I am not a developer-this is simply my contribution to the HTC EVO 4G LTE community as a way to help users have a basic understanding of what Hboot is, and understand the differences and capabilities between Hboot versions. In addition to information regarding the various Hboot versions, I have included a guide on how to update firmware (since this is done through the bootloader). Also included is a section on kernel flashing for those who haven't taken the plunge and gained S-off yet. You are free to include my work if you are putting together a guide or FAQ of your own, I only ask that you give credit where credit is due. I've taken a lot of time and put some effort into making this guide as complete as possible, but if you see something you'd like to have added or have a question or comment, feel free to do so. You can also reach me via PM. As I currently own this device, I will try my best to keep this guide up to date. I am not responsible for any misinterpretations of the information contained within this guide, and I will not be held liable or responsible should you damage your phone or cause an act of war. Now, let's get started.
What is Hboot? Without getting too technical, Hboot is your bootloader. Its functions are similar to that of the BIOS (Basic Input/Output System) on a PC. The bootloader provides a level of security for your phone by preventing unsigned software and firmware from being installed on your phone. At times, the bootloader will be updated to provide bug fixes and security patches. This sounds like a good thing, but it's really just a roadblock for those of us who like to tinker with our phones. This is where unlocking the bootloader comes in to play. Unlocking the bootloader allows us to install custom recoveries, from which we can flash custom ROM's to our phones. Still, however, depending upon the bootloader security, you are still limited to what you can do once the bootloader is unlocked. Unlocking the bootloader on the HTC EVO 4G LTE is accomplished using HTC Dev, or by using one of the tools provided by developers here on XDA (the toolkits, often referred to as "one-clicks", still use HTC Dev to unlock-there is no way around it). I won't delve into the actual process of unlocking the bootloader, as there are countless places here on XDA and elsewhere that guide you through the process.
S-on vs. S-off. When you received your HTC EVO 4G LTE new, it shipped with a locked bootloader and was S-on, which meant that bootloader security was on. While true that unlocking the bootloader gives some added functionality, like being able to install a custom recovery such as TWRP (Team Win Recovery Project) or CWM Touch, and allowing the flashing of a custom ROM, there are still limitations based on the bootloader (Hboot) version. This is where S-off comes in to play. If S-on means security on, then yes, S-off means security off. Once S-off, the bootloader's security is turned off. Kernels, splash screens and unsigned firmware can be flashed with relative ease. As more than one developer has put it, you are essentially future-proofing your device. This is especially true given the restrictions that HTC has put in place on the newer bootloaders. Think of bootloader unlocking and S-off like a bank. Bootloader unlocking gets you in the front door; S-off gets you into the vault. Currently, there are four ways to gain S-off on the EVO LTE: Dirty Racun, Facepalm, Moonshine and Rumrunner. For more information regarding S-off, check out this thread here.
The bootloader screen
How do you access the bootloader menu? If you're running a Sense ROM, make sure you have fastboot disabled in settings. You can go to Menu>Settings>Power and make sure fastboot isn't enabled. Don't confuse the fastboot setting with fastboot in the bootloader-they are not the same. Power your phone completely off. Press and hold the volume down button, then press and hold the power button (most custom ROM's normally let you reboot to the bootloader from the power menu, also). After several seconds you will be presented with a white screen with some information in the top left corner of the screen. Stock, the top line will say "Locked". Once unlocked, the top line will read "Unlocked". If the bootloader has been relocked, the top line will read "Relocked". Once unlocked or relocked, there will also be a "Tampered" warning, as well. Below that is the HTC device codename, which is Jewel. On this same line, you will see whether the phone is S-on or S-off. The fourth line from the top is the Hboot version, and below that is the radio (baseband) version. From the bootloader menu there are also options to power off the phone, reboot the bootloader, enter fastboot mode, factory reset and go to recovery. To navigate the menu, simply use the volume keys to move up and down, and use the power button to select (note in the picture above I have used regaw_leinad's bootloader customizer to customize the Hboot info). From the bootloader screen you can select the "fastboot" option, whereby you can connect your phone to your PC and issue commands via fastboot USB if you have the correct drivers installed on your computer. You have to have a properly working ADB (Android Debug Bridge) & Fastboot environment set up on your computer first in order to do so. You also haveit when using HTC Dev to unlock your bootloader, so it comes in handy in more ways than one and doesn't hurt to have it on your computer should you ever need to use it. If you're ever stuck in a boot loop you can simply wait until the phone's screen goes black and hold the volume down button until the bootloader screen appears.
Below is a list of current Hboot versions for the HTC EVO 4G LTE:
Hboot 1.12: S-on (Security on) allows flashing of modified firmware and kernels. Kernel does not have to be flashed separately from ROM. Least restrictive Hboot for the EVO LTE. S-off can be obtained via Dirty Racun or Facepalm.
Hboot 1.15: S-on, kernel must be flashed separately from ROM either via Flashify or Fastboot. S-off can be obtained via Dirty Racun or Facepalm.
Hboot 1.19: Same info as Hboot 1.15.
Hboot 2.09: Permanent write to system partition disabled when S-on. Kernel must be flashed separately via Fastboot or Flashify. S-off can be obtained via Dirty Racun or Facepalm if on software version 3.15 (baseband ending in 1119)/Dirty Racun if on software version 3.16 (baseband ending in 1210). You can use Baby Racun to downgrade from 3.16 to 3.15, at which time you can use Facepalm. You can also use Moonshine S-off for software version 3.16. Use Rumrunner S-off for software version 3.17.651.4 (baseband ending in 0830) & 3.17.651.5.
Hboot 2.10: Software version 4.13.651.1 (.3/.4)/Firmware version 22.214.171.1245: Ability to downgrade from this version to a previous version can be done via RUU if S-off. S-off with Rumrunner. For further information, look at this thread here.
***The OTA update for software version 3.16.651.3 included a touch panel driver update. If you are on this update, you can only use ROM's based on software version 3.16 & 3.17, otherwise the touch screen will not respond to touch input. You must also use TWRP 2.4+ with the updated touch panel driver. You can downgrade the touch panel driver to the previous version if you're S-off. AOSP ROM's utilizing the 3.4 kernel support the updated touch panel driver and does not require downgrading***
Bootloader unlocking tools:
qbking77's bootloader unlocking video
How to obtain S-off:
I take no credit for any of the tools or methods listed above. The above listed tools are the property of their respective developers/contributors.
There always seems to be some confusion among some users regarding root and S-off. First off, they are not the same thing. Root is a method by which users can run privileged commands on their device.
Rooting is typically accomplished by a security exploit that allows the su (superuser) binary to be installed on the device, which in turn installs either the SuperUser or SuperSU app on the device. Both of these apps give the user the ability to grant or deny root apps to function. In addition to running certain apps (like WiFi tether, Root Explorer or Titanium Backup), root privilege can also allow the removal of files and apps which could not be removed by a user with an unrooted phone (for example, removing carrier-installed "bloatware").
Some users think that you must be S-off in order to have what they call "full root", which is simply not the case, as root and S-off are independent of one another. It's actually quite the contrary, as you can have a phone that is S-off but does not have root access. How is this so? Remember, S-off simply means that the bootloader's security is off. In order to root a phone, you must have a custom recovery installed and have the proper superuser binary in place for root to work. S-off methods are not always available when a new phone is released (or when a phone receives updated software and/or firmware), which is why we have methods like HTC Dev to unlock our bootloader.
If a method to gain S-off is available, it's best to use it. Like I stated earlier, S-off is virtually future-proofing your phone, so regardless of any updates that may come out, once you're S-off, that's it: you're S-off until a method is released to put the device back to S-on, and that's something the device user typically initiates (for example, the VipeRUU tool). S-off trumps bootloader unlocking because being simply bootloader unlocked, there are still security restrictions on the bootloader. S-off removes those restrictions. But, as stated earlier, without a custom recovery and superuser in place, the device is not rooted. The ideal situation is to be rooted and S-off. Gaining S-off allows the user to flash a ROM and not have to flash the kernel separately when on Hboot 1.15+, allows for changing the splash screen, customizing the bootloader, getting rid of the red development disclaimer text & flashing firmware updates, just to name a few benefits.
A quick word of caution regarding S-off. With the bootloader's security off, there is no longer any protection should you flash a corrupt or incompatible file to your device, so know & understand what you're doing and don't do something foolish to turn your device in to an expensive paperweight.
On the HTC EVO 4G LTE, the root method is the same regardless of the Hboot or software version.
From time to time, it may be necessary to update your phone's firmware, sometimes referred to as your radios or your baseband. This can be done for a number of reasons, ranging from call quality or data connection issues or poor battery life due to outdated firmware, just to name a few things. Personally, I like to keep my firmware version updated to whatever the newest corresponding software version is at the time. Keep in mind that firmware and software are not the same. Software is the ROM you flash via recovery. Firmware is the radios, PRI and whatever other bits a developer chooses to include. The only time you get both packaged together is in a OTA (Over The Air) update sent out by the phone carrier, or by RUU. Since rooted users don't typically take OTA updates, we have to rely on developers to pull the firmware from the update package and re-package it for our use. You must be S-off to install modified firmware on your device. To update your firmware, first download the applicable firmware package. You can download the file to either your phone or your computer. Typically, the file will have an MD5 sum that acts as a fingerprint to verify that your download matches that of the original. You can use an app like Android File verifier to check the MD5 of the downloaded file versus that of the original file. If the MD5's match, you're good to go. If not, you need to download the file again, making sure you check the MD5 again. This is important, as you don't want to screw up a firmware update. A bad firmware flash is a good way to turn your phone into an expensive paperweight. Once you have the file downloaded you need to transfer it to the root (not in a folder) of your external microSD card. Firmware updates cannot be run from the phone's internal memory. Check and make sure that the file is named PJ75IMG.zip (If using your computer, Windows often hides the .zip extension so if you don't see it on your computer, right-click on the file and select "Properties" to see if the .zip extension is there, which it should be). If you downloaded the file directly to your phone, you can use a file manager like Astro file manager or Root Explorer to check that the file is properly named. The bootloader will be looking for the file named PJ75IMG and, if improperly named, will not locate it. Sometimes the file won't require renaming but it's important to check and make sure, to save you some headache down the road. Make sure you also have a decent charge on your battery, because if your phone dies during the firmware update, you'll end up with a bricked device, most likely. Now, you need to reboot to the bootloader, which was discussed previously. Your phone should reboot to Fastboot mode. Use the volume buttons to navigate to the "Bootloader" option in the menu, and press the power button to make your selection. The bootloader will now scan for the firmware update on your SD card, and once it finds it, will prompt you as to whether or not you wish to start the update. Once again, use the volume buttons to make your choice. The update may take a couple of minutes to complete, at which time you'll be prompted to either power off the phone or reboot. Reboot the phone, then go to Menu>Settings>About Phone>Software info and check your baseband version and see if it corresponds to the firmware update you just installed. Once you've done this and confirmed that the update was successful, delete the PJ75IMG file from your SD card (if you don't do this, you will be prompted to update your firmware every time you reboot to the bootloader). If the update fails from the bootloader, go back through the steps outlined above and double-check that you have done everything correctly. For more information regarding firmware updates, see Captain Throwback's firmware thread, which I have provided a link to at the bottom of this post.
A quick note about the bootloader. With an SD card installed in your phone, the bootloader will always scan for a PJ75IMG file, as shown by the green text that says "No image or wrong image". This is normal as long as an SD card is installed. If you are attempting to update firmware and see this text but don't get prompted to update, make sure the file is named correctly. Otherwise, it's not an error and shouldn't be confused as such.
Occasionally, you may encounter an issue which requires a RUU (ROM Update Utility). This is an update package released either by a OEM (like HTC) or a developer. It is designed to put the phone back to stock condition. This can be done for a variety of reasons including updating to a newer software version or for returning the phone back to stock to have the device serviced by the carrier or manufacturer. Note that if your device is S-on, you can only run a RUU with the same software/firmware version that you're currently running, or a newer version. If you're S-off, the same applies, and in addition, you can also downgrade to an older version than what's installed on your device. Running a RUU will re-lock your bootloader and unroot your phone. To root again, you'll need to unlock the bootloader, install a custom recovery and install the necessary SU binary. On S-off phones, the device will remain S-off but the bootloader will need to be unlocked again with HTC Dev. See the bottom of this post for a complete list of links to current available RUU's.
To run a RUU, simply download the RUU you wish to install to your PC, then connect your phone and PC via USB cable. While booted to the Android OS, simply double-click the RUU file on your computer to start the installer, then follow the on-screen instructions. Normally, a RUU is run while the phone is booted to the OS but alternatively, can be run while the phone is connected to the computer via Fastboot USB mode. Simply connect the phone and PC via Fastboot USB mode, then double-click the RUU file on your computer to start the installer. If your device is S-on you will need to relock your bootloader to run a RUU. Use the command "fastboot oem lock" to relock your bootloader (without quotation marks). You need to install HTC Sync to your computer to get the proper drivers installed to help connect your device to your computer.
Below is a short guide on how to flash kernels while S-on using Hboot 1.15 & up. First, check out the link below for an easy how-to on setting up ADB on your computer (credit to Jerry Hildenbrand at Android Central for the write-up). The guide also includes a basic set of commands that users might find useful while using ADB. If you need device drivers for your PC, I have provided a link at the bottom of this thread. You can also install the latest version of HTC Sync to get the latest drivers installed on your computer.
How to set up ADB and ADB commands
Some developers include an S-on kernel flasher in their ROM's to simplify ROM flashing (such as xHausx's kernel installer). Simply follow the instructions in the ROM's OP, as methods may vary.
If no kernel installer is included as part of the ROM, there are two basic ways to flash a kernel to your phone while S-on. The first method is using an app from the Play store called Flash Image GUI. Simply follow the instructions in the app. The second method is to flash the kernel via Fastboot, which I will explain below.
First, download the ROM of your choosing to your phone. Once you've done this, navigate to where you downloaded the ROM on your computer and extract the boot.img from the ROM zip file. Place it in your ADB tools folder. The boot.img is the ROM's kernel, which is needed for the ROM to work. Without getting too technical, the kernel allows the phone's hardware and software to work together. Boot into recovery and flash the ROM zip. Then, reboot into the bootloader. Your phone should say Fastboot, highlighted in red. If not, use your volume keys to highlight the Fastboot option from the menu we discussed previously, then use the power button to select. You should then see the word Fastboot highlighted in red. Connect your phone and PC via USB cable. Once the connection is complete, you will see "Fastboot" change to "Fastboot USB". Open up your ADB/Fastboot terminal (Shift+Right click on the folder, then choose the option to open up a command line), then follow the instructions below:
fastboot flash boot boot.img
You can also use the HTC Dumlock feature in TWRP recovery to flash a kernel while S-on. You can find information on Team Win's site in the link below.
Hopefully after reading all this you have a better-or at least basic-understanding of what Hboot is and what the bootloader does on this device.
@Sloth Please check out his FAQ.
@om4 You can check out his "Don't Panic" guide here.
@WindyCityRockr for his Windroid toolkit
@qbking77 for his Youtube video.
@Captain_Throwback for his firmware thread, which you can find here.
If you're looking for the latest drivers for your computer, check out this thread here. Thanks @CNexus for making this thread. You can also install the latest version of HTC Sync to get the drivers you need.
@regaw_leinad for his thread explaining S-off.
HTC EVO 4G LTE Shipped ROM's
4.13.651.4 RUU ***Please note that this RUU changes the partition of the internal storage. Prior to this RUU, internal storage was broken up into two separate partitions, (Internal storage+Media storage). This RUU changes the partition setup to where there is only Internal storage. Approximately 12GB is available via this partition setup. Also note that while there were two previous RUU's for the Android 4.3 update, this one has data roaming working properly and is the reason I included it and not the previous ones.***
VipeRUU (based on 3.16.651.3) Please note that VipeRUU ONLY works if the device is S-off and can be used to return the device to a totally stock, unrooted state.