I know that the Nexus 7 has a bootloader whose digital signature checks can be disabled. But can anyone tell me about the very beginning of the device's boot process? Is the first-stage bootloader signature checked by the boot ROM? Can it be replaced?
Hi XDA!
I recently unlocked my phone's bootloader to install an update for my p8lite and I want to lock it back. There is an option called relocking the bootloader and I want to know whether it is the same as locking the bootloader. Also will the ability to flash ROMs through fastboot lose after i relock it?
Thanks
Yes, it is the same, and yes, you will lose the fastboot flash ability. However, the fastboot screen won't show "Locked", it will show "Relocked"
saw this and wondered is a more advanced dev has any insights
http://z3x-team.com/samsung-activation/
It will not unlock the bootloader on the GS-935A - unlock feature is not supported. All it will do for our model is Write firmware, read/write EFS, read/write QCN and read/write SEC
What will happen if I relock bootloader .. because I hate the pop up "your device has been unlocked .." while it boots.. does after relocking bootloader stops twrp to work ?
dhenewar said:
What will happen if I relock bootloader .. because I hate the pop up "your device has been unlocked .." while it boots.. does after relocking bootloader stops twrp to work ?
Click to expand...
Click to collapse
If you relock your bootloader with TWRP or anything else non stock, you'll likely boot loop until you unlock again. It's likely you'll trip the verification checks -performed by a locked bootloader - with TWRP, which means you need to be fully stock for a successful locked bootloader. If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues as you can't then unlock.
If you want to, you can flash a custom logo.bin (plenty of links in the Mods section) which will hide the warning, won't shorten the delay but it'll be nicer to look at.
echo92 said:
If you relock your bootloader with TWRP or anything else non stock, you'll likely boot loop until you unlock again. It's likely you'll trip the verification checks -performed by a locked bootloader - with TWRP, which means you need to be fully stock for a successful locked bootloader. If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues as you can't then unlock.
If you want to, you can flash a custom logo.bin (plenty of links in the Mods section) which will hide the warning, won't shorten the delay but it'll be nicer to look at.
Click to expand...
Click to collapse
Ok bro thanks for the info ..will SuperSu be as same as twrp causing bootloop?... luckily I have got stock recovery n firmware .. as u said "If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues " .. I am having the problem in other device(Samsung Galaxy grand prime G531H .. Cuz of my careless n rush.i forgot to enable oem n then flashed custom rom in Odin .. then it got bricked.. searched alot in internet for solution..also .. i have created post here.. still no solution .. and Now my device is just waste ..gave up on it ... RIP :angel: ..
dhenewar said:
Ok bro thanks for the info ..will SuperSu be as same as twrp causing bootloop?... luckily I have got stock recovery n firmware .. as u said "If you've not enabled OEM unlocking in developers options if you locked, then you'll have major issues " .. I am having the problem in other device(Samsung Galaxy grand prime G531H .. Cuz of my careless n rush.i forgot to enable oem n then flashed custom rom in Odin .. then it got bricked.. searched alot in internet for solution..also .. i have created post here.. still no solution .. and Now my device is just waste ..gave up on it ... RIP :angel: ..
Click to expand...
Click to collapse
I think so, a locked bootloader, as I understand it, checks the integrity of your recovery, kernel and system, and if it detects a break in the chain of trust (e.g. if there's a custom modification that changes the signature expected), then as a security measure the device just won't boot/bootloop. SuperSU or any root, custom kernel, or TWRP or even if you've allowed TWRP to make modifications may result in bootloops thus.
Therefore, if you wish to re-lock your device, you'll want to re-flash the stock firmware and then lock. You can only lock your device with the same firmware or newer than the version your device was updated to (including OTA updates). The latest version we have is the June fastboot ROM: https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138 Of course, flashing this will wipe TWRP, root and possibly your data from your device, so back up and keep the backups off your device. Alternatively, you may just wish to flash the custom logo.bin as mentioned previously, which would hide the bootloader warning.
About your Galaxy Grand Prime, ouch - that's a horrible situation to be in; unless there's a potential bootloader exploit, you're caught in the nasty situation where you can't unlock your bootloader (because of the OEM unlock) and because the security's been tripped, won't allow you to boot to get to the OEM unlock Are there any Samsung service centres or repair shops that could help you recover? You could have a look around the Galaxy Grand Prime forum, see if there's anything that could help: https://forum.xda-developers.com/grand-prime
echo92 said:
I think so, a locked bootloader, as I understand it, checks the integrity of your recovery, kernel and system, and if it detects a break in the chain of trust (e.g. if there's a custom modification that changes the signature expected), then as a security measure the device just won't boot/bootloop. SuperSU or any root, custom kernel, or TWRP or even if you've allowed TWRP to make modifications may result in bootloops thus.
Therefore, if you wish to re-lock your device, you'll want to re-flash the stock firmware and then lock. You can only lock your device with the same firmware or newer than the version your device was updated to (including OTA updates). The latest version we have is the June fastboot ROM: https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138 Of course, flashing this will wipe TWRP, root and possibly your data from your device, so back up and keep the backups off your device. Alternatively, you may just wish to flash the custom logo.bin as mentioned previously, which would hide the bootloader warning.
About your Galaxy Grand Prime, ouch - that's a horrible situation to be in; unless there's a potential bootloader exploit, you're caught in the nasty situation where you can't unlock your bootloader (because of the OEM unlock) and because the security's been tripped, won't allow you to boot to get to the OEM unlock Are there any Samsung service centres or repair shops that could help you recover? You could have a look around the Galaxy Grand Prime forum, see if there's anything that could help: https://forum.xda-developers.com/grand-prime
Click to expand...
Click to collapse
Thanx bro I will try it out .. yep bro I got it in service center n they told me .. No way of fixing it .. Aahh n that's it ? .well there was option change of hardware price was half of the phone cost ..better to buy new one ?
Warning: This guide recommends the user to backup their data as this process includes an automated wipe
Hello XDA,
I'm suggesting this Tutorial for anyone aware of another person flashing a system on the phone, and I do not recommend it for TWRP users,
unlock bootloader using "fastboot flashing unlock"
do not run the fastboot critical unlock command if you did then relock it,
when you use your phone without magisk installed you won't be able to edit the OEM unlocking option from developer options.
when you install magisk the option OEM unlocking in developer options can be edited and switched off
switch off OEM unlocking option in dev options as long as long as you didn't unlock critical in the bootloader.
while the "critical partition is locked" this will not allow you to flash a full system from google website
only use OTA using recovery when you update
make sure you enable OEM unlocking option in dev option when you make internal partition changes
this method may be a wall against a full system change from thefts as when someone tries to flash a message will pop saying failed to update
even if someone tries to unlock the critical partitions using fastboot unlock_critical it will display failed as you disabled the OEM unlocking option from developer options.
if someone tries to factory reset from recovery this should trigger FRP ( factory reset protection) which will ask about the google account used before that factory reset.
I hope this somehow protects unlocked bootloader phones from any external changes without vulnerabilities or exploits,
Cheers. :fingers-crossed: