Im considering getting one but i have few questions:
1. Is/will it be possible to lock the bootloader? (Not relock, just lock aka return it to original?)
2. Is it possible to have paralel apps? Like Island app but no root needed?
3. Is it possible to block bloat installing every update/disable the wizard? (Again, no root)
4. Can you hide/disable every unwanted app or via adb?
5. Hows watching movies on it?
6. Will custom roms exist?
7. Apparently Samsung doesnt use A/B. Is this true?
Korothi said:
Im considering getting one but i have few questions:
1. Is/will it be possible to lock the bootloader? (Not relock, just lock aka return it to original?)
Click to expand...
Click to collapse
Please clarify on what you're asking. The bootloader comes locked by default. On unlockable devices, it is always possible to relock the bootloader, but you must perform a clean flash of the factory firmware before doing so. Attempting to lock the bootloader on custom firmware will render your device inoperable.
Korothi said:
2. Is it possible to have paralel apps? Like Island app but no root needed?
Click to expand...
Click to collapse
What do you mean by "parallel apps"?
Korothi said:
3. Is it possible to block bloat installing every update/disable the wizard? (Again, no root)
Click to expand...
Click to collapse
No. Root is required to remove bloat.
Korothi said:
4. Can you hide/disable every unwanted app or via adb?
Click to expand...
Click to collapse
Not without root.
Korothi said:
5. Hows watching movies on it?
Click to expand...
Click to collapse
This is a flagship device; I would expect movies would be just fine.
Korothi said:
6. Will custom roms exist?
Click to expand...
Click to collapse
Eventually.
Korothi said:
7. Apparently Samsung doesnt use A/B. Is this true?
Click to expand...
Click to collapse
Yes. Samsung has continued to use the bespoke recovery model. This makes Samsung devices slightly more complicated to flash, but TWRP helps make it easier.
I managed to have a duplicated app (Revolut) setting up the personal area
For social like WhatsApp this feature is integrated and easier.
V0latyle said:
Please clarify on what you're asking. The bootloader comes locked by default. On unlockable devices, it is always possible to relock the bootloader, but you must perform a clean flash of the factory firmware before doing so. Attempting to lock the bootloader on custom firmware will render your device inoperable.
Click to expand...
Click to collapse
Korothi said:
Im considering getting one but i have few questions:
1. Is/will it be possible to lock the bootloader? (Not relock, just lock aka return it to original?)
Click to expand...
Click to collapse
Worth to mention, Once you unlock bootloader and flash custom binary, you can relock bootloader later after flashing stock firmware first but still it leaves footprint and certain features will be stopped working forever. e.g Samsung Pass and Pay and may be more.
V0latyle said:
No. Root is required to remove bloat.
Click to expand...
Click to collapse
V0latyle said:
Not without root.
Click to expand...
Click to collapse
Yes you can remove, disable unwanted bloatware via ADB commands. Personally I've disabled samsung dex and similiar unwanted programs, removed swiftkey and other bloat....
Klaudas said:
Yes you can remove, disable unwanted bloatware via ADB commands. Personally I've disabled samsung dex and similiar unwanted programs, removed swiftkey and other bloat....
Click to expand...
Click to collapse
Any guide and list of what is safe to remove?
Fl1nt91 said:
Any guide and list of what is safe to remove?
Click to expand...
Click to collapse
There is a guide. Search XDA for this thread "Samsung Galaxy One UI - Optimization Guide". You will find there everything you need to debloat by your needs.
dr.ketan said:
Worth to mention, Once you unlock bootloader and flash custom binary, you can relock bootloader later after flashing stock firmware first but still it leaves footprint and certain features will be stopped working forever. e.g Samsung Pass and Pay and may be more.
Click to expand...
Click to collapse
Safetynet fix will not help?
Also what i meant was not relock state for bootloader. I meant lock. For example MSM tool in oneplus locks bootloader (locks, not relocks)
Also "parallel apps" is a feature where you can setup 2 discords for example. It can be built in or if you have root - island app.
Korothi said:
Safetynet fix will not help?
Also what i meant was not relock state for bootloader. I meant lock. For example MSM tool in oneplus locks bootloader (locks, not relocks)
Also "parallel apps" is a feature where you can setup 2 discords for example. It can be built in or if you have root - island app.
Click to expand...
Click to collapse
I don't understand still between lock and relock
As explained above by @V0latyle default state of device is locked. If you want you can unlock it. But once you unlock and flash custom binary you can never lock again as same state before you unlocked. You can relock bootloader with missing some features forever. Nothing can help to restore said functions.
Samsung have two features which give you dual app
1.Dual Apps
2.Secure folder
With both these utilities you can use same app in two environments. Again not all apps may supported.
dr.ketan said:
I don't understand still between lock and relock
As explained above by @V0latyle default state of device is locked. If you want you can unlock it. But once you unlock and flash custom binary you can never lock again as same state before you unlocked. You can relock bootloader with missing some features forever. Nothing can help to restore said functions.
Click to expand...
Click to collapse
To expand on this: Samsung uses Knox Guard and other features to detect whether custom images have been flashed to the device. If this is true, some apps and functions that depend on Knox status may not work.
This is in contrast to other OEMs such as Google - the Pixel series can be restored to factory stock with a locked bootloader, and there will be no trace of the device ever having been modified.
What you can do, on either stock or custom firmware, as long as you're rooted with Magisk, is use Magisk modules such as Universal SafetyNet Fix to spoof device responses to Play Integrity attestation, as well as "hide" Knox status. However, again, this requires root. Magisk modules cannot be used without Magisk root.
To try to explain this simply:
Stock firmware, never unlocked: Knox OK: secure functions will work.
Stock firmware, locked but previously unlocked, custom firmware never installed including Magisk patch and/or recovery, Knox should be OK.
Stock firmware, locked but previously unlocked with custom firmware, Knox tripped: secure functions will not work.
Stock/custom firmware, unlocked, rooted with Magisk, attestation responses fixed via Magisk module: Knox status should not matter, Android/Google secure functions should work but Samsung apps that depend on Knox may not.
It is not possible to reset Knox status once tripped.
Therefore, if the device has ever been modified, even if it's just a Magisk patch, re-locking the bootloader will not return it to the "pure" factory state. So, if you are wondering whether to unlock the bootloader, understand that once anything is modified, you are committed and there is no way back. If you don't intend on modifying anything, don't unlock.
Related
Stock Pixel/PixelXL Kernel + SafetyNet Patch
Current version: android-msm-marlin-3.18-nougat-mr1
Suitable for build: NMF26U
Security patch level: January 5, 2017
I compiled the stock kernel for the Pixel/PixelXL (they both use the same kernel) and applied the SafetyNet patch by sultanxda. The kernel name says marlin, but this also works on sailfish. Google just created one kernel that works on both sailfish (Pixel) and marlin (Pixel XL) devices.
I posted this over in the Pixel thread (as I have the regular Pixel), but thought I'd share it over here as well.
Use case for this kernel:
- If you want to stay completely stock, but have an unlocked bootloader, the SafetyNet is tripped which disables features such as Android Pay.
- This kernel is completely stock except for the addition of a patch that removes the SafetyNet check.
- If you do not have an unlocked bootloader there is no need to use this kernel. It's exactly the same as the kernel included in the stock builds, except with the addition of the SafetyNet patch.
Installation:
- Download attached .zip and unzip into a folder
- Reboot device into bootloader (power down device, then Power + Volume down)
- Connect device to computer
- Verify connection by typing 'fastboot devices'. Your device should show up (check serial number)
- Enter command: fastboot flash kernel <kernel_image>
- Once flashing is complete, enter command: fastboot reboot
- Disconnect device and wait for reboot sequence to complete.
- You now have a stock Pixel with an unlocked bootloader that can use Android Pay
**WARNING**
If flashing this kernel for whatever reason ruins your device, please don't hold me accountable. Use this at your own risk!
And otherwise, I'm not a professional developer, just a hobbyist. Please don't ask me for a ton of help, I only created this kernel because I want to run completely stock, but still use Android Pay while having an unlocked bootloader in case I ever decide to root my device in the future (am running a Verizon Pixel). I will try to maintain this kernel with each new release until I lose interest
Downloads:
NMF26U
All versions
Not sure why no ones replied here yet! - it's no use to me but thank you very much
Just downloaded and tried to install using fastboot but my device is stuck in a bootloop My bootloader is unlocked and I had previously rooted using twrp but I was using the stock recovery. I was on version NMF26O. I'm going to try re-rooting again and see if that fixes it.
I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.
Sakete said:
I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.
Click to expand...
Click to collapse
I might try out a few things later and try different versions of root and post if anything works Thanks mate
THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?
iissmart said:
THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?
Click to expand...
Click to collapse
I'll only do it for the Pixel as that's the only phone I have. It's not super difficult to do this yourself though, if you're somewhat technical it's pretty straightforward to do.
I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.
ghostENVY said:
I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.
Click to expand...
Click to collapse
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.
Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?
churchmice said:
Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?
Click to expand...
Click to collapse
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.
Tylog said:
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.
Click to expand...
Click to collapse
I see, thanks for your explanation. AP is actually not available in my country ( China ), what a pity.
Sakete said:
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.
Click to expand...
Click to collapse
Holy **** thanks for the advice I went ahead and unistalled SuperSU and I added my cards! Thanks!
EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.
anybody managed to get AP working with root?
nbhadusia said:
anybody managed to get AP working with root?
Click to expand...
Click to collapse
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs
DaveHTC200 said:
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs
Click to expand...
Click to collapse
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app
Protibus said:
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app
Click to expand...
Click to collapse
Correct, try adding cards before rooting. Once cards are added, root your phone and Android Pay should still work for making payments, you just can't add new cards to it (you'll have to unroot first for that).
ghostENVY said:
EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.
Click to expand...
Click to collapse
Oh weird, maybe it doesn't work then? Or it could be another issue. I got this idea from someone else who said it works for him. I myself am not rooted so can't verify otherwise.
Hello, will this still get OTA's and install them / or be able to sideload them???
First of all I wanna say that; I take no credit (nor responsibility) for simply linking to someone else's work (posted by kep2008.)
I'd just like to bring some attention to this great little mod originally created for the P9.
!!Only tested, and confirmed working on
L09C432B360!!
Features are:
Deodexing your system.
Disable all system apps in the standard application manager.
Allow fingerprint unlock after a reboot.
Open fully Quickpanel swipe from the right side of the screen (without double swipe).
Virtual Lock button in statusbar (click on the signal cluster icons).
CallRecord.
Rom Control (source here).
Show/hide network type (when wi-fi enabled).
USB Plug/Unplug disable wake up.
Remove high volume warning for headphones.
Change low and critical battery warning percentages.
It is labeled being for the P9 "B361", though I have tested this mod, found it fully working on L09C432B360, and without any issues.
Before flashing/testing, do a backup of data and system!
Link to thread/DOWNLOAD
https://forum.xda-developers.com/p9/themes/mod-low-battery-notification-t3534483/post70458512
Need root?
Is this mod need device rooted??
Laddu_ss said:
Is this mod need device rooted??
Click to expand...
Click to collapse
No, but if you unlock your bootloader some apps might stock working.
zinko_pt said:
No, but if you unlock your bootloader some apps might stock working.
Click to expand...
Click to collapse
Of course your device needs to be rooted!!
I am B350 with FRDl02.. will this work.. Does this include long press volume keys to skip music tracks as mentioned in the original thread..???
NeophyteGS2 said:
Of course your device needs to be rooted!!
Click to expand...
Click to collapse
Why?
Isn't this a zip file (configuration change) to be flashed in TWRP? You can apply camera mod without root, so why wouldn't this one?
zinko_pt said:
Why?
Isn't this a zip file (configuration change) to be flashed in TWRP? You can apply camera mod without root, so why wouldn't this one?
Click to expand...
Click to collapse
That's exactly what it is, a flashable zip. Any changes to the filesystem requires root
NeophyteGS2 said:
That's exactly what it is, a flashable zip. Any changes to the filesystem requires root
Click to expand...
Click to collapse
You don't need root to unlock your bootloader, install a custom recovery and flash zips. It's kind of silly not to root in this case, but it's not technically needed. In fact, you need to do all of those thing first before you can root your phone. So not rooting is simply skipping the last step.
sic0048 said:
You don't need root to unlock your bootloader, install a custom recovery and flash zips. It's kind of silly not to root in this case, but it's not technically needed. In fact, you need to do all of those thing first before you can root your phone. So not rooting is simply skipping the last step.
Click to expand...
Click to collapse
Sorry, I'm not trying to be rude but just trying to prevent people soft bricking. Without root, dm-verity is still enabled and any changes to the /system partition will prevent your device from booting. The very first mod (deodexing system apps) is making changes to your /system and will trip dm-verity
Will it work?
PuffDaddy_d said:
Will it work?
Click to expand...
Click to collapse
Most probably. The dev has one on order.
May not on day one, but I'd expect it very soon.
The question is how long will Magisk continue to work. According to an XDA:
Full documentation on the Titan Security Module is not yet available, but a few Google engineers have posted Tweets that give us some information. First, in response to a tweet by Dees_Troy, lead developer of TWRP, Google’s tech lead for Android hardware-backed security subsystems, Shawn Willden, states that the new security module will not be used for runtime system analysis. This is important for Magisk users because hardware-backed runtime system analysis would make systemless-root much more difficult. However, Google already opened up an API for the Trusted Execution Environment (TEE), so runtime system analysis could still happen in the future (in other words, there could still be bad news for Magisk.)
Click to expand...
Click to collapse
mycall0 said:
The question is how long will Magisk continue to work. According to an XDA:
Click to expand...
Click to collapse
I wouldn't expect Google to purposely use it to kill Magisk... however I would expect them to make it difficult to be rooted and still pass the SafetyNet check.
I'm just surprised that nobody has confirmed that Magisk works on the P3 yet.
I mean, my phone was delivered this morning, so I assumed that tons of people all over the country were eagerly unlocking bootloaders and flashing away.
But still all quiet here on this thread?
From what I understand, that's because the factory image is only out since a few hours...
Someone on the Xl forum tried and the phone didnt boot so he had to factory flash the image. So looks like its the waiting game for root.
TopJohnWu will have his pixel Friday. He is excited about it, I bet we have root by Monday.
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.
Eudeferrer said:
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.
Click to expand...
Click to collapse
Guess I've not tried using my phone unlocked without magisk in awhile...
jsauder2 said:
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).
CSX321 said:
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).
Click to expand...
Click to collapse
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
Ah, good question. I don't know. I've always had my phone unlocked and rooted.
jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.
tysj said:
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.
Click to expand...
Click to collapse
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.
imsaguy said:
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.
Click to expand...
Click to collapse
confirmed same results on Pixel 3 (non XL)
jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
Yeah that's always been the case with unlocked bootloader
He just rooted the 3XL according to his Twitter. Release this weekend maybe?... Dude wasted no time, absolute machine.
Follow the instruction of your OS (GrapheneOS or CalyxOS) as normal, then just before locking the bootloader back follow the guide here. The end result is a OS with Magisk and root, but the bootloader can not be lock again (because of the root process).
So, if you would like to be able to record call, block advertisement and enjoy your device because it is your freedom to do with your device what ever you want, root your OS.
PS, if security is more important then privacy, rooting is not the way to go, at the moment I didnt find how to maintain both
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
shoey63 said:
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
Click to expand...
Click to collapse
Source?
96carboard said:
Source?
Click to expand...
Click to collapse
It's all in This thread
Edit: More reading Here
shoey63 said:
It's all in This thread
Edit: More reading Here
Click to expand...
Click to collapse
Your links seem to be showing something about current issues that people are having, not about something "in the future" regarding enforcement of locked bootloader.
Edit: what I'm looking for is some statement from gooble that they intend to make some changes with respect to this, otherwise it appears to be just speculation.
Edit 2: The subject is also pretty off topic, since there's a good chance that it doesn't come into play at all with graphene or calyx, both of which do NOT include integrated binary gooble services. Graphene goes to a lot of trouble to make it installable, but strongly isolated from everything else, which includes restricting hardware status flags from being readable by it. Calyx promotes microG.
96carboard said:
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Click to expand...
Click to collapse
It may be old news for you, I didnt find it anywhere. That is why I posted it here, just in case there are people like me that looking for that answer.
Asking in the GrapheneOS chats, I only got an answer that rooting is not supported and not recommended.
Since I'm using call recorder to my work and will be glad to block advertisements locally, and god forbid, I also would like to use either Graphene or CalyxOS.
I dont see other way around it unless using root.
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
HQwarp said:
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
Click to expand...
Click to collapse
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
96carboard said:
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
Click to expand...
Click to collapse
Very sad respond from you. You can be helpful and point me to the right direction and with less arrogance attitude of yours...
XDA is a place to share knowledge, not to show your arrogance on how good you are to type in google search.
FYI, if anyone want to sign the bootloader after using Magisk this is probably the way
Rooting Graphene/Calyx/LeOS/DivestOS/eOS/CopperHead completely defeats t he purpose as now it gives potentially a malicious app root abilities.
As the head of Graphene's Twitter once said "but why... that opens so many security risk doors"|
You can't re-lock the bootloader with root unless you create a new avb-key. Don't bother rooting security roms, its pointless.
Yes, you are right, it is lowering the security of the phone. But, that's ok, each one with his use case of attack. If it is ok for you to use your phone without sudo, good for you. Since I'm not Edward Snowden and I'm not afraid to use sudo on my machines, and when I do, I know enough when and how to use it.
Therefore, I don't see why I can't use sudo on my phone. Especially when some of us do need our phone to perform tasks that currently are not supported by Security oriented OS as you mentioned, AND also do want to lower our information footprint on the net. For this case using sudo on the formation ROMs seems ideal.
HQwarp said:
Very sad respond from you.
Click to expand...
Click to collapse
Very sad that you expect to be spoon fed when you have the capacity to search for yourself.
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
This is exactly what I needed https://github.com/chenxiaolong/avbroot
I believe so anyway, still actually trying to get it to work, just need to setup android studio as far as I can make out
then you can easily patch the rom with magisk and sign it with your own keys
And this information could be useful as well https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/
FireRattus said:
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
Click to expand...
Click to collapse
So how would this work? Would I have to unlock and wipe after every update
cammykool said:
So how would this work? Would I have to unlock and wipe after every update
Click to expand...
Click to collapse
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
FireRattus said:
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
Click to expand...
Click to collapse
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Spl4tt said:
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Click to expand...
Click to collapse
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Follow step 6 in the previous section to patch the new OTA (or an existing OTA with a newer Magisk APK).
Reboot to recovery mode. If stuck at a No command screen, press the volume up button once while holding down the power button.
Sideload the patched OTA.
Reboot.
Click to expand...
Click to collapse
FireRattus said:
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Click to expand...
Click to collapse
If updating is that easy with a locked bootloader I'm gonna try this. Thanks for your efforts man
Anyone know if I can I expect the same procedures to work for GOS installed on a Pixel 5 or 4?
I've successfully rooted my Galaxy Note 3 to play custom boot animations and boot audio. But now I want to try it on my main device; the Galaxy Note 20 Ultra. I only want to modify "bootsamsung.qmg", "bootsamsungloop.qmg", and try adding "PowerOn.ogg". (Is this even possible on newer Samsung phones?)
Thing is, I don't want to root this device because I still want to get security patches and updates without doing complicated flashing procedures, and I still want to get OEM support.
Is there a way to at least root the phone temporarily without voiding the software legitimacy, and still get support for updates?
(If not then guess I'll just wait till 2025 when the phone stops getting software updates)
ASEM1123 said:
I've successfully rooted my Galaxy Note 3 to play custom boot animations and boot audio. But now I want to try it on my main device; the Galaxy Note 20 Ultra. I only want to modify "bootsamsung.qmg", "bootsamsungloop.qmg", and try adding "PowerOn.ogg". (Is this even possible on newer Samsung phones?)
Thing is, I don't want to root this device because I still want to get security patches and updates without doing complicated flashing procedures, and I still want to get OEM support.
Is there a way to at least root the phone temporarily without voiding the software legitimacy, and still get support for updates?
(If not then guess I'll just wait till 2025 when the phone stops getting software updates)
Click to expand...
Click to collapse
It's a "have one's cake and eat it too" problem.
yes, you can modify phone without rooting phone.
no, you can't modify phone without losing knox/warranty.
no, you can't receive updates on modified phone.
aIecxs said:
yes, you can modify phone without rooting phone.
no, you can't modify phone without losing knox/warranty.
no, you can't receive updates on modified phone.
Click to expand...
Click to collapse
Ah, so even if it's not rooted it'll void the legitimacy when modified?
well that's a bummer
ASEM1123 said:
Ah, so even if it's not rooted it'll void the legitimacy when modified?
well that's a bummer
Click to expand...
Click to collapse
It is obvious that root is a modification of the system.
on locked bootloader no modifications allowed by secure boot chain of trust.
you already trip knox when unlocking bootloader, even if running completely stock ROM.
yeah, i was just hoping if there was a way somehow.
Thanks y'all.