I am not a developer-this is simply my contribution to the Sprint HTC M8 community as a way to help users have a basic understanding of what Hboot is, and understand the differences and capabilities between Hboot versions. You are free to include my work if you are putting together a guide or FAQ of your own, I only ask that you give credit where credit is due. I've taken a lot of time and put some effort into making this guide as complete as possible, but if you see something you'd like to have added or have a question or comment, feel free to do so. You can also reach me via PM. I do currently own this device, and I will try my best to keep this guide up to date. I am not responsible for any misinterpretations of the information contained within this guide, and I will not be held liable or responsible should you damage your phone or cause an act of war. Now, let's get started.
What is Hboot? Without getting too technical, Hboot is your bootloader. Its functions are similar to that of the BIOS (Basic Input/Output System) on a PC. The bootloader provides a level of security for your phone by preventing unsigned software and firmware from being installed on your phone. At times, the bootloader will be updated to provide bug fixes and security patches. This sounds like a good thing, but it's really just a roadblock for those of us who like to tinker with our phones. This is where unlocking the bootloader comes in to play. Unlocking the bootloader allows us to install custom recoveries, from which we can flash custom ROM's to our phones. Still, however, depending upon the bootloader security, you are still limited to what you can do once the bootloader is unlocked. Unlocking the bootloader on the M8 is accomplished using HTC Dev or the Sunshine S-off exploit. I won't delve into the actual process of unlocking the bootloader, as this is covered elsewhere.
S-on vs. S-off. When you received your M8 new, it shipped with a locked bootloader and was S-on, which meant that bootloader security was on. While true that unlocking the bootloader gives some added functionality, like being able to install a custom recovery such as TWRP (Team Win Recovery Project) or CWM Touch, and allowing the flashing of a custom ROM, there are still limitations. This is where S-off comes in to play. If S-on means security on, then yes, S-off means security off. Once S-off, the bootloader's security is completely removed. Once S-off, you can write permanently to the system partition, install unsigned firmware, mask your Hboot and remove the red development disclaimer from the splash screen, among other things. As more than one developer has put it, you are essentially future-proofing your device. This is especially true given the restrictions that HTC has put in place on the newer bootloaders. Think of bootloader unlocking and S-off like a bank. Bootloader unlocking gets you in the front door; S-off gets you into the vault. Currently, S-off is available via the SunShine exploit. For more information regarding S-off, check out this thread here.
The bootloader screen
How do you access the bootloader menu? If you're running a Sense ROM, make sure you have fastboot disabled in settings. You can go to Menu>Settings>Power and make sure fastboot isn't enabled. Don't confuse the fastboot setting with fastboot in the bootloader-they are not the same. Power your phone completely off. Press and hold the volume down button, then press and hold the power button (most custom ROM's normally let you reboot to the bootloader from the power menu, also). After several seconds you will be presented with a white screen with some information in the top left corner of the screen. Stock, the top line will say "Locked". Once unlocked, the top line will read "Unlocked". If the bootloader has been relocked, the top line will read "Relocked" and will also show a security warning. Once unlocked or relocked, there will also be a "Tampered" warning, as well (as of the 3.19 Hboot update, this line has been replaced with "Software status: Official or Software status: Modified, depending upon whether or not you're stock or using a custom ROM). Below that is the HTC device codename, which is M8_WHL (this is Sprint-specific, as M8's on other carriers have other designations). On this same line, you will see whether the phone is S-on or S-off. The third line from the top is the Hboot version, and below that is the radio (baseband) version. Also different from previous HTC phones is the OS version, which can be found two lines below the radio version. From the bootloader menu there are also options to power off the phone, reboot the bootloader, enter fastboot mode, factory reset and go to recovery. To navigate the menu, simply use the volume keys to move up and down, and use the power button to select. From the bootloader screen you can select the "fastboot" option, whereby you can connect your phone to your PC and issue commands via fastboot USB if you have the correct drivers installed on your computer. You have to have a properly working ADB (Android Debug Bridge) and Fastboot environment set up on your computer first in order to do so. You also have to use it when using HTC Dev to unlock your bootloader, so it comes in handy in more ways than one and doesn't hurt to have it on your computer should you ever need to use it. If you ever find your device caught in a boot loop, when the screen goes black you can hold the volume down button down and the device will boot into the bootloader. Alternatively, if the device is hung up on the splash screen, hold power+volume up until the screen goes black. Release power+volume up and press the volume down button until the bootloader screen appears.
Below is a list of current Hboot versions for the Sprint M8:
Hboot 3.16 Permanent write to /system disabled when S-on. Baseband 1.05.20.0227_2/software version 1.12.651.17; baseband 1.05.20.0321/software version 1.54.651.8; baseband version 1.54.654.10/software version 1.08.20.0610
Harman Kardon version: Baseband 1.05.20.0227_2/software version 1.54.654.9; Baseband 1.05.20.0321/software version 1.54.654.13; baseband 1.08.20.0610/software version 1.54.654.15
Hboot 3.18 Permanent write to /system disabled when S-on. Software version 2.16.651.4/baseband 1.08.20.0612_4
Harmon Kardon version: 2.16.654.4/baseband 1.08.20.0612_4
Hboot 3.19 Permanent write to /system disabled when S-on. Software version 3.30.651.2/baseband 1.08.20.0916; software version 3.31.651.2/baseband 1.08.20.0916; software version 4.20.651.4/baseband 1.09.20.0119 (Android L)
Harmon Kardon version: 3.30.654.2/baseband 1.08.20.0916; software version 3.31.654.2/baseband 1.08.20.0916; software version 4.20.654.10/baseband 1.09.20.0119 (Android L)
Software version 3.31.65x.2 did not include a baseband version update.
***Please note that it is necessary, particularly with Android version 4.4.3 & 4.4.4 builds, to use the firmware & Hboot that corresponds to the software version of the ROM you're using, otherwise, Wi-Fi and other hardware won't work properly. If you're S-on, use an unsecure boot.img (kernel) to enable permanent write to the system partition. Some ROM's utilize an unsecure boot.img. Check the OP of the ROM thread for this information.***
CID Numbers (Sprint only):
SPCS_001: standard Sprint M8
SPCS_004: Harman/Kardon version M8
Bootloader unlocking tools:
BD619's Rooting Guide
hasoon2000's Root Toolkit
WinDroid HTC Universal Toolkit
How to obtain S-off:
***The SunShine exploit can be used to unlock the bootloader as well as gain S-off, making unlocking with HTC Dev unnecessary.***
I take no credit for any of the tools or methods listed above. The above listed tools are the property of their respective developers/contributors.
There always seems to be some confusion among some users regarding root and S-off. First off, they are not the same thing. Root is a method by which users can run privileged commands on their device.
Rooting is typically accomplished by a security exploit that allows the su (superuser) binary to be installed on the device, which in turn installs either the SuperUser or SuperSU app on the device. Both of these apps give the user the ability to grant or deny root apps to function. In addition to running certain apps (like WiFi tether, Root Explorer or Titanium Backup), root privilege can also allow the removal of files and apps which could not be removed by a user with an unrooted phone (for example, removing carrier-installed "bloatware").
Some users think that you must be S-off in order to have what they call "full root", which is simply not the case, as root and S-off are independent of one another. It's actually quite the contrary, as you can have a phone that is S-off but does not have root access. How is this so? Remember, S-off simply means that the bootloader's security is off. In order to root a phone, you must have a custom recovery installed and have the proper superuser binary in place for root to work. S-off methods are not always available when a new phone is released (or when a phone receives updated software and/or firmware), which is why we have methods like HTC Dev to unlock our bootloader.
If a method to gain S-off is available, it's best to use it. Like I stated earlier, S-off is virtually future-proofing your phone, so regardless of any updates that may come out, once you're S-off, that's it: you're S-off until a method is released to put the device back to S-on, and that's something the device user typically initiates. S-off trumps bootloader unlocking because being simply bootloader unlocked, there are still security restrictions on the device. S-off removes those restrictions. But, as stated earlier, without a custom recovery and superuser in place, the device is not rooted. The ideal situation is to be rooted and S-off.
From time to time, it may be necessary to update your phone's firmware, sometimes referred to as your radios or your baseband. This can be done for a number of reasons, ranging from call quality or data connection issues or poor battery life due to outdated firmware, just to name a few things. Personally, I like to keep my firmware version updated to whatever the newest corresponding software version is at the time. Keep in mind that firmware and software are not the same. Software is the ROM you flash via recovery. Firmware is the radios, PRI and whatever other bits a developer chooses to include. The only time you get both packaged together is in a OTA (Over The Air) update sent out by the phone carrier, or by RUU. Since rooted users don't typically take OTA updates, we have to rely on developers to pull the firmware from the update package and re-package it for our use. You must be S-off to install modified firmware on your device. To update your firmware, first download the applicable firmware package. You can download the file to either your phone or your computer. Typically, the file will have an MD5 sum that acts as a fingerprint to verify that your download matches that of the original. You can use an app like Android File verifier to check the MD5 of the downloaded file versus that of the original file. If the MD5's match, you're good to go. If not, you need to download the file again, making sure you check the MD5 again. This is important, as you don't want to screw up a firmware update. A bad firmware flash is a good way to turn your phone into an expensive paperweight. Once you have the file downloaded you need to transfer it to the root (not in a folder) of your external microSD card. Firmware updates cannot be run from the phone's internal memory. Check and make sure that the file is named 0P6BIMG.zip (If using your computer, Windows often hides the .zip extension so if you don't see it on your computer, right-click on the file and select "Properties" to see if the .zip extension is there, which it should be). If you downloaded the file directly to your phone, you can use a file manager like Astro file manager or Root Explorer to check that the file is properly named. The bootloader will be looking for the file named 0P6BIMG and, if improperly named, will not locate it. Sometimes the file won't require renaming but it's important to check and make sure, to save you some headache down the road. Make sure you also have a decent charge on your battery, because if your phone dies during the firmware update, you'll end up with a bricked device, most likely. Now, you need to reboot to the bootloader, which was discussed previously. Your phone should reboot to Fastboot mode. Use the volume buttons to navigate to the "Bootloader" option in the menu, and press the power button to make your selection. The bootloader will now scan for the firmware update on your SD card, and once it finds it, will prompt you as to whether or not you wish to start the update. Once again, use the volume buttons to make your choice. The update may take a couple of minutes to complete, at which time you'll be prompted to either power off the phone or reboot. Reboot the phone, then go to Menu>Settings>About Phone>Software info and check your baseband version and see if it corresponds to the firmware update you just installed. Once you've done this and confirmed that the update was successful, delete the 0P6BIMG.zip file from your SD card (if you don't do this, you will be prompted to update your firmware every time you reboot to the bootloader). If the update fails from the bootloader, go back through the steps outlined above and double-check that you have done everything correctly. For more information regarding firmware updates, see Captain Throwback's firmware thread or OMJ's RUU thread. Links to both threads can be found at the bottom of this post.
Occasionally, you may encounter an issue which requires a RUU (ROM Update Utility). This is an update package released either by an OEM (like HTC) or a developer. It is designed to put the phone back to stock condition. This can be done for a variety of reasons including updating to a newer software version or for returning the phone back to stock to have the device serviced by the carrier or manufacturer. Note that if your device is S-on, you can only run a RUU with the same software/firmware version that you're currently running, or a newer version. If you're S-off, the same applies, and in addition, you can also downgrade to an older version than what's installed on your device. Running a RUU may in some cases re-lock your bootloader and also unroot your phone. To root again, you'll need to unlock the bootloader, install a custom recovery and install the necessary SU binary. On S-off phones, the device will remain S-off but the bootloader may need to be unlocked again with HTC Dev. See the bottom of this post for a complete list of links to current available RUU's.
To run a RUU, simply download the RUU you wish to install to your PC, then connect your phone and PC via USB cable. While booted to the Android OS, simply double-click the RUU file on your computer to start the installer, then follow the on-screen instructions. Normally, a RUU is run while the phone is booted to the OS but alternatively, can be run while the phone is connected to the computer via Fastboot USB mode. Simply connect the phone and PC via Fastboot USB mode, then double-click the RUU file on your computer to start the installer. If your device is S-on you will need to relock your bootloader to run a RUU. Use the command "fastboot oem lock" to relock your bootloader (without quotation marks). You need to install HTC Sync to your computer to get the proper drivers installed to help connect your device to your computer.
***Note that actual instructions for running the RUU may differ from the instructions posted above. Refer to the directions for the specific RUU for installation instructions.***
Below is a short guide on how to flash kernels while S-on. For some ROM's, like GPE, this is required. If you're not sure if you need to manually install the kernel, check the OP for the ROM you want to install. Check out the link below for an easy how-to on setting up ADB on your computer (credit to Jerry Hildenbrand at Android Central for the write-up). The guide also includes a basic set of commands that users might find useful while using ADB. You can install the latest version of HTC Sync to get drivers for your computer.
How to set up ADB and ADB commands
If no kernel installer is included as part of the ROM, there are two basic ways to flash a kernel to your phone while S-on. The first method is using an app from the Play store called Flashify. Simply follow the instructions in the app. The second method is to flash the kernel via Fastboot, which I will explain below.
First, download the ROM of your choosing to your phone. Once you've done this, navigate to where you downloaded the ROM on your computer and extract the boot.img from the ROM zip file. Place it in your ADB tools folder. The boot.img is the ROM's kernel, which is needed for the ROM to work. Without getting too technical, the kernel allows the phone's hardware and software to work together. Boot into recovery and flash the ROM zip. Now, reboot to the bootloader. Your phone should say Fastboot, highlighted in red. If not, use your volume keys to highlight the Fastboot option from the menu we discussed previously, then use the power button to select. You should then see the word Fastboot highlighted in red. Connect your phone and PC via USB cable. Once the connection is complete, you will see "Fastboot" change to "Fastboot USB". Open up your ADB/Fastboot terminal (Shift+Right click on the folder, then choose the option to open up a command line), then follow the instructions below:
fastboot flash boot boot.img
@BD619. Check out his FAQ here.
@Captain_Throwback Check out his firmware thread here.
@hasoon2000 for his root toolkit.
@windycityRckr for his WinDroid toolkit.
@regaw_leinad for his thread explaining S-off.
@O.M.J for his RUU thread. Find it here.
If you're looking to return your device back to stock, check here. Thanks to @miggsr for this guide.