So now, the big question is: how can this done easily?
In /e/OS “root debugging” can be enabled. Maybe in CalyxOS too? If yes, is it possible after enabling it to type in the adb command mentioned by @hirnsushi
and execute it without using magisk?
Interesting. From the name of the command I have an idea what it does, but a google search only revealed some posts in the FP-forum from 2017 or so. Where did the ${FATBOOT_BIN}
go?
All in all, does this in any way help to figure out what is going wrong and help to recover already bricked devices?
Doesn’t it make sense that OEM unlocking is greyed out when the bootloader is unlocked? From the wording I would think it does.
Not in iodè
Not in calyxOS
Both are privacy and security focused with verified boot. root and root debugging is not part of this philosophy…
Both are possible to root
But is not suggested and not supported and not the Default
resetprop
is a feature of Magisk to change read-only properties, so no. But installing the Magisk app and fastboot boot
ing a Magisk patched boot.img
should be enough for this to work.
That’s a function declared somewhere else in the script, has been used before to flash the other partitions. It’s essentially a fancy way of saying fastboot flash foo
with some error handling. ${FASTBOOT_BIN}
is just a variable to point to the included fastboot
.
It does, that’s why we need to set ro.boot.flash.locked
to 1
so the system thinks the bootloader is locked and the toggle gets enabled.
But only in /e/OS
Not in iodè and calyx because of verified boot. Both does not allow to boot any not signed images, recoverys or kernels
Not in iodè and calyx because of verified boot. Both does not allow to boot any not signed images, recoverys or kernels
We are talking unlocked bootloader here, that only applies if you locked it, I’m running Magisk on Calyx right now.
How else would I have been able to change that property on a Calyx device that got changed to get_unlock_property=0
?
I managed to set
get_unlock_ability
back to1
again (with an unlocked bootloader, don’t get your hopes up) by using Magisksresetprop
…
The part in bold is important here. This isn’t a way to revive bricked phones, only a possibility to maybe save people beforehand.
installing the Magisk app and
fastboot boot
ing a Magisk patchedboot.img
should be enough for this to work.
I would like to give this a try since I want to use CalyxOS with a locked bootloader. However, I’ve never used Magisk or patched a boot.img to use it – would it be possible for you to point me in the right directions to get started/roughly guide me what I need to do? I would very much appreciate the help!
thanks a lot hirnshushi.
You show a working but not so easy way.
I think, no problem for an expierienced user. But for a novice, it is more than easy.
Maybe there will be an easy solution in the future…
would it be possible for you to point me in the right directions to get started/roughly guide me what I need to do?
Sure
Keep in mind that I haven’t tested this, because I didn’t lock my bootloader afterwards and I can’t guarantee that there’s no possibility left to brick your phone!
With that out of the way, download the boot.img
and the Magisk.apk
(for others trying this on a different ROM, please use the corresponding boot.img
for that ROM!) from those two links to your PC…
For anyone trying out CalyxOS, here’s a Calyx
boot.img
patched with Magisk v24.3.
…and enable ADB debugging on your FP4 if you haven’t already.
- Install the Magisk app by either running
adb install Magisk-v24.3.apk
or transferring the.apk
to your phone adb reboot bootloader
andfastboot boot calyx-3.3.2_magisk_boot.img
should boot you into a Magisk enabled Calyxadb shell su -c 'resetprop ro.boot.flash.locked 1'
should show a prompt on your phone screen to grant root privileges…- Change OEM unlocking to on in Developer options.
adb reboot bootloader
and most importantly check iffastboot flashing get_unlock_ability
actually returns1
- Pray to the ancient gods
fastboot flashing lock
Maybe there will be an easy solution in the future…
There might be, I only went with the tools I know, so others more knowledgeable in low level stuff maybe can help here
- Install the Magisk app by either running
adb install Magisk-v24.3.apk
or transferring the.apk
to your phoneadb reboot bootloader
andfastboot boot calyx-3.3.2_magisk_boot.img
should boot you into a Magisk enabled Calyxadb shell su -c 'resetprop ro.boot.flash.locked 1'
should show a prompt on your phone screen to grant root privileges…- Change OEM unlocking to on in Developer options.
adb reboot bootloader
and most importantly check iffastboot flashing get_unlock_ability
actually returns1
Thank you very much for the guide – OEM re-enabling worked! After having booted with the patched boot.img and issuing adb shell su -c 'resetprop ro.boot.flash.locked 1'
, OEM unlocking can be toggled again and in fastboot, get_unlock_ability
is back to 1
.
Before attempting to lock the bootloader, I rebooted again normally without the patched boot.img. OEM unlocking still is set to “on”, but again cannot be toggled anymore (greyed-out) – is this same for you? For me, it would be enough (I do not need to change OEM locking as I did not before on e/os as long as it is ON).
Just want to confirm everything before I attempt locking…
EDIT: Just realized, that OEM unlocking is grayed out regardless of the state of get_unlock_ability
as it can be only toggled after issuing adb shell su -c 'resetprop ro.boot.flash.locked 1'
granting super-user rights. As it stays “ON”, I should be safe locking the bootloader… (being nervous, nevertheless)
I’m glad it worked without problems so far
OEM unlocking is grayed out regardless of the state of
get_unlock_ability
as it can be only toggled after issuingadb shell su -c 'resetprop ro.boot.flash.locked 1'
That’s correct, yes, ro.boot.flash.locked
is set back to 0
once you reboot, that flag gets set automatically if the bootloader is unlocked. We only changed it temporarily to make the OEM unlocking toggle changeable.
As it stays “ON”, I should be safe locking the bootloader… (being nervous, nevertheless)
I hope it is, I wish you luck.
The gods were with me: Re-locking the bootloader worked – I am running CalyxOS now with locked bootloader
For the record after re-enabling the OEM unlock toggle and OEM unlocking like described, I did:
- boot into fastboot mdoe
fastboot flashing lock_critical
- rebooting into Calyx, reenabling USB debugging and granting connected PC adb rights
- rebooting into fastboot mode
fastboot flashing lock
- rebooting into CalyxOS
I am very happy this worked, thank you!
I’m really glad this worked
Not gonna lie, I was really nervous about this as well!
Congratulations!
For the record: what is the state of the OEM-toggle and fastboot flashing get_unlock_ability
now that you have locked the bootloader?
Without having changed anything, OEM toggle is now “OFF”, but not grayed-out anymore (can be toggled). Don’t know about the state of get_unlock_ability
yet, will check ASAP, but I assume it is 0
now.
Not greyed out is to be expected, but “OFF”, hmm…
I don’t like that it keeps resetting. We really need to know at which point this happens, if it got reset when locking the bootloader again this could have still bricked the phone.
Edit: Ok, after some digging, turns out the devinfo
partition that gets flashed with the updated script stores that kind of information and the answer was in this forum all along
I possibly have an easy way to unlock without factory resetting.Thanks to @Ingo for checking that
Before explaining how it works, I would like to ask someone who has never been unlocked to get me a dump of the devinfo partition. To do that, you’ll need: And the attached <a class="attachment" href="/uploads/short-url/zPPivHFMg8DKzlT2lHAFKMeYlFq.gpx">prog_emmc_firehose_8953_ddr.gpx</a> (434.9 KB) Power off your phone Run ./edl.py r devinfo devinfo.bin --loa…
Now we need to figure out why it doesn’t get saved
Don’t know about the state of
get_unlock_ability
yet, will check ASAP, but I assume it is0
now.
Just had a look and indeed get_unlock_ability
was set to 0
(setting OEM unlock to “OFF”) after issuing fastboot flashing lock
(was not the case after fastboot flashing lock_critical
).
We really need to know at which point this happens, if it got reset when locking the bootloader again this could have still bricked the phone.
Yes. At least in my case, in summary the state of OEM unlock was affected at two occasions:
- after flashing: OEM unlock went from “ON” to “OFF” (
get_unlock_ability
from1
to0
) and OEM unlock toggle disabled (grayed out) - after bootloader locking (
fastboot flashing lock
): OEM unlock went from “ON” to “OFF”, but remained active (i.e. can be toggled)