Lock Bootloader with TWRP and custom ROM? - Xiaomi Poco X3 NFC Questions & Answers

Is it possible to lock the bootloader with TWRP and a custom ROM installed and still use the device? Can I still flash ROMs in TWRP without hard/soft bricking my POCO?

Ungeskriptet said:
Is it possible to lock the bootloader with TWRP and a custom ROM installed and still us the device? Can I still flash ROMs in TWRP without hard/soft bricking my POCO?
Click to expand...
Click to collapse
Short Answer: No it's not feasible to do that, reason behind that is AVB 2.0 (Android Verified Boot). It checkes for a pre-existing hash of all paritions signed by the OEM key (in this case Xiaomi), If there are conflicts found and Bootloader is in Locked state, The result would be a Fatal Error and would skip booting The OS to go to repair mode (aka EDL mode), which you can access in Xiaomi devices only if you have a verified EDL account.
Besides, even if you modify the Bootloader Binery or signed the twrp.img with the oem key (which you don't have access to), you wouldn't be able to flash anything anyway, since the device would consider any modifications after that a fatal error as well and won't boot.
Long Answer: read up on the follwing topics:
1- Android verified boot https://android.googlesource.com/platform/external/avb/+/master/README.md
2- FROST attack on unlocked bootloader (The reason android implemented avb) https://www.cs1.tf.fau.de/research/system-security-group/frost/

Related

Is the bootloader mistakenly unlocked on my s6 AT&T version?

Hi,
I recently got a brand new s6 G920A AT&T version from an authorized reseller. To my surprise the firmware on it is very old - 5.0.2 with sw version G920AUCU1AOCE
I have heard that this firmware was a pre-release/developer/engineering version of s6 and has unlocked bootloader. Is that true?
How do I find if the bootloader is locked or unlocked in my samsung s6 or for that matter in *any Samsung* phone? Is it possible to check using Odin or some other tool on whether the bootloader is unlocked?
Please let me know your thoughts or ideas! If the above is true, I could perhaps extract the unlocked bootloader and share it with everybody else!!
Thanks!
Alright Interesting...
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
I hope i was helpful to you, if not then i'm sorry to have wasted your time.
Thanks @ROOT67! Let me try both options out and get back on this thread.
ROOT67 said:
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
I hope i was helpful to you, if not then i'm sorry to have wasted your time.
Click to expand...
Click to collapse
Both the methods did not work! Please see for details below.
ROOT67 said:
Use ADB:
=========================================
1. Make to go to about device and tap build number 7 times.
2. Go to developer options (Above About Device)
3. Check usb debugging and oem (Just in case)
4. Connect your phone to your computer via usb cable (Of Course)
5. Download ADB Fastboot if you haven't already =====> https://forum.xda-developers.com/showthread.php?t=2317790
6. Install it and after that it should be set-up
6. Type the command fastboot devices
7. Then type fastboot oem device-info (BTW I am sorry for letting you know now but i think you might need to be in downloading mode or something to use the commands)
8. It should tell you if it is unlocked or not
==============================================
Click to expand...
Click to collapse
I could not put it in fastboot mode. Do we know if the Samsung s6 supports fastboot mode? If so, how to put it in fastboot mode?
Also as a side note, in developer mode under settings, I could find check box for USB debugging but not for OEM. There was another post which said that OEM checkbox was added under developer options only after bootloader lock was introduced in 5.1.1 firmware. Not sure if this is true.
Method 2:
1. Boot up the phone normally then open the phone application and go to the dialer
2. *#*#7378423#*#*
3. Then service info --> configuration
4. Then it should say one of the following:
---------------------------------------------------------------------------------------------------------------------------------
1. Bootloader unlock allowed --Yes >> This means that your Bootloader is Locked
2. Bootloader Unlocked - Yes >> This means that your Bootloader is unlocked
Click to expand...
Click to collapse
When I dial this number, nothing happened. Is there a different number for Samsung s6?
It's not a pre-release/developer/engineering firmware. It's just a really old firmware which released for public officially.
jilebi said:
Both the methods did not work! Please see for details below.
I could not put it in fastboot mode. Do we know if the Samsung s6 supports fastboot mode? If so, how to put it in fastboot mode?
Also as a side note, in developer mode under settings, I could find check box for USB debugging but not for OEM. There was another post which said that OEM checkbox was added under developer options only after bootloader lock was introduced in 5.1.1 firmware. Not sure if this is true.
When I dial this number, nothing happened. Is there a different number for Samsung s6?
Click to expand...
Click to collapse
No other number is available that i know of, like the person above stated it is a old firmware version and with that said i would highly try to prevent any updates from installing. I would love to help you out, but since i have no idea as to what would be needed to tell if the bootloader is unlocked, but i do know since Samsung is against us rooting and using our devices the way we want, it is safe to assume the bootloader is locked and because you have at&t variant. Your best bet to get your device bootloader information is to look around on the XDA forums.
Do you have any details on whether the bootloader was locked or unlocked for this old version? How can one test or check if bootloader is locked?
forumber2 said:
It's not a pre-release/developer/engineering firmware. It's just a really old firmware which released for public officially.
Click to expand...
Click to collapse
jilebi said:
Do you have any details on whether the bootloader was locked or unlocked for this old version? How can one test or check if bootloader is locked?
Click to expand...
Click to collapse
All AT&T branded nearly-new (including S6) Samsung devices has a non-unlockable locked bootloader.
There's no way to test that.
here are a couple of test scenario that i can think of. let me know your thoughts on them
- if the device is rooted, load a custom recovery like TWRP. next, try to boot into custom recovery. if it boots into custom recovery, bootloader is unlocked. if not, try to restore factory recovery using odin.
- if the device is rooted, load a custom ROM. next, try to boot into custom ROM. if it boots into custom ROM, bootloader is unlocked. if not, try to restore factory ROM using odin.
Will these test scenarios work? If not, what are the potential issues you see?
forumber2 said:
All AT&T branded nearly-new (including S6) Samsung devices has a non-unlockable locked bootloader.
There's no way to test that.
Click to expand...
Click to collapse
jilebi said:
here are a couple of test scenario that i can think of. let me know your thoughts on them
- if the device is rooted, load a custom recovery like TWRP. next, try to boot into custom recovery. if it boots into custom recovery, bootloader is unlocked. if not, try to restore factory recovery using odin.
- if the device is rooted, load a custom ROM. next, try to boot into custom ROM. if it boots into custom ROM, bootloader is unlocked. if not, try to restore factory ROM using odin.
Will these test scenarios work? If not, what are the potential issues you see?
Click to expand...
Click to collapse
- There's no custom recovery or custom kernel for SM-G920A, because of the reason I've wrote above.
- Installing a custom ROM doesn't require an unlocked bootloader unless the ROM doesn't require custom kernel. (Custom ROMs for SM-G920A don't require custom kernel (except leaked engineering/debugging kernel from Samsung for disabling dm-verity))
forumber2 said:
- There's no custom recovery or custom kernel for SM-G920A, because of the reason I've wrote above.
- Installing a custom ROM doesn't require an unlocked bootloader unless the ROM doesn't require custom kernel. (Custom ROMs for SM-G920A don't require custom kernel (except leaked engineering/debugging kernel from Samsung for disabling dm-verity))
Click to expand...
Click to collapse
Got it. Thanks. That makes sense.
Here is another option. For making custom recovery, my understanding is that partition info is needed. If the device is rooted e.g. using Pingpong (which works for this Android version), then one can get a partition info and compile TWRP for G920A. If so, can one try to install custom recovery like TWRP and verify if bootloader is locked? It feels to me that this may work. Do you see any flaws?
One possible flaw is that if bootloader is locked, it will prevent recovery from loading. So the phone will be without a working recovery. In that case, can factory recovery be re-installed using Odin?
Also, will any of the above steps trigger the KNOX flag?
jilebi said:
Got it. Thanks. That makes sense.
Here is another option. For making custom recovery, my understanding is that partition info is needed. If the device is rooted e.g. using Pingpong (which works for this Android version), then one can get a partition info and compile TWRP for G920A. If so, can one try to install custom recovery like TWRP and verify if bootloader is locked? It feels to me that this may work. Do you see any flaws?
One possible flaw is that if bootloader is locked, it will prevent recovery from loading. So the phone will be without a working recovery. In that case, can factory recovery be re-installed using Odin?
Also, will any of the above steps trigger the KNOX flag?
Click to expand...
Click to collapse
You don't have to get partition info, and compile TWRP. All S6 variants are using same partition name scheme and there are no difference on TWRP builds between S6 variants (except kernel and DTB).
The bootloader won't allow you to flash any custom recovery image (via Odin or in Android OS). If you could flash it, It won't boot it up anyway.
I don't have any idea about the KNOX trigger on AT&T variant devices, but I think it won't increase anyway.
forumber2 said:
You don't have to get partition info, and compile TWRP. All S6 variants are using same partition name scheme and there are no difference on TWRP builds between S6 variants (except kernel and DTB).
The bootloader won't allow you to flash any custom recovery image (via Odin or in Android OS). If you could flash it, It won't boot it up anyway.
I don't have any idea about the KNOX trigger on AT&T variant devices, but I think it won't increase anyway.
Click to expand...
Click to collapse
Sorry, I perhaps misunderstood from your last post that since custom recovery is not available for G920A it implied its partition info was different from other variants. If it is the same partition structure for all variants, then I guess we can use the TWRP for the G920F international version for which bootloader is unlocked.
Now that we agree that TWRP is available for use on G920A, the next question is how to load it. My thought is that if the device is rooted that means one can use dd at root shell prompt to write TWRP to the recovery partition, without using Odin or the current bootloader. Do you agree?
Not sure I understand why you say that if one could flash TWRP it would not boot anyways. If bootloader is unlocked (which is what we are testing here), then it should boot, right?
jilebi said:
Sorry, I perhaps misunderstood from your last post that since custom recovery is not available for G920A it implied its partition info was different from other variants. If it is the same partition structure for all variants, then I guess we can use the TWRP for the G920F international version for which bootloader is unlocked.
Now that we agree that TWRP is available for use on G920A, the next question is how to load it. My thought is that if the device is rooted that means one can use dd at root shell prompt to write TWRP to the recovery partition, without using Odin or the current bootloader. Do you agree?
Not sure I understand why you say that if one could flash TWRP it would not boot anyways. If bootloader is unlocked (which is what we are testing here), then it should boot, right?
Click to expand...
Click to collapse
A custom recovery is not available for G920A, because no one could try any custom recovery on G920A due to locked bootloader.
Yes you can write the recovery image via dd at root shell prompt.
And yes, If bootloader is unlocked, it will boot it up.
Sorry to ressurect this old thread, but can you (or anybody else who is knowledgeable) answer the following?
1. Since custom recovery is not available for G920A, which of the Tmobile/Sprint/International versions of TWRP custom recovery would you recommend to use for testing if bootloader is unlocked, using either ODIN or dd method?
2. If bootloader is unlocked, you are suggesting below that it should boot up. However, if it is locked, then will the phone still boot up? i.e. if one does not go into recovery mode, will it still boot up or does the bootloader check if both recovery and kernel are signed and if it finds that the recovery is unsigned, will it also prevent the signed kernel from booting up?
Thanks!
forumber2 said:
A custom recovery is not available for G920A, because no one could try any custom recovery on G920A due to locked bootloader.
Yes you can write the recovery image via dd at root shell prompt.
And yes, If bootloader is unlocked, it will boot it up.
Click to expand...
Click to collapse

Re-lock bootloader without erase?

I really hate that boot screen that makes you think your phone is going to blow up because the bootloader is unlocked... I realize that having it unlocked is perfectly fine, and with Magisk, all the Google security stuff still works just fine.. I also know that an unlocked booloader makes it much easier to flash updates (flash-all but remove the -w) ... So please don't try to explain why I should leave my bootloader unlocked.
WIth my HTC phones, unlocking the bootloader would erase the phone (obviously, and just like the Pixel 2). Locking the bootloader wouldn't erase the phone on the HTC, but with the Pixel 2, the instructions say that it WILL ERASE THE PHONE.
With the HTC, the wipe happened in recovery, so if I had TWRP installed, the phone wouldn't erase... I could easily switch between locked and unlocked, and as long as I had TWRP installed, the phone would "think" it was going to erase, but I stopped it.
So my question is... Does the Pixel 2 wipe the phone on lock/unlock through recovery? If so, can I lock the phone with TWRP installed in recovery and prevent that lock? I know I can make a backup and try it and see, but since the Feb update, getting into a decrypted recovery has become a pain (remove pin/password, reboot, reboot to recovery, do what you want, reboot to system, add the pin/password, add fingerprint, open EVERY SINGLE APP THAT USES FINGERPRINT AND SET LOGIN AND REGISTER THE FINGERPRINT - it frustrates me, in case you can't tell).
You cannot flash TWRP unless you are unlocked so at this time there is no way to unlock the bootloader without a full wipe.
I think you misunderstood the question. I have unlocked the bootloader (let it wipe) and installed TWRP. I want to know if the re-lock will wipe through recovery (and therefore be stopped by TWRP) or if it does the wipe using some other method (and therefore wiping regardless).
1. You won't be able to maintain your userdata while switching between locked and unlocked states.
2. You will likely not be able to boot your device either after locking your phone.
For 1)
The Pixel 2 enables FBE (filesystem-based encryption) by default for your userdata partition. The encryption keys are derived from a hardware secret (accessible only from TrustZone), the RSA public key that was used to sign the boot image and a flag (whether it is locked or unlocked). The latter parameters are provided by the bootloader (lk) to the Keymaster trustlet (running in TrustZone).
If any of these parameters change, then the encryption keys will change as well. As a result, your files will remain inaccessible even if you were hypothetically able to flip the lock state.
For 2)
Unlocking the bootloader (fastboot flashing unlock) will disable verification of the boot image. TWRP is installed by modifying the boot image (in both the "a" and "b" slots) which invalidates the Verified Boot signature that covers this boot image (stored in the vbmeta partition). When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Source: reading the lk source code and various Android documentation such as https://source.android.com/security/encryption/file-based
Lekensteyn said:
When the device is locked again, the bootloader will fail to pass the signature check and stay in the "red" boot state. At that point I guess you have a brick (I have not tried this myself for obvious reasons).
Click to expand...
Click to collapse
The signature of the Custom ROM (Official LineageOS) can be integrated into the bootloader before re-locking the bootloader.
But this is the problem: "Lineage Recovery is also built in userdebug mode, that's a problem. When Lineage recovery is built this way, it allows any package, signed or unsigned, to be installed on your phone. This effectively negates the benefits of locking the bootloader. [...] In fact most custom ROMs simply use TWRP or another third party recovery which has the same issues as they are designed to never even look at the signatures of the packages they are flashing to your device."
"A discussion about bootloader locking/unlocking... AKA I want to relock my bootloader, should I?: LineageOS"
https://www.reddit.com/r/LineageOS/comments/n7yo7u

Bricked Pixel 2 - locked bootloader & no access to developer options - please help

Bricked Pixel 2 - locked bootloader & no access to developer options - please help
Hello guys, I just bought myself a Pixel 2 device today and decided to have a go at some changes: I've unlocked my bootloader of my Pixel 2 to perform TWRP flashing & Magisk installation and afterwards I decided to revert to stock.
The first step that I did when trying to revert to stock was to relock the bootloader via adb because I thought (big mistake) this will also revert everything to the factory image. Problem is right now the device isn't booting anymore (so I cannot change anything in developer settings and the bootloader is locked).
Fastboot does work now (I get an "FA8271A02780 fastboot" message when typing fastboot devices) but I cannot flash anything (it always says FAILED: remote Flashing unlock is not allowed.
I tried the Deuces script and UAF but they don't work (because my bootloader is locked). Given that I cannot unlock it, is there any way of flashing the stock image on my device? Any help is appreciated. Thanks a lot.
Sadly I don't believe so. Google doesn't allow us to flash anything without bootloader being unlocked. Other OEMs either have a program or allow you flash signed roms with a locked bootloader. For the trouble iTunes is at least you flash firmware through in the event of a Brick

Help! how to re-lock bootloader with magisk models?

As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Markpeng0315 said:
As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Click to expand...
Click to collapse
You can't have a locked bootloader with any changes to system like that or verified boot will not let it boot up, as you've seen and there's really no way around that
If you change aboot, it still won't boot
if i modify vbmeta partion and compeletely changed verification files? is it possible? or could i flash a boot file modified from Android older version to skip this limit. thanks
Not possible, but I do not understand why you would even worry about un rooting. I see no possible reason why you would even risk bricking your device!
But if it means so much to you go ahead, and then you will know why.
I recommend against it, you will basically have a paperweight. When you relock the system checks for a signature, if it is not found, then the phone won't boot. Or something like that.
Markpeng0315 said:
As title said: I have an 1+8 device and unlocked bootloader lock,but I am wanna to keep my magisk models and re-lock it. I also flashed twrp and edxposed. could I re-lock using custom vbmeta partition? or modify my aboot to remove boot verify. If I directly use "fastboot oem lock" ,it says a letter said my device are occoupt? or sth,in red. could these methods jailbrake google's boot verify ,disable ignore these red letter ,directly boot hydragon os or oxygen os? thanks
Click to expand...
Click to collapse
Sounds like you want to modify the boot.img and create a sub partition to force boot a custom firmware? If that's the case then you seem to know about coding or at least modifying firmware. So why don't you just download OnePlus 8 firmware, create a virtual SDK and play around with the new Android 10 firmware. Because even if you did these modification on other phones it stands to reason that they were on older Android builds. This will keep your phone safe and give you the opportunity to test your theory. Happy modding!

How to relock bootloader?

I factory reset my phone through TWRP after unlocking bootloader, rooting and bricking trying to get read write access.
But my bootloader is still unlocked and now preventing me from updating OTA update to Android 11.
As long as you remain unlocked you will not get updates. Just download the 11 stock ROM and fastboot it. You will be updated.
boltjuice said:
I factory reset my phone through TWRP after unlocking bootloader, rooting and bricking trying to get read write access.
But my bootloader is still unlocked and now preventing me from updating OTA update to Android 11.
Click to expand...
Click to collapse
You can get the firmware with LSMA
Rescue and Smart Assistant (LMSA)(Motorola/Lenovo Only)
Rescue and Smart Assistant LMSA: Lenovo's Motorola Smart Assistant (PC) For Lenovo and Motorola Devices Only Rescue and Smart Assistant (LMSA) is an official tool installs on PC. Can help to manage smart device (include all Lenovo android phone...
forum.xda-developers.com
I just downloaded it and ran the rescue but it just flashed the rom and is still unlocked.
Is there an option to re-lock bootloader with that tool?
What is your carrier and where did you get your phone? Not every bootloader can be unlocked.
Carrier is metro PCS. Model # XT2113-2
I did a factory reset. But I still get the message bootloader is unlocked when it boots.
I just want to re-lock it and revert it back to stock.
ADB code: fastboot oem lock
didnt work. Just made my phone not boot with error "no valid operating system could be found."
ADB code: fastboot oem unlock
restored it to booting again with same bootloader is unlocked message.
Any way to re-lock this?
boltjuice said:
Carrier is metro PCS. Model # XT2113-2
I did a factory reset. But I still get the message bootloader is unlocked when it boots.
I just want to re-lock it and revert it back to stock.
ADB code: fastboot oem lock
didnt work. Just made my phone not boot with error "no valid operating system could be found."
ADB code: fastboot oem unlock
restored it to booting again with same bootloader is unlocked message.
Any way to re-lock this?
Click to expand...
Click to collapse
Re locking is not advisable, can be tricky with Moto devices
Re-Locking see Post #4
I'm a little unclear what state your device is in atm.
I just downloaded it and ran the rescue but it just flashed the rom
Click to expand...
Click to collapse
but then you write
I just want to re-lock it and revert it back to stock.
Click to expand...
Click to collapse
"it just flashed the rom" implies to me that the moto rescue software flashed a stock image so you now should be back to stock (I'm not sure what was downloaded tho). Regardless of how you flash (moto's rescue tool or by using fastboot with the device booted into the bootloader), I'd recomend using an image specific to MetroPCS (assuming the device was originally a metroPCS device and not something else like retus) and not one older than the last stock version flashed to your device.
It might help to boot your device into the bootloader, and then record the output of
Code:
fastboot getvar all
the lines with `ro.build.fingerprint` (perhaps also ro.carrier) in them will tell you what bootloader is currently running on your device and should help you figure out what the last stock version was flashed to your device.
HTH
notmyrealhandle said:
I'm a little unclear what state your device is in atm.
but then you write
"it just flashed the rom" implies to me that the moto rescue software flashed a stock image so you now should be back to stock (I'm not sure what was downloaded tho). Regardless of how you flash (moto's rescue tool or by using fastboot with the device booted into the bootloader), I'd recomend using an image specific to MetroPCS (assuming the device was originally a metroPCS device and not something else like retus) and not one older than the last stock version flashed to your device.
It might help to boot your device into the bootloader, and then record the output of
Code:
fastboot getvar all
the lines with `ro.build.fingerprint` (perhaps also ro.carrier) in them will tell you what bootloader is currently running on your device and should help you figure out what the last stock version was flashed to your device.
HTH
Click to expand...
Click to collapse
I factory reset the phone. Everything gets reset except for the unlocked bootloader does not re-lock... which prevents me from OTA update to Android 11.
Ok. If I understand correctly, your post with "it just flashed the rom" means a factory reset (and no flashing an image via moto's rescue tool or fastboot) - my misunderstanding.
As I mentioned to you in my reply to your PM, I don't use stock other than to initially get the bootloader unlocked, test a few things, and occasionally verify that my device still works on stock.
Others posting in this thread have offered helpful and safe suggestions - consider following these. I do a fair amount of "risky" tweaking with custom roms so please be cautious about the following suggestions/observations. (Apologies if my comments below seem basic - it looks like you've tried some fairly sophisticated tweaking of your own but it's hard to judge others skill level in a forum.)
Based on your comment:
made my phone not boot with error "no valid operating system could be found."
Click to expand...
Click to collapse
I suspect your phone wont boot after re-locking due to prior modifications to it's OS, the evidence of which can survive a factory reset. Re-locking enables android to verify that certain parts of the OS have not been modified and if it detects a difference, the device won't boot.
If you insist on re-locking your device now, I think the only way to accomplish that is to re-flash your device with the correct factory (aka stock) image some of which are available on lolinet. This is much more than a "factory reset." The instructions linked by sd_shawdow above should help with this:
Re-Locking see Post #4
Click to expand...
Click to collapse
Choosing the correct factory image is important. For example, I have a XT2113-2 RETUS. At one point early on when I was playing with this device, I tried flashing the TMO variant which is also a XT2113-2 model. My device did not boot until I re-flashed a RETUS variant. It's possible I just made a mistake while trying to flash the TMO variant I can't be certain at this point. If your phone was originaly (meaning new out of the box) a MetroPCS variant, make sure you flash a MetroPCS image.
Android also has roll back protection to prevent reverting to an older image that might have security flaws. The roll back "index" can be written to persistent storage on your phone that not only will survive factory resets but likely also survives flashing factory images. Motorola's implementation of roll back protection does not seem consistent with what I've read online from android/google. I'm pretty sure I had the most recent Android 10 RETUS bootloader on my device but I was able to flash an older factory image and then relock the device while on stock. (As I mentioned in my PM, I have not tried re-locking stock android 11). This observation may be the result of a motorola bug specific to RETUS so don't count on this working for you. Flash an image that is the same as or newer than the newest factory image you've ever had on the device.
Moto's rescue tool apparently can select and download an image for you making the process of image selection easier. I have not used this tool so I don't know how smart it is. Trust your knowledge about what you've done with the device since you owned it.
Lastly, it looks like the OEM unlocking toggle issue I and others have observed upon upgrading to Android 11 is resolved by connecting the device to your carrier and waiting several days. If you don't mind the wait, it's probably safe to flash android 11 (by using an image form lolinet and fastboot or by using the moto rescue tool - not via ota) while the device is unlocked and then re-locking the device.
Sorry about the long post.
HTH.
EDIT: I prefer not to be PM'd. Please just communicate (with me) in the open.
I was on Lineage 19.1 on my 5g ace. When I heard about the version 11 software for Retail US, I went to the lolinet mirrors to download the firmware for my phone.
Make sure oem unlocking in the developer options menu is off. If you can't turn it off you will need to root your phone.
Make sure USB debugging is on and you allow access for the pc your using.
Start adb and verify it sees your phone. If so, type...
reboot bootloader
Verify fastboot is authorized
Use Motoflash Pro to flash the version 11 firmware to my phone. Motoflash can be downloaded from the one 5g ace telegram channel. When it is done close Motoflash Pro and then from your pc use adb to run:
fastboot oem lock
Your phone will ask you if you want to relock bootloader. Choose Yes
Now reboot to the stock recovery and then use power + Volume up to access the recovery menu.
Navigate down to factory reset and select. It will warn you ... Blah blah blah. Now choose reboot system.
Moto boot logo should appear and then setup should begin.
Hopefully this helps someone.

Categories

Resources