[Guide] Best way to protect your Bootloader and internal security - Google Pixel 2 XL Guides, News, & Discussion

Warning: This guide recommends the user to backup their data as this process includes an automated wipe
Hello XDA,
I'm suggesting this Tutorial for anyone aware of another person flashing a system on the phone, and I do not recommend it for TWRP users,
unlock bootloader using "fastboot flashing unlock"
do not run the fastboot critical unlock command if you did then relock it,
when you use your phone without magisk installed you won't be able to edit the OEM unlocking option from developer options.
when you install magisk the option OEM unlocking in developer options can be edited and switched off
switch off OEM unlocking option in dev options as long as long as you didn't unlock critical in the bootloader.
while the "critical partition is locked" this will not allow you to flash a full system from google website
only use OTA using recovery when you update
make sure you enable OEM unlocking option in dev option when you make internal partition changes
this method may be a wall against a full system change from thefts as when someone tries to flash a message will pop saying failed to update
even if someone tries to unlock the critical partitions using fastboot unlock_critical it will display failed as you disabled the OEM unlocking option from developer options.
if someone tries to factory reset from recovery this should trigger FRP ( factory reset protection) which will ask about the google account used before that factory reset.
I hope this somehow protects unlocked bootloader phones from any external changes without vulnerabilities or exploits,
Cheers. :fingers-crossed:

Related

OnePlus 2 locked bootloader issue

Before I describe my issue I'll let you know I've been looking up articles on how to solve this for weeks now. first post to XDA, so bear with me I'm new
I have two OPT, both have a similar problem, but one is working (I dare not try to mess with it) and the other I've already tried and tried and now I'm stuck in fastboot, no recovery, no OS.
I HAD an OS on it (Paranoid Android 6.0.1), but I couldn't factory reset, and I needed to, so that I could sell the phone. when I tried to factory reset through OS settings, it would boot loop until I hard reset the phone. I had no recovery apparently (IDK how I did that) but trying to install a recovery requires the "OEM Unlocking" setting to be checked. and for some reason it won't let me check the box. My working OPT phone has the same problem, the "Allow OEM unlocking?" box pops up, I select enable, and the toggle moves itself back to the grayed out selection. so I couldn't install a custom recovery, I can't do any formatting or erasing in fastboot either without that selection for some reason either. trying to only gives me a "FAILED (remote: device is locked. cannot erase images)" or "FAILED (remote: device is locked. cannot flash images)"
AND SO, I tried this (search google for "mega unbrick guide for a hard bricked oneplus 2". I can't post links apparently as it is my first post. it will be on the oneplus website) and now I have no OS. or at least I believe I have no OS because trying boot causes a bootloop. I've tried all the methods, but I'm assuming because my bootloader is locked, It failed with the "A2001_save_brick_mini" tool.
And so, all I have right now is bootloader. didn't have a recovery I guess, and now I think I don't have an OS. and I can't do anything in fastboot because is returns with a "FAILED" hehe. dang locked bootloader. I have no idea how both of these phones have locked bootloaders anyways, because I obviously unlocked the bootloader to install a custom ROM in the first place. did the bootloader relock itself, or maybe during the process of installing the ROM, the bootloader relocked? I'm not sure as I wasn't watching for that. the phones had booted with the new OS, and so I happily went along my business and didn't find out I had a problem until I tried to factory reset one of them.
no I have no phones now with similar problems, but at different stages of the same issue.
My ONE A2005 is working, but I can't toggle the "OEM unlocking". At least it has a working custom recovery (TWRP)
and MY ONE A2003 is stuck in fastboot (fastboot recognizes it via "fastboot devices" and I can reboot and "fastboot oem device-info") with what I believe to be no recovery or OS.
ask me any questions to further explain my predicament, and PLEASE offer me any things to try. I ave two phones to test different things with. I would prefer to keep the working one working though.
Have you tried the fastboot oem unlock command?
DR_HAX34 said:
Have you tried the fastboot oem unlock command?
Click to expand...
Click to collapse
Ah yes, I forgot to write that in. That also results in a "FAILED (remote: unlock device to use this command)"
I can't unlock because of the OS, or perhaps lack of OS now; And I can't install a new OS or recovery because my bootloader is locked
use qualcomm recovery tool if you can't get any help. it'll restore your phone to 100% stock

OEM unlock and FRP questions

I have read around but am struggling to fully understand the significance of the OEM unlock option in developer settings and how/if it relates to FRP.
I have read this article which only goes some way to filling the gaps in my understanding. So I have a few questions and would be grateful for any answers.
1/ OEM unlock.
My understanding is that this should be enabled when the goal is to flash a custom binary (e.g. TWRP) to root the phone. Without this enabled attempting to flash a custom binary via odin will fail. Is this correct?
2/ Flashing stock FW to recover device
In the article linked to above it suggests that if you have an OTA update fail, without having OEM unlock enabled you are stuffed if you wish to recover your device by flashing stock factory fw via odin. Having followed this thread with interest regarding the flashing of stock fw it does not state that you need OEM unlock enabled (no custom binaries are being flashed). So if you are unlucky enough to have an OTA fail do you need OEM unlocked in order to flash a stock fw via odin to recover the device? Surely not???
3/ Relationship between OEM unlock and FRP
FRP requires you to enter your google password to unlock a device after a factory reset. I get this. And you can avoid this by removing your google account from the phone before executing the factory reset. So what is the relationship between OEM unlock and FRP? Is it that if you have OEM unlock enabled you can flash a custom binary (recovery and/or ROM) to then get around the FRP? I'm guessing though. I just don't understand the point. If it's my device I know my google account details so how does having OEM unlock enabled help after a factory reset.
My questions stem from the article I have linked to above which for me raises more questions than it answers. I found myself enabling OEM unlock last night "just in case" but I'm not fully sure what options I've given myself by doing this because as it stands I don't intend to root the phone.

Trying to relock bootloader of One Plus 5 need help!

Hi,
I've tried all the following steps in the video and I got the error "flashing lock is not allowed". I've already flashed stock rom and recovery and wiped the phone so it's as stock as it gets yet I still get the same error when I enter "fastboot oem lock". Please help ASAP!!!! I'm trying to update to Android 8.0 but the update keeps failing because my bootloader is unlocked
Thanks in advanced.
https://forum.xda-developers.com/oneplus-5/how-to/lock-oneplus-5-bootloader-guide-t3651819
Go to developer settings.. check the oem unlock option. If it's off, bootloader won't relock. You need to turn it on. If it's greyed out & can't be turned on, then you need to root your firmware or flash custom rom & turn it on.
When you have this problem, only magisk will help you turn on allow bootloader unlocked when it's grayed out.
So, you have to flash magisk, turn on allow bootloader to be unlocked in devlopper settings, then flash a clean OOS, make sure there's no modification like custom recovery or root, then relock your bootloader.
Good luck!
use command "fastboot flashing lock" instead of "fastboot oem lock", this will lock your bootloader
hope this tutorial will help you....!!! https://www.youtube.com/watch?v=CQYCSdDUdAU
I had the same problem and solved using magistik, reenable unlock volta loader and After relock.

weird problem xiaomi mi9T

Hi everybody
I redid an installation of my xiaomi mi9t under miui 11.0.3 to start again on good bases because I had done a lot of trying to try to succeed in rooting it
So I relocked the bootloader and I followed the tutorial from A to Z to root the tel.
So these are the manipulations I did:
Unlock the bootloader with the miui tool
Fastboot flash recovery twrp.img
Fastboot boot twrp.img
Installation of the magisk zip.
Restart.
And then I restore my data with micloud and when I go to developer option it says that my bootloader and locked and OEM unlocking is no longer grayed out I can deactivate it when before it was not possible.
I don't know if it's the fact that I restored via micloud or that I used the xiaomi native security and cleaner app.
However my phone is well rooted and unlock bootloader because it is marked unlocked at startup and for rooting all the apps that request root rights have it.
Thank you for your answers.

How to recover my data??! - terrible scenario

Hello to all gurus here
my Redmi Note 7 had a screen broken...I can only hardy recognize when it's in fastboot or recovery.... Touch not working.
The bootloader is locked, I am not sure if USB Debugging was enabled, but I suppose it was not because I get the following:
C:\MyDocs\TEMP\Varie\platform-tools>fastboot oem unlock
FAILED (remote: 'Token Verify Failed, Reboot the device
')
fastboot: error: Command failed
In this terrific scenario, is there any way on earth to recover my data?
I can only see my device in fastboot mode for what I can say...
On the other hand I could probably install a TWRP (which should already have debugging enabled) using fastboot but it seems to me it should clear all my user data.
Any way out?
Thanks in advance
unlocking bootloader requires bonded mi account in developer options and can only unlocked from miunlock tool. btw that will erase userdata during unlock for security reasons

Categories

Resources