As for now, there is no way to reset that flag from 0x1 to 0x0.
Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.
FYI...Samsung told me that Knox warranty becomes 0x1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
- - - - - - - - - -
Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)
- Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/show....php?t=2444671, not confirmed)
- Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
- Flashing unsigned or modified images via odin will set knox to 0x1
- Samsung stated, resetting the flag is impossible
- KNOX is mandatory and can not be completely removed
- Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
- Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
- KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
- Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.