot partition, if not a full S-OFF. What's the balance? Make it harder for us to get, I guess - flashing eng bootloaders is kinda difficult and beyond the reach of people that don't understand what they're doing anyway, so I guess that makes for a good process.
I also guess that the downside, in many people's eyes, is that an official unlock :VOIDS YER WARRANTY: whereas unofficial/revertable unlocks that only *voids your warranty*. I don't know how common warranty claims are but it's clear Sprint doesn't want to service ANY phones and I don't know if anyone's ever sent a phone to HTC for work or not. This is probably an area where companies need to figure out how to bring the concept of hardware warranties in line with what software can do. A CPU overclock/undervolt is going to have a tough time failing a digitizer, right? So why refuse service? And what if we don't have software that can make any changes to how the hardware runs, like when a phone first comes out and we have unlock but not source code?
There are a number of problems at play with this situation but overall, this is stupid and regretful and we at least need a patched unlockable hboot that allows one-step rom flashing.
I know this has been the longwinded brainfart nobody wanted to read, but it feels good to write it down in a public place.
nurrwick said:
2+ thoughts:
First, the 2.3.4 update is actually pretty damn good. Even if we were on a locked bootloader with no other options, this is the closest to acceptable stock performance we've had on this hardware.
Second, with one remark I'll follow up with, I don't think being stuck without an S-OFF bootloader is really all that big a problem for a casual power user. We have to remember there are kind of three categories of people who will use a smartphone - people that don't care about root and custom software, people like me who will happily install things if it means better performance but don't necessarily need to be doing so constantly, and people like those of you who hang out in the dev forum who flash software constantly.
I got tired of having to constantly reinstall all my old apps and restore SMS data and whatever else every time I changed roms to try, and with all due respect to the guys pumping out remarkably high quality work on Sense 3.0/3.5 roms, there are too many problems with that software on our hardware for my tastes. I flashed new software on my Hero constantly and that was kinda fun, but as my life's gone on, I don't really like it the same way I used to, and a bugfix release seems somewhat less magical than it used to.
For someone like me, only being able to flash boot and system doesn't represent a substantial problem.
Now! The remark is that I think the limited unlock is stupid and hinders the community, despite the fact that I don't need it. You guys (active devs) do a hell of a lot for the lives of these phones that the companies crap out as fast as they can and then shovel into "release worthless maintenance releases every 4 months" as soon as the container ship leaves port. I will admit: we have been lucky with the 2.3.4 update. This seems to be well tested and deals with a number of outstanding problems with our phones, not the least of which was the awful performance of the 2.3.3 updates. Unfortunately, the limited unlock and its two-step flash process only serve to slow down your progress. That's it. I cannot conceive of any reason HTC would have been able to use to justify making the choice. I actually went in and complained at them about it through htcdev just because I feel like this is going to, in the long run, only serve to destroy the active communities surrounding many of these phones.
What's the solution we can suggest (since we all know HTC doesn't care enough to read this)? Instead of a halfassed unlock state that takes all of 20 seconds to attain, we need at least the ability to have recovery flash to the boot partition, if not a full S-OFF. What's the balance? Make it harder for us to get, I guess - flashing eng bootloaders is kinda difficult and beyond the reach of people that don't understand what they're doing anyway, so I guess that makes for a good process.
I also guess that the downside, in many people's eyes, is that an official unlock :VOIDS YER WARRANTY: whereas unofficial/revertable unlocks that only *voids your warranty*. I don't know how common warranty claims are but it's clear Sprint doesn't want to service ANY phones and I don't know if anyone's ever sent a phone to HTC for work or not. This is probably an area where companies need to figure out how to bring the concept of hardware warranties in line with what software can do. A CPU overclock/undervolt is going to have a tough time failing a digitizer, right? So why refuse service? And what if we don't have software that can make any changes to how the hardware runs, like when a phone first comes out and we have unlock but not source code?
There are a number of problems at play with this situation but overall, this is stupid and regretful and we at least need a patched unlockable hboot that allows one-step rom flashing.
I know this has been the longwinded brainfart nobody wanted to read, but it feels good to write it down in a public place.
Click to expand...
Click to collapse
Sure I understand that people like you that already have the s-on unlocked are use to it. I'm not the type of person that flashes roms constantly so I think that's a stereo-type. I guess what it really comes down to is people that are use to having s-off will not like the new s-on bootloader, and there will be a stock sense rom soon enough for people that have and want to keep s-off to flash. Now can you tell me what a nandroid unlocked device is? Can you nandroid restore from a stock sense rom to a aosp rom and the kernel will get restored in recovery? I don't think it will. Sure I don't like to switch roms a lot, but I do like to nandroid restore every once in awhile back to ruu to check for prl/profile updates. I might not always be at me pc to do a fastboot flash boot.img when doing nandroid restores or flash a no wipe updated rom that has new features in it. I also use my pc a lot for compiling so it takes a lot of my pc's resources to do that. So therefore even when I am at my pc it might not be available for doing those types of things.
blahbl4hblah said:
Maybe you should stop "experimenting" on things that will cause serious issues to your phone
Click to expand...
Click to collapse
Good point, and good thing this is my "dev" phone.
VICODAN said:
Good point, and good thing this is my "dev" phone.
Click to expand...
Click to collapse
Now you just need to learn how to dev... Lmfao!
Sent from my PG06100 using Tapatalk
sparksco said:
Now can you tell me what a nandroid unlocked device is? Can you nandroid restore from a stock sense rom to a aosp rom and the kernel will get restored in recovery? I don't think it will. Sure I don't like to switch roms a lot, but I do like to nandroid restore every once in awhile back to ruu to check for prl/profile updates. I might not always be at me pc to do a fastboot flash boot.img when doing nandroid restores or flash a no wipe updated rom that has new features in it.
Click to expand...
Click to collapse
I can tell you what would irritate you is that the bootloader isn't allowing recovery to write to the boot partition. I can tell you recovery can write to data and to system. I can tell you that what I wrote up above is that, at the very least, what we need is the ability to write to all three at the same time. That's a feature I want, which is what I said up above.
Indeed, the very fact that restoring a nand backup is a two-boot two-step process is exactly what I think is broken with this unlock tool. I, too, would benefit from being able to backup and restore while not at a PC.
For what it's worth, I've wiped data once since I did the unlock and flashed recovery and cw recovery restored it. Additionally, I even just flashed a 2.3.3 zip in recovery to test a theory I had about loading recovery.img off a hard drive to see if it got better permissions than loading it from the phone. The answer? No it doesn't, but hey, at least recovery was able to overwrite 2.3.3 with 2.3.4 and restore my user data.
nurrwick said:
I can tell you what would irritate you is that the bootloader isn't allowing recovery to write to the boot partition. I can tell you recovery can write to data and to system. I can tell you that what I wrote up above is that, at the very least, what we need is the ability to write to all three at the same time. That's a feature I want, which is what I said up above.
Click to expand...
Click to collapse
Yes but it's not very easy to get that extra feature. Look at the evo 3D and how long they've been using the s-on bootloader. HTC is making more and more difficult to get s-off without bricking the phone while in the process of doing it. I've know many devs to brick their phones just trying to achieve s-off for all of us to enjoy, but most of them won't talk about it they'll just suck it up and keep doing what they normally do.
sparksco said:
Yes but it's not very easy to get that extra feature. Look at the evo 3D and how long they've been using the s-on bootloader. HTC is making more and more difficult to get s-off without bricking the phone while in the process of doing it. I've know many devs to brick their phones just trying to achieve s-off for all of us to enjoy, but most of them won't talk about it they'll just suck it up and keep doing what they normally do.
Click to expand...
Click to collapse
Yep we are now in the 3vo camp.
But, we can still flash roms and kernels, it's just more of a pain than it used to be.
sparksco said:
Yes but it's not very easy to get that extra feature. Look at the evo 3D and how long they've been using the s-on bootloader. HTC is making more and more difficult to get s-off without bricking the phone while in the process of doing it.
Click to expand...
Click to collapse
I am trying to say, and I thought I expressed it correctly, that the HTC unlock needs to enable recovery to work correctly, and that if it did, not having S-OFF would really be no big deal whatsoever.
If they enabled that, I would be 100% happy with an S-ON unlockable bootloader. In short, I am asking for HTC to give us that extra feature. No more. I don't need to write to radio.
But, since they don't, I understand the desire to keep S-OFF.
PERSONALLY, I will be happy with S-ON because 2.3.4 doesn't suck and I'm not compelled to switch away from it or put in a custom kernel. I *fully* recognize I am in a minority in that position.
IF, however, I purchase another HTC phone in the future and the only option for writing to the phone's memory is this half-assed bootloader unlock, I will be very unhappy. That's why I'm going to engage in a little back and forth with them, and why I'm going to wait for any future phone purchase for the software for it to settle down. I'm not buying something that's stuck in pocket mode ever again.
nurrwick said:
I am trying to say, and I thought I expressed it correctly, that the HTC unlock needs to enable recovery to work correctly, and that if it did, not having S-OFF would really be no big deal whatsoever.
If they enabled that, I would be 100% happy with an S-ON unlockable bootloader. In short, I am asking for HTC to give us that extra feature. No more. I don't need to write to radio.
But, since they don't, I understand the desire to keep S-OFF.
PERSONALLY, I will be happy with S-ON because 2.3.4 doesn't suck and I'm not compelled to switch away from it or put in a custom kernel. I *fully* recognize I am in a minority in that position.
IF, however, I purchase another HTC phone in the future and the only option for writing to the phone's memory is this half-assed bootloader unlock, I will be very unhappy. That's why I'm going to engage in a little back and forth with them, and why I'm going to wait for any future phone purchase for the software for it to settle down. I'm not buying something that's stuck in pocket mode ever again.
Click to expand...
Click to collapse
Correct me if I'm wrong but the problem is not recovery, the problem is the bootloader.
You can flash clockwork recovery, but you cannot overwrite the bootloader.
No, you're correct; you'll note I said "HTC unlock needs to enable recovery to work correctly." We all know recovery works right, since we were using it last week. This week, with bootloader unlock, it doesn't work right. BUT of course, as we also all know because you've succesfully done it, the bootloader allows you to write to boot with fastboot commands.
Thus, The problem is that the htc unlock doesn't let the bootloader give recovery permission to write to boot.
That's what I want fixed and what the dev community and people who want faster flash and restore need.
nurrwick said:
No, you're correct; you'll note I said "HTC unlock needs to enable recovery to work correctly." We all know recovery works right, since we were using it last week. This week, with bootloader unlock, it doesn't work right. BUT of course, as we also all know because you've succesfully done it, the bootloader allows you to write to boot with fastboot commands.
Thus, The problem is that the htc unlock doesn't let the bootloader give recovery permission to write to boot.
That's what I want fixed and what the dev community and people who want faster flash and restore need.
Click to expand...
Click to collapse
Well I guess it's time to trollolol HTC again?
Please note though, that HTC only supports unlocked bootloaders on HTC devices released after September 2011. We aren't even supposed to have an unlocked bootloader.
VICODAN said:
Well I guess it's time to trollolol HTC again?
Click to expand...
Click to collapse
Just before I wrote the longwinded post above, I sent a direct contact message through htcdev.com… then a little while ago, I tweeted at them about it, too.
I don't expect a positive result, but I guess I owe it to myself and to the community to at least try to do what I can!
VICODAN said:
Yep we are now in the 3vo camp.
But, we can still flash roms and kernels, it's just more of a pain than it used to be.
Click to expand...
Click to collapse
When you say "we" I'm assuming your talking about yourself and a few select others. I think a majority of the shift community still has s-off, so this doesn't really apply to a majority of the shift community.
Most of the community won't keep the shift forever. Not that we will meet with any success by trying to convince HTC that leaving boot off-limits to recovery is a mean-spirited and pointless thing to do, but on the off chance they'll listen, wouldn't you rather have people working toward getting it to be an official part of the official solution so that your next HTC phone is easier to work with while unlocked/S-ON?
If we have to put up with bootloader unlocks from now on instead of leaked engineering software, at least someone should fight to make sure they aren't crappy.
nurrwick said:
Most of the community won't keep the shift forever. Not that we will meet with any success by trying to convince HTC that leaving boot off-limits to recovery is a mean-spirited and pointless thing to do, but on the off chance they'll listen, wouldn't you rather have people working toward getting it to be an official part of the official solution so that your next HTC phone is easier to work with while unlocked/S-ON?
If we have to put up with bootloader unlocks from now on instead of leaked engineering software, at least someone should fight to make sure they aren't crappy.
Click to expand...
Click to collapse
Yes I agree HTC should allow s-off when unlocking the bootloader maybe as a seperate option or just part of the main unlocking feature on their website. S-on mean security on so if you want them to make a unlockable bootloader it needs to be s-off and not s-on that protects things like recovery from flashing the boot partition.
****ty quality but:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks again otaking71
And if we pressure them into give us s-off maybe they would do it to future phones

[ROOT][UB] Xperia Z all version included 4.3 - 12 step easy.

Hi guys this method works with any version. Very easy to follow.
I have done the following:
1) Unlock bootloader (first make a backup).
2) Download SuperSu.zip and copy in memory. (Last version http://download.chainfire.eu/supersu)
3) Download fastboot.rar and extract. (fastboot.rar inlcudes boot.img (doomkernel) for flash).
4) Place fastboot folder in C:
5) Open cmd (from start) and go to C:/fastboot
6) Plug phone in fastboot mode (shoutdown and press Vol + and plug usb).
7) In cmd write "fastboot flash boot boot.img" at the end "fastboot reboot".
8) Enter in recovery pressing vol + or vol - when phone booting and led is coloured.
9) Flash supersu.zip. Unplug usb.
10) After go in advanced and shoutdown phone (NOT RESTART).
11) Flash ONLY stock kernel of your firmware with flashtool. Reboot.
12) Relock bootloader.
Fastboot.rar
https://mega.co.nz/#!U5pkQQ6T!5YAVu3VOwpTSg-WH5aE6djJOKF3ilfg_R-JEBoJ25cM
Sorry for my bad english.
I did everything in less than 10 minutes.
This is a guide made ​​by me. Then tested and working also with last 4.3 10.4.1.B.0.101.
Useful, but somebody already made a very similar guide -
http://forum.xda-developers.com/showthread.php?t=2590781
Sent from my C6603 using Tapatalk
you forget to put backup TA step I think. Because without restoring TA, the low-light camera quality will be reduced.
Somehow between step 10 and 11 my phone automatically rebooted while I getting ready to flash the stock kernel. Maybe I wasn't in the right mode and plugged / unplugged the USB cable. Either way, my phone restarted when I didn't intend it to. I believe when this happened my phone was reset to like-new.
I did lose all data / settings / etc. The backup and restore functionality of the Sony PC Companion seems to be crap in this situation and I'm not sure just what might be useful about it.
Just an FYI to others who might try this.
colacin said:
Somehow between step 10 and 11 my phone automatically rebooted while I getting ready to flash the stock kernel. Maybe I wasn't in the right mode and plugged / unplugged the USB cable. Either way, my phone restarted when I didn't intend it to. I believe when this happened my phone was reset to like-new.
I did lose all data / settings / etc. The backup and restore functionality of the Sony PC Companion seems to be crap in this situation and I'm not sure just what might be useful about it.
Just an FYI to others who might try this.
Click to expand...
Click to collapse
AFAIK unlocking the bootloader factory-resets the phone. making and restoring a backup, including TA, should be step 0 and 13
colacin said:
Somehow between step 10 and 11 my phone automatically rebooted while I getting ready to flash the stock kernel. Maybe I wasn't in the right mode and plugged / unplugged the USB cable. Either way, my phone restarted when I didn't intend it to. I believe when this happened my phone was reset to like-new.
I did lose all data / settings / etc. The backup and restore functionality of the Sony PC Companion seems to be crap in this situation and I'm not sure just what might be useful about it.
Just an FYI to others who might try this.
Click to expand...
Click to collapse
Unplug USB and when you flashed supersu.zip you had to turn off the phone from recovery.
Then go to step 11
Coirpre said:
AFAIK unlocking the bootloader factory-resets the phone. making and restoring a backup, including TA, should be step 0 and 13
Click to expand...
Click to collapse
I unlock bootloader with flashtool and I do not lose anything.
When restores TA partition is not made no wipe.
kingvortex said:
Useful, but somebody already made a very similar guide -
http://forum.xda-developers.com/showthread.php?t=2590781
Sent from my C6603 using Tapatalk
Click to expand...
Click to collapse
Similar not equal.
Please stop this unlocked bootloader root posts, they are useless.
If you got unlocked bootloader you can root when ever you want, that is not a talent.
If you got any solution for locked bootloader, then speak, or remain your silence...
Sent from my C6603 using Tapatalk
eryen said:
Please stop this unlocked bootloader root posts, they are useless.
If you got unlocked bootloader you can root when ever you want, that is not a talent.
If you got any solution for locked bootloader, then speak, or remain your silence...
Sent from my C6603 using Tapatalk
Click to expand...
Click to collapse
I don't think the OP was claiming any particular talent - this is simply a step-by-step guide - and there are countless other posts of this sort for various other purposes. Sure, he could have put UNLOCKED BOOTLOADER in the title and that way you wouldn't have read it.
eryen said:
Please stop this unlocked bootloader root posts, they are useless.
If you got unlocked bootloader you can root when ever you want, that is not a talent.
If you got any solution for locked bootloader, then speak, or remain your silence...
Sent from my C6603 using Tapatalk
Click to expand...
Click to collapse
If you want to follow the guide, good. Then nothing. I have done some work to help the forum. If you unlock the bootloader after you relock. It took me 10 minutes to do all this. For unlock andrelock takes 2 minutes.
I do this to also help users to root their phone.
At the end of unlocking the bootloader will not void your warranty if you re-lock at the end of the guide.
I could agree with you if you were a moderator.
Are you a home user who wants to increase their own posts on the forum.
Please do not offend people who want to help the forum. Thank you.
colacin said:
I don't think the OP was claiming any particular talent - this is simply a step-by-step guide - and there are countless other posts of this sort for various other purposes. Sure, he could have put UNLOCKED BOOTLOADER in the title and that way you wouldn't have read it.
Click to expand...
Click to collapse
Thanks.
First, nobody needs to be a moderator to comment on a thread/post. This is the second time I've seen someone say this in 24 hours. It's a strange attitude.
Having said that, I've some suggestions to make -
1. Change your thread title to reflect that an unlocked bootloader is required.
2. Remove the part where you say that data will not be lost, as unlocking the bootloader wipes data and sdcard. This is quite important, as it seems somebody already lost their data following this guide.
3. You should mention that DRM keys should be backed up by backing up the TA partition before unlocking the bootloader to prevent their permanent loss and loss of warranty.
http://forum.xda-developers.com/showthread.php?t=2292598
4. Linking to the thread or at least crediting the creator of whichever boot.img you're using would also be polite or indeed essential.
5. A direct link to Chainfire's site, where the latest version of SuperSu is available would be better than attaching whatever version you have lying around, as security fixes may be made at any time.
http://download.chainfire.eu/supersu
Sent from my C6603 using Tapatalk
kingvortex said:
First, nobody needs to be a moderator to comment on a thread/post. This is the second time I've seen someone say this in 24 hours. It's a strange attitude.
Having said that, I've some suggestions to make -
1. Change your thread title to reflect that an unlocked bootloader is required.
2. Remove the part where you say that data will not be lost, as unlocking the bootloader wipes data and sdcard. This is quite important, as it seems somebody already lost their data following this guide.
3. You should mention that DRM keys should be backed up by backing up the TA partition before unlocking the bootloader to prevent their permanent loss and loss of warranty.
http://forum.xda-developers.com/showthread.php?t=2292598
4. Linking to the thread or at least crediting the creator of whichever boot.img you're using would also be polite or indeed essential.
5. A direct link to Chainfire's site, where the latest version of SuperSu is available would be better than attaching whatever version you have lying around, as security fixes may be made at any time.
http://download.chainfire.eu/supersu
Sent from my C6603 using Tapatalk
Click to expand...
Click to collapse
1) ok.
2) I myself have done everything ... and I have not lost ANYTHING. was wrong in the user process. It is not my fault.
3) I think it was a logical thing.
4) DooMkernel.
5) thank you.
6) I will never do anything to help this forum. I know it will not matter anything to anyone, but a small contribution had a lot to me.
I have in no way lessened your contribution by what I posted, neither did I intend to. As you will see, I already said your post was useful. They were simply suggestions to make your guide better. No need to get upset about it.
As for not losing data, I'm sorry, but you're wrong about this. Unlocking the bootloader on this device wipes both /data and the internal SD card. There was no user error.
See the warning in DooMLoRD's guide - http://forum.xda-developers.com/showthread.php?t=2153261
Please just remove the part that falsely states that data will not be lost or I'll have to ask a moderator to do it as it's not fair on inexperienced users that may lose their data when following this guide.
No malice intended, only the intention of correct information being posted.
By their very nature, guides are followed by less experienced users, so the information in them must be correct and complete. Even if backing up DRM keys is a logical step to you, a new user may not even know about it.
Sent from my C6603 using Tapatalk
Ok first off, if you haven't anything constructive to say then don't say anything at all. Users helping other users is what makes XDA a pleasant place for developers and users alike.(this is not directed at the OP)
Also I have added a warning about data being wiped when unlocking the bootloader to the OP.
A backup is required as unlocking the bootloader on this device wipes both /data and the internal SD card
@djnino4style, @kingvortex was only making suggestions to help this thread and you, if it was criticism it was constructive. We do appreciate guides which could help new users so do not think we are getting at you.
Thanks again,
wedgess said:
Ok first off, if you haven't anything constructive to say then don't say anything at all. Users helping other users is what makes XDA a pleasant place for developers and users alike.
Also I have added a warning about data being wiped when unlocking the bootloader to the OP.
A backup is required as unlocking the bootloader on this device wipes both /data and the internal SD card
@djnino4style, @kingvortex was only making suggestions to help this thread and you, if it was criticism it was constructive. We do appreciate guides which could help new users so do not think we are getting at you.
Thanks again,
Click to expand...
Click to collapse
Ok delete this thread. Thanks.
djnino4style said:
Ok delete this thread. Thanks.
Click to expand...
Click to collapse
I think you misunderstand my intentions and the moderator's post above.
Nobody is getting at you here. My posts are simply constructive criticism intended to make your guide more complete. Nothing more.
Nobody is saying that your guide is no good or that it needs to be closed or removed.
Put simply; chill out, friend.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
kingvortex said:
I think you misunderstand my intentions and the moderator's post above.
Nobody is getting at you here. My posts are simply constructive criticism intended to make your guide more complete. Nothing more.
Nobody is saying that your guide is no good or that it needs to be closed or removed.
Put simply; chill out, friend.
Click to expand...
Click to collapse
Words of wisdom as always @kingvortex
Thanks. I try my best hahaha.
thanks buddy. its a;; thanks to you,doomlord androxyde i have succesfully rooted my device...
thanks...
The problem with this thread is that they mention it's a root methods for Xperia z 4.3, and they are talking of backing up TA partion which is not possible without rooting the device. In that case you will have to downgrade to 4.1 or 4.2.
Dear it's not possible till now to back up TA partition in uprooted 4.3' so useless step.
If you want to root 4.3, u must downgrade otherwise u gonna loose TA partition and hence, warranty, dry keys, ba2 forever. Never think of recovering these and relocation,
So please correct the title or make suggestion to downgrade.

New OTA Update 51.1.2.0

Just noticed my Fire TV installing an update.
Now it says 51.1.2.0
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My preexisting XBMC on the home page still works. Different font on the settings. A new 'apps from unknown source' on/off switch under user developer options. And that all I've noticed has changed.
No update information on Amazon's site yet.
Since the newest update has killed root,now we need somebody to make a modded copy that does not have the part that kills root.
I am still on a much earlier build before the kiddy mode was added.
retroben said:
Since the newest update has killed root,now we need somebody to make a modded copy that does not have the part that kills root.
I am still on a much earlier build before the kiddy mode was added.
Click to expand...
Click to collapse
So stock recovery requires signed updates, so modifying the update package as is isn't really an option. And hot replacing stuff while it's running isn't a good idea either. But I just did have a though. I'll have to play with it tonight. But I wonder from a running system if I could get it to kill android and start custom recovery. It's not the best because it won't be able to recover broken system, but it would allow one to install unsigned updates. From there, I could just modify the latest update to be prerooted. Stay tuned...
If things are successful with this,maybe you could spark a whole new method of customizing Fire TV as a whole.
retroben said:
If things are successful with this,maybe you could spark a whole new method of customizing Fire TV as a whole.
Click to expand...
Click to collapse
After thinking about this some more, it makes me really nervous. It'd be very easy to brick the firetv with this method.
rbox said:
After thinking about this some more, it makes me really nervous. It'd be very easy to brick the firetv with this method.
Click to expand...
Click to collapse
Thanks again for your work rbox! you're our only hope to get the full potential of firetv.
rbox said:
So stock recovery requires signed updates, so modifying the update package as is isn't really an option. And hot replacing stuff while it's running isn't a good idea either. But I just did have a though. I'll have to play with it tonight. But I wonder from a running system if I could get it to kill android and start custom recovery. It's not the best because it won't be able to recover broken system, but it would allow one to install unsigned updates. From there, I could just modify the latest update to be prerooted. Stay tuned...
Click to expand...
Click to collapse
Same thought as I had force it into early recovery with sysrq+i before it boots.
retroben said:
Since the newest update has killed root,now we need somebody to make a modded copy that does not have the part that kills root.
I am still on a much earlier build before the kiddy mode was added.
Click to expand...
Click to collapse
So I did have another thought. It might be possible to fastboot flash the boot.img from the previous version. Without knowing what's in this update yet, I would say conservatively there might be a slight chance of bricking. But probably not.
rbox said:
So I did have another thought. It might be possible to fastboot flash the boot.img from the previous version. Without knowing what's in this update yet, I would say conservatively there might be a slight chance of bricking. But probably not.
Click to expand...
Click to collapse
Isn't fastboot flashing of any kind out of the question due to the locked hardware? Or is the boot.img treated differently?
AFTVnews.com said:
Isn't fastboot flashing of any kind out of the question due to the locked hardware? Or is the boot.img treated differently?
Click to expand...
Click to collapse
I'm pretty sure it still lets you fastboot flash boot, but I'm not positive. I know it blocks fastboot boot. It'll either allow it or throw an error back saying you can't do it while locked. Unfortunately the publicly available version of little kernel (the bootloader) doesn't have everything dealing with locked/unlocked, so I can't check the code. If you flash a modified kernel, obviously it'll be bricked because it wouldn't pass the signature check. As an experiment, you could try doing fastboot flash recovery. If it rejects that, then it would reject the boot. If it allows that, it would probably allow boot.
rbox said:
I'm pretty sure it still lets you fastboot flash boot, but I'm not positive. I know it blocks fastboot boot. It'll either allow it or throw an error back saying you can't do it while locked. Unfortunately the publicly available version of little kernel (the bootloader) doesn't have everything dealing with locked/unlocked, so I can't check the code. If you flash a modified kernel, obviously it'll be bricked because it wouldn't pass the signature check. As an experiment, you could try doing fastboot flash recovery. If it rejects that, then it would reject the boot. If it allows that, it would probably allow boot.
Click to expand...
Click to collapse
I just tried fastboot flash boot boot.img (using the boot.img file in the .bin update)
Result was:
Code:
sending 'boot' (6198 KB)...
OKAY [ 0.284s]
writing 'boot'...
FAILED (remote: flashing not allowed for locked hw)
finished. total time: 0.290s
AFTVnews.com said:
I just tried fastboot flash boot boot.img (using the boot.img file in the .bin update)
Result was:
Code:
sending 'boot' (6198 KB)...
OKAY [ 0.284s]
writing 'boot'...
FAILED (remote: flashing not allowed for locked hw)
finished. total time: 0.290s
Click to expand...
Click to collapse
Well okay, scratch that idea. As for my idea of killing a running android and starting recovery, looks like that's not going to work either.
Call Me Charlie said:
Voice search seems to be broken. (The prompt still pops up but it doesn't make the bing noise or show that it's recognizing the mic)
Click to expand...
Click to collapse
Turns out this was the result of my remote needing an update.
Call Me Charlie said:
Turns out this was the result of my remote needing an update.
Click to expand...
Click to collapse
What software version is your remote using now?
Any other findings on what is in the update? My FireTV has not been updated yet, I even did a check for updates.
I have yet to root my box for fear of something like this happenning. The only additional functionality that rooting offers that I'm really after is usb storage. When games in the FireTV store can take up to 3.5G (or more?) for a single game, 6.5G usable storage is a bad joke. Now that Amazon has made it clear they will actively block rooting I do not want to get sucked into the cat and mouse root exploit game.
Android TV boxes should be hitting the shelves by the end of the year, if Amazon doesn't address things like storage I'd expect a lot of people will be jumping ship.
AFTVnews.com said:
What software version is your remote using now?
Click to expand...
Click to collapse
Version 352
I read yesterday here and from aftvnews there was a quiet update blocking root, I have 3 FTV's at my house so I went home and double checked all were blocking updates. I found 2 of the 3 said no SU was installed in /system/xbin. Something changes cause I had these devices using stickmount etc so i know root was working before. However I checked the version number on all 3 and they were all the same _511070220 build. I was able to re root though using towelroot, and then disable updates again. Thought that was strange/interesting.
Now I see there's a whole new version they're pumping out, It seems obvious amazon is actively demoting rooting the FTV
So today @ midnight (EST) I opened up a brand new amazon TV and fired it up. This is without me knowing about all of this. I did notice that after putting your wifi info it did this automatic update that took a bit long. I went in and noticed it still had an old FW version (forgot to write it down) and I updated to latest. After doing so I rooted with ADB Fire/ rooted with towel root / and installed busybox. All of this without any hiccups. I then loaded kodi w/adb fire and it installed everything fine. I did obviously also disabled updates via DOS. I don't see any issues other than xbmc crashing on me like once or twice but at this point it was real late at night for me to look for me details. Just thought i'd share this.
Skater4599 said:
...It seems obvious amazon is actively demoting rooting the FTV
Click to expand...
Click to collapse
skeptic_always said:
...Now that Amazon has made it clear they will actively block rooting..
Click to expand...
Click to collapse
You have to remember that towelroot takes advantage of a serious security exploit to achieve root. It's not so much that Amazon is actively blocking rooting, but rather, they're actively fixing security holes. I want a rootable Fire TV as much as anyone, but it's wrong to fault Amazon for doing their job and plugging a security hole. We should have expected this was coming.
Crown510 said:
So today @ midnight (EST) I went in and noticed it still had an old FW version (forgot to write it down) and I updated to latest.
Click to expand...
Click to collapse
What is the latest FW version update number on your Fire TV?

Root on Nexus 6p, is it safe?

I ask this because the qfuse controversy and having the biometric sensor, maybe rooting this device is not safe as it is in the previous nexus, what do you think?
Quetzalcoalt_Lp said:
I ask this because the qfuse controversy and having the biometric sensor, maybe rooting this device is not safe as it is in the previous nexus, what do you think?
Click to expand...
Click to collapse
I'm rooted, q-fuse is still intact, fingerprint scanner still works, I haven't tried to use android pay yet.
Quetzalcoalt_Lp said:
I ask this because the qfuse controversy and having the biometric sensor, maybe rooting this device is not safe as it is in the previous nexus, what do you think?
Click to expand...
Click to collapse
I'm rooted and have no problems. I've heard Android pay will work on stock rom with systemless root, but have not tested it yet. I get my us bank card soon and will sign up then.
then i guess ill root today, thank you!
Quetzalcoalt_Lp said:
then i guess ill root today, thank you!
Click to expand...
Click to collapse
Just follow heisenbergs guide in the general stickies as some stuff is new on the 6p like the fastboot commands and the updated tools from the sdk. You will also want to have a stock copy of the vendor partition and the ems partition or whatever it's called. It's covered in the guide. Happy Flashing!
http://forum.xda-developers.com/showthread.php?p=62924043
You will not lose Nexus Imprint (fingerprint) functionality by rooting. The Qfuse will not blow when you unlock or root. Android Pay probably won't work if you root, but some people claim it does work. Any modifications to /system will cause it to fail.
fury683 said:
You will not lose Nexus Imprint (fingerprint) functionality by rooting. The Qfuse will not blow when you unlock or root. Android Pay probably won't work if you root, but some people claim it does work. Any modifications to /system will cause it to fail.
Click to expand...
Click to collapse
Nothing breaks after root if you use the new systemless root.
Just one more thing, do you guys know how to remove the splash screen when phone boots once rooted? it says something like "Your device software can't be checked for corruption. Please lock the bootloader."
Quetzalcoalt_Lp said:
Just one more thing, do you guys know how to remove the splash screen when phone boots once rooted? it says something like "Your device software can't be checked for corruption. Please lock the bootloader."
Click to expand...
Click to collapse
I am not 100% sure on this because I asked a while back. But I am fairly certain there is currently no way to remove that splash screen with the warning. If I am mistaken, please let me know as I would also like to remove mine.
Quetzalcoalt_Lp said:
Just one more thing, do you guys know how to remove the splash screen when phone boots once rooted? it says something like "Your device software can't be checked for corruption. Please lock the bootloader."
Click to expand...
Click to collapse
. It's something Google is doing now. It just warns of the system state. Here is the page
https://support.google.com/nexus/answer/6185381?hl=en
thesticks00 said:
I am not 100% sure on this because I asked a while back. But I am fairly certain there is currently no way to remove that splash screen with the warning. If I am mistaken, please let me know as I would also like to remove mine.
Click to expand...
Click to collapse
It must be a way, maybe flashing a modified boot.img or something.
Gizmoe said:
. It's something Google is doing now. It just warns of the system state. Here is the page
https://support.google.com/nexus/answer/6185381?hl=en
Click to expand...
Click to collapse
Yes, it's only a notification, it does nothing, but I would want to remove it since is pretty ugly xd.
Quetzalcoalt_Lp said:
It must be a way, maybe flashing a modified boot.img or something.
Yes, it's only a notification, it does nothing, but I would want to remove it since is pretty ugly xd.
Click to expand...
Click to collapse
It's in the bootloader. Don't mess with the bootloader. Just ignore it for the 5 seconds it shows up during the once or twice a week you reboot.
akellar said:
It's in the bootloader. Don't mess with the bootloader. Just ignore it for the 5 seconds it shows up during the once or twice a week you reboot.
Click to expand...
Click to collapse
Maybe with a custom kernel or something you make the BL think you are not rooted or unlocked.
But yes, I wont touch the BL.
I'm pretty sure that I read somewhere that the fuse is actually blown before it the device is even shipped out...
EDIT: I found what I read...
Quote #1
The QFuse is actually an array of different bits that control several different things on the device. In this case, we're talking about the Qualcomm secure boot fuse, which is actually blown at the factory (hence it always being enabled) to prevent an insecure bootloader from being run. It does not track any modifications to the phone other than that, so whatever you decide to do, the bootloader will always read the same thing. I think people are confusing this with Samsung Knox, which is specifically made for tracking modifications and storing them for warranty purposes.
Click to expand...
Click to collapse
Quote #2
Much of Qualcomm's security architecture is implemented using QFuses, which are software-programmable fuses that allow one-time configuration of device settings and cryptographic materials such as hashes or keys. Because of their physical nature, once a QFuse has been blown, it is impossible to "unblow" it to revert its original value.
If the FORCE_TRUSTED_BOOT QFuse is blown, as is the case on all production Motorola devices, each stage of the boot chain is cryptographically verified to ensure only authorized bootloader stages may be run. In particular, the PBL ("Primary Bootloader"), which resides in mask ROM, verifies the integrity of the SBL1 ("Secondary Bootloader") via a SHA1 hash. Each stage of the boot chain verifies the next stage using RSA signatures, until finally Motorola's APPSBL ("Application Secondary Bootloader"), "MBM", is loaded and run.
Click to expand...
Click to collapse
Quote #3
So it would seem the Qfuse has nothing to do with unlocking the bootloader. It's just a way to set cryptographic keys in the hardware for verifying the authenticity of the bootloader, in a manner that makes it impossible to change the keys. In other words, once the fuse is blown the keys can't phyically be changed or overwritten. Presumably Google has the key and can sign new bootloader images correctly, so that when there is an update to the bootloader it will be verified properly by the chipset.
Click to expand...
Click to collapse
Just close your eye's for a few seconds!
People that ask this question should stick to Crapple...
Sent from my Nexus 6P using Tapatalk

[DISCUSSION] Re-locking Bootloader w/ Custom OS

While I am an advocate for device customization and modifications, I also believe there is an inherent need for locked bootloaders. When we unlock a BL and leave it that way so we can run custom ROMs, root etc, we sacrafice the security it provides allowing our devices to be tampered with or redistributed after a theft. I've seen the PSA advising people not relock their bootloaders on anything except stock. That is entirely true for Verizon and EE pixels that were never intended to be unlocked in first place. However I believe its entirely possible to boot properly self signed images on unlockable devices after re-locking.
Now, I'm not saying we should go around re-locking bootloaders with custom firmware installed there's a process. I've done a bit of reading on verified boot. I am interested in utilizing the "YELLOW STATE" so we can run self signed boot images using an "embedded certificate" along with dm-verity disabled. The problem is how can we self sign our boot images allowing boot to continue without compiling from source?
https://source.android.com/security/verifiedboot/verified-boot.html
https://mjg59.dreamwidth.org/31765.html
I found some information & maybe a more experienced DEV can shed some light on if its possible with our Pixel devices. That's really the goal of this thread, to start a discussion which I think is extremely important & hopefully turn into a guide or tool. We shouldn't completely sacrafice security to utilize root or custom ROMs. On my N5X I have a locked bootloader and modified boot/system with Allow OEM unlock disabled. Difference with our Pixels and Nougat BLs is verified boot is strictly enforced.
Please excuse me if this thread seems jumbled or all over the place. I really do want help with this idea tho to help inform and keep us secure. Any input is appreciated.
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
milan187 said:
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Which risk is greater. The risk of losing an unlocked device and it falling into the hands of someone that knows what to do or bricking it relocking it.
I vote the latter.
Its not re-locking that bricks... Its disabling the allow OEM unlock in dev options & screwing with stuff afterwards that may cause a bootloop. As long as you have a signed boot image in place with TWRP or stock recovery that uses your own keys the risk is minimal.
Simple rule... With a locked boot loader on a device where verification is strictly enforced always leave that option ticked if modifying anything.
I'm sorry but people are misinformed. Locking the boot loader doesn't brick if you have a custom ROM in place any more than a stock ROM. Its screwing with things or using a poorly dev'd ROM. If you are like me and can set something up the way you like once and not screw with it you'll be fine. If you do wanna screw with something remember to check allow OEM unlock in dev opts. Don't uncheck until you're 100% sure. It really is that simple.
If you are leaving the toggle open what have you accomplished when it gets stolen? They just issue the fastboot command to unlock it. Yea, it wipes data at that point. But I honestly can't think of anything on my phone that is confidential.
When I'm out n about and using my phone normally (i.e. not modding, flashing etc) I put the toggle to off. If I'm planning on changing anything I toggle it back on & if something causes a bootloop (most probably user error) I can recover. I don't think most people who steal phones care about data either but I keep a lot of keys, passwords etc to networks in my devices storage. I admit its not for everybody, just a way to be more secure and protect a $700+ investment. My phones bootloader isn't just locked, its locked with a persistent root ssh backdoor integrated into system so I can maintain control in the event.
want to re-lock my boot loader ?
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
---------- Post added at 10:57 AM ---------- Previous post was at 10:21 AM ----------
sally76 said:
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
Click to expand...
Click to collapse
Sorry Duhhhh !! Custom u said lol
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10?
(Or does anyone else know?)
PS: Sorry everyone for pumping such an old thread
nullstring2 said:
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10
Click to expand...
Click to collapse
Unfortunately no. Now there is avbtool and the process is actually a bit more complicated. Somebody wrote a guide on how to use it externally for another device but I couldn't even follow. I actually find it easier to get the sources for whatever ROM it is I'm trying to sign and set the signing params in config before build.
Here is the guy who did it usually avbtool externally
https://forum.hovatek.com/thread-32664.html
Many instructions here
https://android.googlesource.com/platform/external/avb/+/master/README.md
Geofferey said:
...but I couldn't even follow. /QUOTE]
Well, thats an intimidating introduction, but I'll take look.
That guide appears to be talking about mediatek CPUs which makes it a little confusing.
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
nullstring2 said:
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
If you mean how to make your own key to perform signing then
Code:
openssl genrsa -des3 -out avb.pem 2048
If you're asking how to get the same key that Google used to sign vbmeta, it ain't ever gonna happen.
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Is there ANY way to do this on Xperias or LGs?
Geofferey said:
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Click to expand...
Click to collapse
It has ALL to do with safetynet/play integrity.
I wouldn't care to leave my bootloader unlocked otherwise.
But I want a rom that passes all security standards without "tricks".

Categories

Resources