I'm new to Android development but I just read that the Asus Transformer Prime will have a 128-bit locked bootloader... what I don't understand is why Google can require manufacturers to release their source code but not require unlocked (or unlockable) bootloaders. It seems pointless to require release of the source code if you can't install a modified ROM on the device without a hack.
The reason so many devices have locked bootloaders is because it provides a layer of security. If every device manufactured had to be shipped unlocked it would be a nightmare for the manufacturers and carriers to support them. The average user has no need for root access, and likely doesn't know what it is anyways. But often when enough people ask the companies responsible or other developers will provide a method to root any device.
Related
Dear all.
Somehow I ran across the site and it seems that it contains some valuable source code of android on Photon (e.g. kernel_tegra.tar.gz which may include source code for Tegra2 driver). Hope this can help the further development of Photon ROM!
I hope it would also contains hints on unlock bootloader as my friend and I are still stuck at the Japanese stock ROM that are currently NOT unlockable.
Many thanks!
I am sorry that this seems to be old news already as people are already discussing on this thread.
I find something interesting on the system_core.tar.gz, there is a engineering_key.p12 (private key with cert, seems to require passphase) on \system\core\fastboot\. I wonder if this is used for signing the bootloader.
The term BUMPed is the only term I am unfamiliar with as I delve deeper into Android modification. I constantly hear the term BUMPed recovery, BUMPed bootloader, This will only work if you're bumped, etc. Everytime I google this question I find people referencing the term bump as a forum post method, nothing to do with android modification.
I appreciate anyone who takes the time to respond and will indeed be sure to give thanks.
Regards, d00lz.
Me too, I have never heard ppl talking about differences between "bumped" and "non-bumped"
It is what is needed to flash custom stuff on an some newer LG devices due to its locked down nature.
zelendel said:
It is what is needed to flash custom stuff on an some newer LG devices due to its locked down nature.
Click to expand...
Click to collapse
that's pretty much it. bumped essentially just means signed. "bumping" an image is required for LG devices with locked bootloaders, it's basically just signing the image with LG keys to bypass the bootloader's security checks.
Hello!
I have been following annual Google I/O 2017 and heard about all the benefits of Google's Project Treble.
I cannot help but wonder how are developers (for example here at XDA) able to create custom roms or unofficial Android updates. Why Google can't make official Android Nougat update for Nexus 7 2013, but you here at XDA can. What is different between your work and Google's when it comes to these things, as far as neither has access to hardware manufacturer's code support.
I have to say I am not a professional software developer, so I understand if this topic is beyond my comprehension.
Thank you!
"Why Google can't make official Android Nougat update for Nexus 7 2013"
Planned obsolescence.
"neither has access to hardware manufacturer's code support"
Google is obliged to release kernel source code because Linux(the kernel powering Android) is released under the GPL. The kernel is responsible for letting Android "talk" to the hardware. Developers at XDA can then modify the open-source kernel to "fit" newer versions of Android.
I'd like to chime in on this.
Let's use the Nexus 7 2013 as an example. The difference between what an official build of Nougat from Google would be and what a build of Nougat from XDA is that the Google released one will have updated devices drivers that are made specifically for Nougat, while the XDA released one simply uses the older device drivers and hope they work. In some cases they work flawlessly (mostly on Nexus devices), however other times there are things that don't work so they either need to be disabled or worked around. So essentially a Google released OS has everything updated and tested to work with the new OS, while XDA releases are more 'hacked' together to work (simply because the device drivers aren't Open Source). Google may not have access to the hardware drivers, but they still get them updated.
Now let's touch on Project Treble (and why I am so excited about it). Instead of each and every device driver needing to be upgraded and tested for each new OS version, the OS version will specify which version of the drivers (HAL's) will work with the OS. This means there will be a separate space where all the device drivers will reside, and the OS will simply load those when booting (no more proprietary binary blobs to include in the ROM! hopefully...).
This means on any Project Treble compatible device (all phones that ship with Oreo, and some that update to Oreo) with an unlocked bootloader, a user can simply compile AOSP and flash it directly to the device with no modifications and have the device work. I believe this is actually a requirement to pass Google's certification process for new devices with Oreo. That means, say, with the LG v30 if the bootloader is unlocked, there can be an AOSP ROM on day one of its release.
So instead of Android being strictly a per device compile, it is just a general compile (sans device specific features). However, this doesn't remove the old driver issue. If the drivers in their respective partition no longer are updated by the manufacturer, the later AOSP code will need to be modified to work around these (and accept them). This is still easier in my opinion than the binary blobs.
As for official updates, Project Treble allows device hardware manufacturers to work on updating the device drivers while the OS Dev (Samsung, etc) works on updating their OS. So it is a parallel development instead of a serial one (hardware AND os instead of hardware THEN os).
A question.
Do the Nexus 5X devices have the Treble system or project incorporated with Oreo?
I do not understand the other manufacturers that cheaper excuses are giving, it is true that they are not obliged but I think it would be good practice, maybe they think as before that you will not buy them a phone.
Does someone make a Change.org or similar campaign to ask all Android manufacturers to make a minimum effort?
In the past I would take it for granted that a device associated with XDA would come with an unlocked or unlockable boot loader and that the ROM, kernel and source for both the LineageOS and Ubuntu builds would be made available so that owners could try out both or mix their own. Being today's XDA and since I've not seen mention of it anywhere I have to ask whether an unlocked bootloader and fully open ROMS are part of the plan or are there steps in motion to lock people into the OS they choose at time of purchase?
X - stands for any bootloader, so for example the installed Samsung Bootloader or an own one (by the process of changing it, the fuse normally burns)
Hello out there,
is there any way to develop and install an own Linux System on a given Samsung Galaxy Tab and implement the knox security features and use those, a way of rooting and later unrooting the tab and all this without burning of the knox fuse?
How does the knox (software? hardware?) check the given kernel for manipulation? With checksums? And: Is there a checksum to compare with in the chip, that was created at some point in time? How does the knox (software? hardware?) achieve this?
I want to develop it for business reasons.
Thank you for your answers.
Kind regards,
TheLazyGuyDE, Germany
Any interference with the bootloader burning the Knox fuse.
This Videos:
and
and
describe the knox Kernel protection. But how does this work? Is it on a software basis?
How is the comparison getting achieved?
What role does the knox Chip Play within this process? What has to be done Prior/after a Kernel Update and can a Software Change burn the Fuse?
What isn't working anymore after burning the fuse?
How does Samsung put and verify the software on the phones?
Is there a checksum of the installed Android software created in the knox chip?
I don't want to use magisk, but want to have real root mode and want to install an own Linux distribution.
What disadvantages do I have? Can I use all hardware parameters, like SIM-Card, Videocamera, etc.?
Thanks for your answers,
Kind regards,
TheLazyGuyDE
ze7zez said:
Any interference with the bootloader burning the Knox fuse.
Click to expand...
Click to collapse
But how did Samsung themselves prevent this, when they installed their bootloader? There has to be a way to circumvent the burning of the fuse! (I am not a hacker, I am a developer)
System-critical files from samsung are digitally signed with its own algorithm and checked during flashing. Therefore, there is no worry that someone will modify these files and flash. In case of fake flashing, in the mildest scenario the attempt will be rejected, and in the worst scenario the fuse will be burned.
This is why bussiness customers can safely choose samsung products.
p.s.
Hacker does not have a pejorative meaning. It is people without knowledge who demonize hackers, confusing them with crackers.
ze7zez said:
p.s.
Hacker does not have a pejorative meaning. It is people without knowledge who demonize hackers, confusing them with crackers.
Click to expand...
Click to collapse
I do not demonize hackers, I'm sorry if you got that wrong and my words didn't express what I meant: I solely wanted to express, that I am no person who committs any unlawful interference in any aspect, any country in relation to the hacking or cracking of foreign mobile phones or any device.
The only devices I work with and that's allowed are the ones that are mine.
So to speak: Any information or maybe classified information I get is in good hands.
-
In relation to the topic: A digital signature of a kernel seems to be a unique extract from specific bits of it's code, which than has to be programmed into the knox chip to make the comparison possible.
With each Kernel Update, this process has to be done, to make the above mentioned security method possible.
Does anybody know if Samsung offers the possibility of doing so with an own kernel or distro, that is not Android?
Kind regards,
TheLazyGuyDE
TheLazyGuyDE said:
(...)
Does anybody know if Samsung offers the possibility of doing so with an own kernel or distro, that is not Android?
(...)
Click to expand...
Click to collapse
I doubt it.
Samsung does not provide file signing tools.
Verizon has an agreement for the product line, but it is still android based.
Thank you.