Related
What is that SECURE BOOT at bootloader and how could I turn off?
Google is your friend.
Means you have a locked bootloader. Google or search xda on how to unlock it.
Sent from my Nexus 4 using xda premium
tiru.adi13 said:
Means you have a locked bootloader. Google or search xda on how to unlock it.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
That just means the boot (kernel) on the bootloader is protected there is no way or need to change it. https://plus.google.com/103583939320326217147/posts/P1i8qzLfkTm
Sent from my Nexus 4
spaceman860 said:
That just means the boot (kernel) on the bootloader is protected there is no way or need to change it. https://plus.google.com/103583939320326217147/posts/P1i8qzLfkTm
Sent from my Nexus 4
Click to expand...
Click to collapse
Because they say don't make it so. If Google says you can't root a phone, does that mean it can't be done?
If you tell me something is not possible with android it just means the right developer hasn't worked on it with the right team. Not that it can't be done because of what it says in a few links.
adeptustech said:
Because they say don't make it so. If Google says you can't root a phone, does that mean it can't be done?
If you tell me something is not possible with android it just means the right developer hasn't worked on it with the right team. Not that it can't be done because of what it says in a few links.
Click to expand...
Click to collapse
Don't know why you're commenting on a almost 3 year old thread for. Bootloader is closed sourced and if Google didn't want you to root your phone they can make it so you can't. I suggest you go do some research before you comment on something you don't know nothing about.
Sent from my Dirty Nexus 6
tiru.adi13 said:
Means you have a locked bootloader. Google or search xda on how to unlock it.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
don't give false answers, secure boot is not the same like the OEM-Lock / OEM-Unlock AKA locked or unlocked bootloader, it basically checks the boot.img and won't boot if it won't pass, hence and additional safety level.
MrDarkKV said:
Google is your friend.
Click to expand...
Click to collapse
FYI, Google brought me here. First link...
How to enable secure boot, i have dual boot taclast x80plus, when i am flashing android, it is giving me error
SECURE BOOT disabled
Lock state verfied
gpa_remove_prefix: Not Found,
gpa_remove_prefix: Not Found.
Device is already in required state.
Can anybody help?
I know i posted this in wrong section but no one is really helping anywhere and google always give this threat as best solution.
For anyone still searching the answer, Secure Boot is the same than S-OFF in HTC Devices: It is a trusted chain between the psychal bootloader (BootRom) and all the partitions booted by them (including SBL, which later boots ABOOT). BootRom -> SBL -> ABOOT chain is checked and if something is not signed it won't boot (this is Secure Boot), the step ABOOT -> boot.img (Kernel) is controlled not by Secure Boot but by the Locked/Unlocked Bootloader bit. Secure Boot also controls the call from BootRom to all other bootloader partitions, including the Radio.
In short words, The Locker/Unlocked bootloaders controls writing to partitions SYSTEM, USERDATA, CACHE, RECOVERY, BOOT, Bootloader (Signed stuff) and Radio (signed stuff). Secure Boot on the other hand controls access to the entire device partition set, including any Bootloader/Radio/Other patition, Trustzone, FRP, Bootloader info storage..
Great info for anyone that cares I'm sure, the question is how to turn it off.
how secure boot effect us?
RusherDude said:
...
In short words, The Locker/Unlocked bootloaders controls writing to partitions SYSTEM, USERDATA, CACHE, RECOVERY, BOOT, Bootloader (Signed stuff) and Radio (signed stuff). Secure Boot on the other hand controls access to the entire device partition set, including any Bootloader/Radio/Other patition, Trustzone, FRP, Bootloader info storage..
Click to expand...
Click to collapse
how does this secure boot effect my effort to root / put xposed framework on it? I*already have custom recovery installed and it doesn't seem to have a problem. but now that i upgraded my phone (with factory image, mind you), my phone now stuck at boot animation. I suspect this secure boot thing has something to do with it
kngharv said:
how does this secure boot effect my effort to root / put xposed framework on it? I*already have custom recovery installed and it doesn't seem to have a problem. but now that i upgraded my phone (with factory image, mind you), my phone now stuck at boot animation. I suspect this secure boot thing has something to do with it
Click to expand...
Click to collapse
No. As I said, secure chain works until bootloader. If there was an error on this chain, your phone wouldn't even turn on probably. You are having probably some kernel or system issue provoking bootloop.
RusherDude said:
No. As I said, secure chain works until bootloader. If there was an error on this chain, your phone wouldn't even turn on probably. You are having probably some kernel or system issue provoking bootloop.
Click to expand...
Click to collapse
I gotten around the problem by giving up the factory image and installed LineageOS instead. Still can't figure out why bootloop happened after I rooted it. but it's ok. it's an old phone (Nexus5) and LineageOS is actually pretty good for my purpose.
kngharv said:
I gotten around the problem by giving up the factory image and installed LineageOS instead. Still can't figure out why bootloop happened after I rooted it. but it's ok. it's an old phone (Nexus5) and LineageOS is actually pretty good for my purpose.
Click to expand...
Click to collapse
Of course.. on a Nexus 5 forget about official **** that got abandoned years ago!
tiru.adi13 said:
Means you have a locked bootloader. Google or search xda on how to unlock it.
Click to expand...
Click to collapse
no it doesnt my bootloader is unlocked and secure boot is enabled try explaining that back to me you dont know what ur talking about
Guys,
We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.
If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.
If you feel you absolutely must relock your bootloader (at your own risk) please boot the phone up to check it works properly before doing this. If you intend flashing roms and kernels or custom recoveries, locking the bootloader is not a good idea
Please also see the below link provided by @efrant
https://support.google.com/nexus/answer/6172890?hl=en
This goes into more detail about how google have enhanced device security with 5.1 and some other pitfalls that you may wish to avoid. This is pretty salient information, so do give it a read.
Good advice, i would add to that NEVER LOCK YOUR BOOTLOADER. ???
Sent from my Nexus 9 using XDA Free mobile app
ChristianJay said:
Good advice, i would add to that NEVER LOCK YOUR BOOTLOADER.
Sent from my Nexus 9 using XDA Free mobile app
Click to expand...
Click to collapse
And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.
Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.
Why are we making our phones so insecure just to have root? Not cool.
So just to be clear the correct procedure would be to boot the device after updating enable the setting and then go and lock your bootloader? Or just keep it unlocked overall.
Personally I keep mine unlocked but for those wanting to take full advantage of androids new device protection a locked bootloader would serve a purpose. Preventing someone from just flashing a custom rom and keeping your device.
:thumbup:
I thought I really #$# up
Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.
I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...
xander45 said:
Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.
I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...
Click to expand...
Click to collapse
im so new to this but im rooted with an unlocked bootloader but im running full stock android. i only rooted just so i can chance the provision to get free tethering with my unlimited data. i have the wugfresh nexus tool kit and cant for the life of me figure out how to upgrade my nexus 6 to 5.1. Is there in anyone that can get me a step by step on how to update so i can take advantage of hd calling and silmutaneous voice and data... ive been waiting tooooooooooo long for this update..
rootSU said:
Guys,
We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.
If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.
Click to expand...
Click to collapse
Hi root,
I saw that thread yesterday ...
I thought this was already covered when the N6 came out, to get the bootloader unlocked you had to do a 1st boot of the device and ENABLE OEM Unlock, then you were good to go to get into fastboot and unlock.
The reason was google put the option there for 5.0, vice all our previous versions which had no toggle for it.
I think it was people jumping the gun and not doing that first boot, but immediately jumping into fastboot and flashing, and that caused it, yes? Because the BL wasn't unlocked, they couldn't flash the OTA and boot img ...
daijizai said:
And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.
Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.
Why are we making our phones so insecure just to have root? Not cool.
Click to expand...
Click to collapse
This is nonsense.
You need *physical* access to it in order to carry out such an attack.
If your phone leaves your PHYSICAL access, then you already know not to trust what is on it, whether or not it has an unlocked bootloader.
xander45 said:
Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.
I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...
Click to expand...
Click to collapse
kng60ft said:
im so new to this but im rooted with an unlocked bootloader but im running full stock android. i only rooted just so i can chance the provision to get free tethering with my unlimited data. i have the wugfresh nexus tool kit and cant for the life of me figure out how to upgrade my nexus 6 to 5.1. Is there in anyone that can get me a step by step on how to update so i can take advantage of hd calling and silmutaneous voice and data... ive been waiting tooooooooooo long for this update..
Click to expand...
Click to collapse
There is no need to lock the device to take an OTA. You can keep it unlocked and do an ota
doitright said:
This is nonsense.
You need *physical* access to it in order to carry out such an attack.
If your phone leaves your PHYSICAL access, then you already know not to trust what is on it, whether or not it has an unlocked bootloader.
Click to expand...
Click to collapse
Not nonsense. Yes you need physical access to carry out the attack, but with a locked bootloader and the new precautions against unlocking and fastboot it makes locked bootloaders fairly bulletproof.
I cannot recommend unlocked bootloaders to anyone that works SCIF'd and leaves their phone in a shared box during the day, anyone that crosses international borders, or anyone whose phone might contain IP or trade secrets and could be a target of theft.
This is as much about trusting the phone afterwards as it is about protecting your data on the phone - even when encrypted.
y2whisper said:
So just to be clear the correct procedure would be to boot the device after updating enable the setting and then go and lock your bootloader? Or just keep it unlocked overall.
Personally I keep mine unlocked but for those wanting to take full advantage of androids new device detection a locked bootloader would serve a purpose.
Click to expand...
Click to collapse
Just keep it unlocked
rootSU said:
Guys,
We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.
If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.
If you feel you absolutely must relock your bootloader (at your own risk) please boot the phone up to check it works properly before doing this. If you intend flashing roms and kernels or custom recoveries, locking the bootlaoder is not a good idea
Click to expand...
Click to collapse
I had this boot loop also, but clearing Cache and Dalvik seemed to fix the loop for me.
nyteryder79 said:
I had this boot loop also, but clearing Cache and Dalvik seemed to fix the loop for me.
Click to expand...
Click to collapse
Thats good.
http://forum.xda-developers.com/goo...orial-how-to-flash-factory-images-lg-t2713833
This may help if you got stuck in a bootloop.
is there a fix if my mem shows i own a 32g device when i bought a 64g device, im unlocked/rooted and on custom rom?
darren.wlsn1 said:
is there a fix if my mem shows i own a 32g device when i bought a 64g device, im unlocked/rooted and on custom rom?
Click to expand...
Click to collapse
I'd like to know too. I'm unrooted, stock everything, with 64GB Blue, but it shows 23GB total space for the device with 16GB available. Was fine before the 5.1 update.
Marcellus1 said:
I'd like to know too. I'm unrooted, stock everything, with 64GB Blue, but it shows 23GB total space for the device with 16GB available. Was fine before the 5.1 update.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=58201783&postcount=106
should help
darren.wlsn1 said:
is there a fix if my mem shows i own a 32g device when i bought a 64g device, im unlocked/rooted and on custom rom?
Click to expand...
Click to collapse
Marcellus1 said:
I'd like to know too. I'm unrooted, stock everything, with 64GB Blue, but it shows 23GB total space for the device with 16GB available. Was fine before the 5.1 update.
Click to expand...
Click to collapse
Factory reset?
Not really the thread to ask this though.
rootSU said:
Factory reset?
Not really the thread to ask this though.
Click to expand...
Click to collapse
Thanks, and sorry
This guide is for the safe procedure for re-locking your bootloader with the new security features of Android 5.1 on the Nexus 6
The purpose of re-locking your bootloader should solely be used for RMA or resale of your device. Also if you have flashed a factory image and want the added security of a locked bootloader. Or possibly it is required by your employer. If you're required by your employer, then I suggest you reconsider unlocking in the first place. If you're returning to stock, to simply fix problems on your device, then I also strongly suggest leaving the bootloader unlocked. To put it in simple terms, if you want to keep a custom recovery and ROM, mod, root, etc, then leave your bootloader unlocked. Re-locking the bootloader on the Nexus 6 will cause your device to be wiped.
Please read this post by @efrant for more clarification:
http://forum.xda-developers.com/showthread.php?p=60128929
Thanks @efrant @cam30era @rootSU @clairez for collaboration and advice.
This is based on a 100% stock, encrypted, un-modded Nexus 6
Due to significant security changes in Android 5.1, there are some specific steps that must be taken in order to safely re-lock your bootloader during and after installing a factory image.
WARNING! These steps are confirmed working but there is still risk involved. If you do not ABSOLUTELY need to re-lock then I strongly suggest leaving the bootloader unlocked.
FOLLOWING THESE STEPS WILL WIPE YOUR DEVICE SO BACKUP YOUR DATA!
This is based on you (the user) having already read and followed instructions on downloading the factory image and having it ready to install.
STEP 1
Disable all security locks on your phone.
On your phone, go into your settings, click Security. In Screen security, click on Screen lock, enter your passcode/pin/pattern then select none.
You will get a prompt that Device protection features will no longer work. Click OK.
STEP 2
**OPTIONAL**
Thanks @gee2012
This step is optional because successful installation of the factory image will remove this info anyway.
Remove your Google account.
In settings, click Accounts, click Google then click on your account name. (your gmail address)
Click the 3 dot menu button in top right of screen and select Remove account. You will get a prompt That this will delete all messages, contacts and other data from your phone. Click REMOVE ACCOUNT.
STEP 3
This step is optional and may or may not be needed but I recommend doing this.
Preform a factory reset from your phone settings.
Open settings and click on Backup & reset. Click Factory data reset.
You will receive a prompt stating that this will erase all data from your phone's internal storage, click RESET PHONE.
The reset takes quite a while to complete, approximately 10 to 15 or more minutes for a 32gb model and 20 minutes or more for a 64gb model, so BE PATIENT!
Your phone will reboot when completed.
STEP 4
IMPORTANT!!
When your phone reboots, you will have to skip all account set up and ABSOLUTELY do not set any security features up. Skip EVERYTHING!
Go to settings and enable Developer options. (About phone>tap build number 7 times)
Once you have developer options enabled, enable USB Debugging and tick the box to allow OEM unlock.
I suggest preforming a reboot here to verify that OEM unlock sticks. After the reboot enter developer options to verify OEM unlock is still ticked.
If it is, we will proceed. If not, ensure you have followed the previous steps correctly. If you have and for some reason the setting won't stick, DO NOT PROCEED OR YOU MAY END UP STUCK IN A BOOT LOOP WITH NO CURRENT WAY TO FIX!
STEP 5
If setting has stuck, you are ready to unlock your bootloader and install the factory image using one of the ways outlined elsewhere in this forum.
After installation is complete, reboot to recovery and again preform a factory reset. Reboot to Android.
STEP 6
IMPORTANT!
Upon completion of factory reset from recovery and reboot to Android, it is important to follow this procedure so you may now safely lock your bootloader.
SKIP ALL ACCOUNT AND SECURITY SET UP AGAIN! Go to settings and enable developer options again. Enable USB debugging and tick allow OEM unlock.
Again, I recommend a reboot at this point to verify the settings stick.
Use the button combo or ADB to reboot to bootloader.
Use the command fastboot oem lock
Your device will wipe again and reboot.
CONGRATULATIONS! You now have a locked bootloader and you may proceed to restore your phone.
See here for info from Google about the new security features:
https://support.google.com/nexus/answer/6172890?hl=en
Thanks @efrant for finding this link.
Thanks also to all of those who helped to confirm this process works consistently.
Thanks to @clairez for this thread: http://forum.xda-developers.com/nexus-6/help/update-to-5-1-lock-bootloader-t3058480
*Disclamer*
I am not responsible if your device bricks, loops or causes mass world hysteria.
*How to prepare your Nexus 6 for resale*
Since the onset of Android 5.1, there are some specific steps needed to ensure you can sell your device and not have the seller need your Google password when they receive your device. Please read this guide provided by @PatimusXPrime
http://forum.xda-developers.com/showpost.php?p=60455167&postcount=43
TWRP RECOVERY INSTALLED ONLY
The following info is for users who have TWRP installed and are stuck in bootloop (soft brick) after wiping OS with a locked bootloader.
Credit to this thread:
Thanks @ixa20
http://forum.xda-developers.com/showthread.php?t=3053783
STEP 1
Boot into bootloader.
STEP 2
Use fastboot and issue the commands:
fastboot format userdata
fastboot format cache
This should allow you to boot back into TWRP.
Flash a ROM and get up and running.
Unlock your bootloader and leave it that way.
Thanks also to @rootSU for posting this solution many, MANY times.
I hear a lot about locking the boot loader, but what exactly am I missing out on in terms of security with an unlocked boot loader, and rooted
productofusa said:
I hear a lot about locking the boot loader, but what exactly am I missing out on in terms of security with an unlocked boot loader, and rooted
Click to expand...
Click to collapse
I think, primarily, if you are unencrypted you run the risk of your data being compromised if your phone is lost or stolen. Plus, the new security features are not proven to work 100% when bootloader is unlocked. Simply by rooting, you've opened your device to be more vulnerable to malicious attacks. I'm sure you already know that.
Evolution_Freak said:
I think, primarily, if you are unencrypted you run the risk of your data being compromised if your phone is lost or stolen. Plus, the new security features are not proven to work 100% when bootloader is unlocked. Simply by rooting, you've opened your device to be more vulnerable to malicious attacks. I'm sure you already know that.
Click to expand...
Click to collapse
I see, nothing I wasn't already aware of! It seems that a significant amount of people that are used to an unlocked rooted handset are quick to jump on the relock the bootloader omg security bandwagon regardless of the consequences. Having said that thanks to folks such as yourself most of the kinks seem to be worked out at this point.
Thanks
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Cannibal Oxen said:
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
The first post explains how to lock the bootloader safely. If you're going g back to stock, simply follow the steps
Cannibal Oxen said:
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
No, not at all. You can flash a factory image and return to stock at anytime. However, if you plan on flashing ROMs again, there's no need to relock the bootloader. For instance, if you wanted to return to stock to say, get an OTA, the bootloader being unlocked wouldn't affect that negatively.
If you did desire to relock, following this guide, as far as disabling the security and Google account, you should be able to relock. The important thing is making sure that pesky "allow OEM unlock" option remains checked after a reboot.
Cannibal Oxen said:
Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
You can go back to stock. And then, subsequently relock the bootloader.
And the question is not "stupid". Noob questions are encouraged here. That's how you learn.
rootSU said:
The first post explains how to lock the bootloader safely. If you're going g back to stock, simply follow the steps
Click to expand...
Click to collapse
Fair enough. The part that confused me was the first five steps appear to address steps required to unlock the bootloader. I was afraid since I already unlocked mine without first disabling security and removing my account that it would somehow preclude me from ever being able to relock the bootloader should that need ever arise in the future.
I really appreciate the help!
Yeah, I learned my lesson, DON'T PLAY WITH LOCKED BOOTLOADERS ON THIS DEVICE, EVER!
I had a locked bootloader, and no System (I had wiped it accidentally).
Luckily though I had the sense to keep TWRP installed, but I couldn't boot to it, it was just bootlooping to the TWRP splash screen.
I thought I had just lost a $650 investment, but here's what I did:
Boot to bootloader, then
Code:
fastboot erase cache
fastboot erase userdata
Then I could boot to TWRP! So I
Code:
adb push (ChromaOS zip here) /sdcard/
But when I tried to flash the Data and Cache partitions kept giving me errors, I couldn't flash anything!
I went to sleep (or tried to sleep, but couldn't) I was panicking!
When I woke up I tried one more thing:
From bootloader I did
Code:
fastboot format cache
fastboot format userdata
(Notice FORMAT instead of erase!)
I booted into TWRP and was able to flash ChromaOS, I was able to enable OEM Unlock, and flashed the full Factory Image, completely back to stock.
I booted once with unlocked bootloader to verify it was working, then locked it.
If I had the stock recovery, I would've had a $650 paperweight.
DO NOT MESS AROUND WITH LOCKED BOOTLOADERS! DON'T RISK IT!
gorei23 said:
Yeah, I learned my lesson, DON'T PLAY WITH LOCKED BOOTLOADERS ON THIS DEVICE, EVER!
I had a locked bootloader, and no System (I had wiped it accidentally).
Luckily though I had the sense to keep TWRP installed, but I couldn't boot to it, it was just bootlooping to the TWRP splash screen.
I thought I had just lost a $650 investment, but here's what I did:
Boot to bootloader, then
Code:
fastboot erase cache
fastboot erase userdata
Then I could boot to TWRP! So I
Code:
adb push (ChromaOS zip here) /sdcard/
But when I tried to flash the Data and Cache partitions kept giving me errors, I couldn't flash anything!
I went to sleep (or tried to sleep, but couldn't) I was panicking!
When I woke up I tried one more thing:
From bootloader I did
Code:
fastboot format cache
fastboot format userdata
(Notice FORMAT instead of erase!)
I booted into TWRP and was able to flash ChromaOS, I was able to enable OEM Unlock, and flashed the full Factory Image, completely back to stock.
I booted once with unlocked bootloader to verify it was working, then locked it.
If I had the stock recovery, I would've had a $650 paperweight.
DO NOT MESS AROUND WITH LOCKED BOOTLOADERS! DON'T RISK IT!
Click to expand...
Click to collapse
With the method I've outlined and personally tried, it can be safely done. The security settings are the issue and a safe way around that has been found.
Evolution_Freak said:
With the method I've outlined and personally tried, it can be safely done. The security settings are the issue and a safe way around that has been found.
Click to expand...
Click to collapse
I know, I'm just saying don't play around with it, if you're going to relock make sure that you KNOW it will work.
Can confirm that the outlined info here works flawlessly
I used this process to re-lock my phone after unlocking in the fastboot-enabled upgrade from OTA 5.1 "D" to stock 5.1 "E" an hour ago.
The easy part was unlocking/locking/rebooting in the correct order - the harrowing part was when my fastboot update of the radio failed, after which I figured out it was a transient USB issue with my system, so rebooted Windows and then everything went reasonably close to plan.
So, now I'm on "E" and with a locked bootloader (i.e., stock for Verizon). I'll be experimenting with custom ROMs after settling in with this for a bit, but wanted to test out VoLTE and other things before going the custom route.
Thanks again for this guide.
- ooofest
ooofest said:
I used this process to re-lock my phone after unlocking in the fastboot-enabled upgrade from OTA 5.1 "D" to stock 5.1 "E" an hour ago.
The easy part was unlocking/locking/rebooting in the correct order - the harrowing part was when my fastboot update of the radio failed, after which I figured out it was a transient USB issue with my system, so rebooted Windows and then everything went reasonably close to plan.
So, now I'm on "E" and with a locked bootloader (i.e., stock for Verizon). I'll be experimenting with custom ROMs after settling in with this for a bit, but wanted to test out VoLTE and other things before going the custom route.
Thanks again for this guide.
- ooofest
Click to expand...
Click to collapse
Word of caution, don't flash stuff with a locked bootloader. If you get a bad flash and you can't boot, you'll be screwed.
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
pwned3 said:
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
Click to expand...
Click to collapse
Yes
pwned3 said:
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
Click to expand...
Click to collapse
It does if you have "Device protection" enabled. If you do a factory reset and, while you are running through the set up wizard, do not enable "Device protection", then the " Allow OEM unlock" setting should stick.
Sent from my Nexus 6 using Tapatalk
rootSU said:
Word of caution, don't flash stuff with a locked bootloader. If you get a bad flash and you can't boot, you'll be screwed.
Click to expand...
Click to collapse
Before attempting to upgrade the stock level or going custom, I was planning to run through at least steps 1-4 again to enable me to safely unlock.
Or, do I only need to tick OEM Unlock, adb into stock recovery and then fastboot oem unlock without going through the suggested factory data reset step?
- ooofest
Hey all.
So I've installed LineageOS just fine - the unlocking guides around here are mostly clear enough. Certainly not as easy as I've been used to for Nexus and OnePlus devices though! I've been using the 'official' TWRP 3.0.4.1 and not any of the other (now often links removed) unofficial versions.
I've also got my hands dirty with EDL mode and have totally reflashed a couple of times while playing around.
So on to my question. Basically I have an email client for work (Good for Enterprise) that detects unlocked bootloaders as 'root' (even though I'm not rooted), so I would like to relock my bootloader.
However, as soon as I use 'fastboot oem lock' it instantly bricks my phone. It goes straight into EDL mode, from which it cannot return. No bootloader, no recovery mode, no booting of system. Completely dead. All button combos attempted etc.. The only way back that I've found is to flash a whole new system image in EDL, and start over.
So, have I missed something (a signed recovery?) that makes this happen? Are there some verifications that the bootloader does while locked that fails because there's a custom system and recovery in place?
Is there anything I can do about this? Am I doomed to use stock for as long as I need to use this darned app?
Thanks very much!
Yes you need to be completely stock to lock BL.
Also if you want to stay unlocked, you can use MAGISK to hide root for your mailing app.
Thanks for the replies. I actually don't have, and never have had, root. So the only thing it can possibly be detecting is either the custom ROM itself (or rather, not a factory one from some list they maintain) or the unlocked bootloader. So I doubt MAGISK will work, because there's no root there to hide in the first place
(In case it wasn't obvious, we're talking about Good for Enterprise here).
The blackberry mobile device management system (earlier called GFE) doesnt care if bootloader is unlocked, it just checks whether you have a custom recovery (twrp) and that is enough to flag your system as rooted.
Hi!
I've recently unlocked my bootloader as I wanted to root the phone.
However, I'm planning to sell it and want to revert it.
I've tried "fastboot oem lock", but this soft bricked my phone so I had to unlock it again.
Is it possible to relock the bootloader or at least get rid of the booting message "the bootloader is unlocked and software integrity cannot be guaranteed, etc..."...
vessk0 said:
Hi!
I've recently unlocked my bootloader as I wanted to root the phone.
However, I'm planning to sell it and want to revert it.
I've tried "fastboot oem lock", but this soft bricked my phone so I had to unlock it again.
Is it possible to relock the bootloader or at least get rid of the booting message "the bootloader is unlocked and software integrity cannot be guaranteed, etc..."...
Click to expand...
Click to collapse
Ensure that unroot first before locking the bootloader.
The command you used worked for legacy devices. New devices including the OP8 series use the 'fastboot flashing lock' command.
P.S. If you have questions, please post them under the OnePlus 8 Pro Q&A section.
Use MSM tool. This will ensure that the software is 100% clean and in a new state.
Lossyx said:
Use MSM tool. This will ensure that the software is 100% clean and in a new state.
Click to expand...
Click to collapse
+1
Lossyx said:
Use MSM tool. This will ensure that the software is 100% clean and in a new state.
Click to expand...
Click to collapse
It will, but MSM is a low-level flashing utility and thus only recommended for unbricking.
For some very odd reason, I was able to break my phone's proximity sensors after using it the second time.
I wouldn't personally advise it to be a go-to solution for something that could be easily done via a bunch of commands. Just me two cents. ✌
DJBhardwaj said:
It will, but MSM is a low-level flashing utility and thus only recommended for unbricking.
For some very odd reason, I was able to break my phone's proximity sensors after using it the second time.
I wouldn't personally advise it to be a go-to solution for something that could be easily done via a bunch of commands. Just me two cents. ✌
Click to expand...
Click to collapse
I understand what you mean. But if that's the case then you would want to advise somebody to un-root, then run the adb command to remove any and all left over magisk modules, then factory wipe, then lock the bootloader.
Personally have ran the MSM tool 3 times due to poor flashes and it's been perfect.
I think the risk is much much higher if you plan to downgrade your OS. If not then you'll be absolutely fine.
Plus it's quicker
dladz said:
I understand what you mean. But if that's the case then you would want to advise somebody to un-root, then run the adb command to remove any and all left over magisk modules, then factory wipe, then lock the bootloader.
Personally have ran the MSM tool 3 times due to poor flashes and it's been perfect.
I think the risk is much much higher if you plan to downgrade your OS. If not then you'll be absolutely fine.
Plus it's quicker
Click to expand...
Click to collapse
I did mention unrooting first. Magisk will automatically take care of the modules when that's done. But yes, if someone did forcibly mount the system (not sure if it's possible anymore with dynamic partitions) and altered it, then that requires extra care.
As for a factory wipe, that'll be done at the same time when the bootloader is locked. So, that's why I suggested just unrooting and locking the bootloader straightaway.
Anyways, the suggestions you provided are equally valid as well.
DJBhardwaj said:
I did mention unrooting first. Magisk will automatically take care of the modules when that's done. But yes, if someone did forcibly mount the system (not sure if it's possible anymore with dynamic partitions) and altered it, then that requires extra care.
As for a factory wipe, that'll be done at the same time when the bootloader is locked. So, that's why I suggested just unrooting and locking the bootloader straightaway.
Anyways, the suggestions you provided are equally valid as well.
Click to expand...
Click to collapse
No mate you're wrong there im afraid. That is not always the case
Hence the actual requirement for a magisk removal command.
Magisk does not always clear up left overs, that's a well known problem.
But hey that's my advice.
Plus the wipe before hand is to eliminate anything that may have stuck similar to magisk modules.
It can happen.
Tbhi think he'll be fine either way.
dladz said:
No mate you're wrong there im afraid. That is not always the case
Hence the actual requirement for a magisk removal command.
Magisk does not always clear up left overs, that's a well known problem.
But hey that's my advice.
Plus the wipe before hand is to eliminate anything that may have stuck similar to magisk modules.
It can happen.
Tbhi think he'll be fine either way.
Click to expand...
Click to collapse
But sometimes, it is also the module developers to blame. That's why merging the modules into the official repository is difficult.
John has strained on this often. He recently removed EdXposed from the official repo:
https://twitter.com/i/web/status/1350590699113115648
As for wiping, it's all the same if you do it just before the relock command or let the command do it for you. The same thing is gonna happen either way, so it feels redundant to perform a factory reset right before locking the bootloader. This is what I was trying to convey earlier.
And yes, agreed. He'd probably be fine, given that we have provided various points to look out for before locking the bootloader.
DJBhardwaj said:
But sometimes, it is also the module developers to blame. That's why merging the modules into the official repository is difficult.
John has strained on this often. He recently removed EdXposed from the official repo:
https://twitter.com/i/web/status/1350590699113115648
As for wiping, it's all the same if you do it just before the relock command or let the command do it for you. The same thing is gonna happen either way, so it feels redundant to perform a factory reset right before locking the bootloader. This is what I was trying to convey earlier.
And yes, agreed. He'd probably be fine, given that we have provided various points to look out for before locking the bootloader.
Click to expand...
Click to collapse
I think he'll be fine.
An yea R-ice doesn't remove properly especially if you don't remove the theme first