[Q] Custom ROM & security

Search This thread

Siema89

Senior Member
Nov 19, 2013
182
74
Since large part of us might get their Z2s this week (hopefully including me :silly:), I'd like to know what options we have to make our Xperias secure with soon-to-arrive custom ROMs.

From what I managed to find, the most convenient option (at least theoretically) would be to:
- unlock bootloader
- flash custom recovery
- flash custom ROM
- reflash stock recovery to prevent lockscreen bypass and adb access in general
- relock bootloader to prevent flashing custom recovery and regaining adb by potential attacker.

- then if needed, reflash recovery online if rooted, reflash new/updated ROM, reflash stock recovery back

Now, I've read that Xperia Z2 (other Zs probably as well) will softbrick with locked botloader and custom ROM/kernel, rendering this method useless. Am I right?
If yes, what other options do we have?
 

numskull

Senior Member
Oct 19, 2010
261
28
all i know for sure is its more complicated than samsung models n im gonna wait till there a way to root it without messing with the bootloader
 

waynekirby

Senior Member
Nov 11, 2010
1,047
530
33
Barnsley
-Unlock bootloader
-Flash kernel of the ROM you want (DooMKernel for stock based)
-Boot into the recovery that's baked into the kernel
-Flash the ROM you want

All AOSP ROM's require fastbooting the kernel from the zip (unless stated).

Sent from my LT18i using Tapatalk
 
  • Like
Reactions: Siema89

Siema89

Senior Member
Nov 19, 2013
182
74
-Unlock bootloader
-Flash kernel of the ROM you want (DooMKernel for stock based)
-Boot into the recovery that's baked into the kernel
-Flash the ROM you want

All AOSP ROM's require fastbooting the kernel from the zip (unless stated).

Sent from my LT18i using Tapatalk

So there is no way to block access to recovery after flashing custom ROM?

Also sorry for probably dumb question (I'm new to Xperias): do you maybe know if current recoveries baked into CM support encryption? I know there is no CM for Z2 yet, I'm asking about current Z series phones.
 

waynekirby

Senior Member
Nov 11, 2010
1,047
530
33
Barnsley
So there is no way to block access to recovery after flashing custom ROM?

Also sorry for probably dumb question (I'm new to Xperias): do you maybe know if current recoveries baked into CM support encryption? I know there is no CM for Z2 yet, I'm asking about current Z series phones.

Well... On newer Xperia's (2012+) you can flash a recovery to the TArecovery partition, so you could remove it I suppose... But if the kernel you are using has a custom recovery baked in (they usually do on Xperia) then you could flash back the stock kernel, if you don't want recovery on stock based ROM. but as far as CM is concerned, you cannot remove recovery.

And yes all CM has recovery baked into Xperia kernels. We'll have official CM support from FXP team as soon as they receive their device too. Good times ahead :D

Sent from my LT18i using Tapatalk
 

numskull

Senior Member
Oct 19, 2010
261
28
You lose the DRM keys. You can't keep the DRM keys if you root as of yet, because you have to unlock bootloader to root, and you can't do TA backup without root. Vicious circle.


That was the one, i knew it was something important. thats why im waiting till there a root without unlocking, i could probably manage without most of it, but i want the bravia engine working and any other screen or audio stuff it affects, altho i was wondering, could you not just redownload the stuff you want and in doing so aquire new keys?? or is it not that simple?
 

numskull

Senior Member
Oct 19, 2010
261
28
i predict that this time next week enough people will have z2's that we'll have all our answers
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    -Unlock bootloader
    -Flash kernel of the ROM you want (DooMKernel for stock based)
    -Boot into the recovery that's baked into the kernel
    -Flash the ROM you want

    All AOSP ROM's require fastbooting the kernel from the zip (unless stated).

    Sent from my LT18i using Tapatalk