Hello, I have several questions about Verified Boot. I've previously owned a rooted Nexus 5, but I never cared about keeping my bootloader unlocked state. Now I have a OnePlus 5, and while looking for info online I learnt about Verified Boot and how keeping my bootloader unlocked is a security risk.
Then I found that you can add your own certificate, which would be used if the OEM verification fails and allows you (AFAIK!) to flash any zip you sign with the bootloader locked. I also found a thread here where it explains how to do it.
So my questions are:
Does the procedure linked before allows flashing my own zips with a locked bootloader or am I missing something?
If it allows you to have the benefits of an unlocked bootloader while keeping the same security measures, why isn't its usage more widespread?
That's all. BTW hi to everyone! It's my first post here
Related
Ok so I was reading an article and now I'm confused. I see there are two ways to unlock a phone...the regular unlock command and an unlock critical command. From what I understand the unlock critical command is for updating the bootloader? When would I want to do this? I was on the Android P final beta and because official Pie release was delayed here in Canada I decided to just unlock and flash Pie manually. I did this and then relocked the bootloader. But is my bootloader outdated now? Confused. ?
If you keep the bootloader unlocked your bootloader will never go out of date, otherwise the bootloader will not be updated on subsequent stock ROM updates. I personally recommend unlocking the bootloader using both commands and keeping it unlocked. You'll have a minor annoyance in that you'll have a warning pop up prior to boot about the bootloader being unlocked, but I believe avoid a major annoyance in Factory Reset Protection being disabled with the bootloader unlock.
Ok. So just unlock using both commands? Do I just enter in right after the other? How does the bootloader get updated?
Also does leaving the bootloader unlocked stop Google Pay and some banking apps from working?
Enter both commands, one after the other. The bootloader, even if it has no updates, is included with every copy of the stock ROM you download from Google. It will also be included with any OTAs that come directly to the device. You'll have to discover for yourself whether Google Pay and your banking app are affected, because I simply do not know. I don't use my device for banking.
Hey all,
Sorry, I know that has been covered extensively on here, but I just want to clarify my understanding and make sure I'm not waiting pointlessly and hopefully avoid mucking this up in the future.
So, I've had my Galaxy S9+ long enough that OEM UNLOCK appeared in the developer options menu. I've rooted/flashed installed enough phones in the past that I stupidly didn't read up on any of the newer security features (such as RMM).
I OEM unlocked the phone, restarted, and everything looked fine. I've then rebooted into Odon (3.13.1, downloaded through Sam Mobile) and tried to install the tar file associated with my phone (twrp-3.2.3-0-star2lte).
Odin failed to install, with the error message, "only official released binaries are allowed to be flashed(recovery)" After a quick look around, this error message appears to be associated with a bootloader that is still locked:
If I look at the values at the top of the download menu, I see
RMM STATE: Prenormal
FRP LOCK: Off
OEM LOCK: Off
So, if my OEM lock is off, is it the RMM state preventing me from flashing the device? If so, is this a wait seven days without restarting the phone for RMM state to change to normal or am I missing something entirely?
What I've also read, is it is required to do the TWRP flash mid-OEM unlock (during the reboot of the factory reset), is this something I will still need to do?
Any direction appreciated. Sorry for posting on the same subject so many others have, I just can't quite find any information on it when the OEM is unlocked already.
ta.
jusx10i said:
Hey all,
Sorry, I know that has been covered extensively on here, but I just want to clarify my understanding and make sure I'm not waiting pointlessly and hopefully avoid mucking this up in the future.
So, I've had my Galaxy S9+ long enough that OEM UNLOCK appeared in the developer options menu. I've rooted/flashed installed enough phones in the past that I stupidly didn't read up on any of the newer security features (such as RMM).
I OEM unlocked the phone, restarted, and everything looked fine. I've then rebooted into Odon (3.13.1, downloaded through Sam Mobile) and tried to install the tar file associated with my phone (twrp-3.2.3-0-star2lte).
Odin failed to install, with the error message, "only official released binaries are allowed to be flashed(recovery)" After a quick look around, this error message appears to be associated with a bootloader that is still locked:
If I look at the values at the top of the download menu, I see
RMM STATE: Prenormal
FRP LOCK: Off
OEM LOCK: Off
So, if my OEM lock is off, is it the RMM state preventing me from flashing the device? If so, is this a wait seven days without restarting the phone for RMM state to change to normal or am I missing something entirely?
What I've also read, is it is required to do the TWRP flash mid-OEM unlock (during the reboot of the factory reset), is this something I will still need to do?
Any direction appreciated. Sorry for posting on the same subject so many others have, I just can't quite find any information on it when the OEM is unlocked already.
ta.
Click to expand...
Click to collapse
I'd love any info on this as well.
Unfortunately, I just had to wait the week.
I will say though when you come to install TWRP make sure you follow the instructions. I didn't, then I had to wait another week for the OEM Unlock to re-appear again!
Hey,
I have been searching for an answer to this for quite a while, and I've found some information. Before you start bashing me in the comments, I do know that Nokia has disabled unlocking bootloaders on certain devices. My question is, is there 100% no (free) way of unlocking the bootloader on my phone, or just in general to get root. I am running Android 9, and I do have adb (of course).
Thank!
Also interested in this ... Don't want to let someone mess around with my phone .. used to do it myself
Short answer, no. By the looks of it there are currently no free tools, etc.
Long answer, yes but not accessible for us currently. There are ways to gain root access/unlock the bootloader on every device. Currently there are some unpatched exploits (that sometimes cannot even be fixed) in the Linux and Android system that are able to root devices, etc. The last few years showed that Baseband (proprietary Qualcomm code), the RAM (Rowhammer, Rampage) and other device features are attackable. Maybe KingoRoot or someone else might implement these exploits in the following years, and we get a free utility to root devices.
Bootloader unlock for Nokia phones!
_xNyx_ said:
Hey,
I have been searching for an answer to this for quite a while, and I've found some information. Before you start bashing me in the comments, I do know that Nokia has disabled unlocking bootloaders on certain devices. My question is, is there 100% no (free) way of unlocking the bootloader on my phone, or just in general to get root. I am running Android 9, and I do have adb (of course).
Thank!
Click to expand...
Click to collapse
Visit the link below
https://www.nokia.com/phones/en_int/bootloader/
I'm quite new to this rooting stuff, therefore a few stupid questions:
I read that with old security patches, before Aug 2018 (was that still Android Pie?) it was possible to unlock the bootloader. Isn't there some way to downgrade the security patch to a version allowing to unlock?
Is it at all required to unlock the bootloader in order to be able to install LineageOS as provided by this link?
many thanks!
EDIT: Can you recommend any working alternative way to unlock the bootloader?
Frozen_Duck said:
Short answer, no. By the looks of it there are currently no free tools, etc.
Long answer, yes but not accessible for us currently. There are ways to gain root access/unlock the bootloader on every device. Currently there are some unpatched exploits (that sometimes cannot even be fixed) in the Linux and Android system that are able to root devices, etc. The last few years showed that Baseband (proprietary Qualcomm code), the RAM (Rowhammer, Rampage) and other device features are attackable. Maybe KingoRoot or someone else might implement these exploits in the following years, and we get a free utility to root devices.
Click to expand...
Click to collapse
belzebubi said:
I'm quite new to this rooting stuff, therefore a few stupid questions:
I read that with old security patches, before Aug 2018 (was that still Android Pie?) it was possible to unlock the bootloader. Isn't there some way to downgrade the security patch to a version allowing to unlock?
Is it at all required to unlock the bootloader in order to be able to install LineageOS as provided by this link?
many thanks!
EDIT: Can you recommend any working alternative way to unlock the bootloader?
Click to expand...
Click to collapse
August 2018 would have been Oreo and YES currently you have to roll back to unlock bootloader. It's a PAID service to have this done. @singhnsk can aid you in doing this service. I as well as many others have used him to unlock our devices. You will have to use Team Viewer and let him remotely do his work.
Good luck!!
And actually, the main question is how to unlock? Bootloaderunlocker.apk dont work, it say me "google service error" help me please
OEM unlocked for Nokia 7.1 and for all nokia
Hi guys I am new here also searching for unlocking the bootloader for Nokia I read this method somewhere tried my self with some tweaks it worked
1. Open the developer option and turn it off.
2. Again turn it on but skip the on screen option for ok and cancle again turn the developer option off.
3.now trim developer option again click ok and as soon as you do it click on oem unlocking it will show a message to reboot the mob do it.
4. After rebooting you will see the oem unlock is still off just step 1,2and 3 vola bootloader is unlocked now
Comment if it works
Thanx
Sourabh22kori said:
OEM unlocked for Nokia 7.1 and for all nokia
Hi guys I am new here also searching for unlocking the bootloader for Nokia I read this method somewhere tried my self with some tweaks it worked
1. Open the developer option and turn it off.
2. Again turn it on but skip the on screen option for ok and cancle again turn the developer option off.
3.now trim developer option again click ok and as soon as you do it click on oem unlocking it will show a message to reboot the mob do it.
4. After rebooting you will see the oem unlock is still off just step 1,2and 3 vola bootloader is unlocked now
Comment if it works
Thanx
Click to expand...
Click to collapse
You da Man! I had to try it a few times, but it worked.
Just to clarify point 3.
3. Now turn developer option on again click OK and as soon as you do you will be returned to previous menu. Immediately click "OEM unlocking", it will show a message and ask your password, (if set), and work.
Thread closed as a subject matter related thread already exists:
How to Unlock Bootloader & Root Nokia 6.1?
Hello Guys! anybody know how to unlock this phone TA-1089 and root? currently it's running on latest software update Android 9 ( January Patch) kindly help please.
forum.xda-developers.com
Regards
Oswald Boelcke
Senior Moderator
Hi,
I have recently bought a T-mobile version of OP7T. Even though T-Mobile unlocked the network permanently, I still didn't like T-mobile branding at the start, plus I wanted Stock OxygenOs. So what did I do?
(No root and No TWRP)
1. I've Unlocked the bootloader via the method in this post. Stage-1
2. I have flashed the stock rom which I downloaded from this post. Stage-2
3. Phone loads up perfectly fine and now I have stock OOS. to make sure everything is fine, I also did a factory reset and re-flashed the stock rom to make sure there's no track of previous roms.
4. I then wanted to relock the bootloader in order to keep my device safe and enjoy having a normal device like any others without the ugly message at the startup.
5. So I put it in fastboot mode and executed "fastboot flashing lock" or "fastboot oem lock" and it gave me the options and I locked the bootloader.
6. after this, I can't do anything else. it keeps showing me the page where it says Your device is corrupt. It can't be trusted and will not boot and in order to get rid of I need to keep unlocking the devices relfashing everything and the rest of the story.
I've read all the accurate and inaccurate infos on forums where another guy claims when he did turn everything to stock (recovery + rom + factory reset) things go back to normal and he's done. in my case it doesn't work.
Please help me, how I can be able to relock the bootloader without running into Your device is corrupt. It can't be trusted and will not boot.
Thanks.
First I think no help is stupid, since that is the regular way of doing it. Second you should have read extensively before doing what you did. T-mobile is very specific device. What he probably didn't mention is that you need the original rom t-mobile branded, since you need original software to be able to relock bootloader. I would recommend use msm- tool to recover you device. Read carefully and next time just be sure that what you are doing is informed.
I have unlocked the device and installed everything. the phone works like a charm.
My only problem is that I can't re-lock the bootloader.
bahadorkh said:
I have unlocked the device and installed everything. the phone works like a charm.
My only problem is that I can't re-lock the bootloader.
Click to expand...
Click to collapse
That was my point in order to relock your device you must have the original firmware that the phone came with if it's t-mobile. Installed in both slots. Then you can relock you device.
Please try this thread
[OP7T T-MOBILE][OOS 11.0.1.5 HD63CB] Unbrick tool to restore your device to OxygenOS
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been...
forum.xda-developers.com
After the first boot you must update via OTA, then after the 7T reboots you can go back into the bootloader and relock it. I'm typing this message out on my T-Mobile 7T running the Global OOS 11 version. _ANY_ modification to the system whatsoever will cause the "Device is Corrupt" error, due to a mismatch of the keys used by OnePlus to sign the firmware. I've attached a screenshot of my "About phone" section as proof of the conversion, however, I can't show proof of my bootloader's state because I don't have access to a PC at the moment and *#*#7378423#*#* didn't work, neither did *#*#7378423*#*#. If I remember to the next time I'm near a PC I'll add proof of that too.
For further reading see::
1.) https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-key-set
And
2.) https://source.android.com/security/verifiedboot/dm-verity
P.s. I do realize that I'm almost a year late to this discussion, but I thought knowing would/could still be useful to someone.
Hello.
I am currently looking to buy this phone and flash a custom os, if someone could please answer them that would be great:
1) After unlocking and locking does the phone go back to Widevine L1?
2) How easy is it to unlock the phone's bootloader (is it as simple as fastboot oem unlock or similar?) and how hard is it to lock the phone's bootloader (is it as easy as fastboot oem lock?)
3) Do most custom OS's support Widevine L1?
4) If I lock the bootloader whilst having a custom OS how hard is it to flash back the stock OS?
Looking forward for replies.
Hey there!
1. I am currently rooted and it still says Widevine L1 (checked with DRM Info app).
2. I don't think there's a phone that has easier bootloader unlocking/locking.
3. The Zephyrus custom ROM, which I currently use has Widevine L1 support. I don't know about other roms.
4. Haven't done that personally, I know GrapheneOS recommends locking the bootloader for better security, but I am pretty sure it doesn't have to be permanent, and it should be fairly easy to go back to the stock firmware. Just remember not to lock the bootloader while rooted, as that would brick your device and it probably wouldn't be easy to fix.
Hello. For exact instructions on how to unlock the bootloader, click the yellow "How-To Guide" quick filter at the top of the list of threads in this section. You'll see three or more guides that include the subject.