Does locking the bootloader really wipe user data?

7bob · May 3, 2017 at 6:27 PM

Hi,

I unlocked my bootloader and installed LineageOS on my Moto Z.

For security reasons, I wanted to re-lock my bootloader using

Code:

fastboot oem lock

. When doing so, I got this warning:

Code:

~ $ fastboot oem lock
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
(bootloader) WARNING: This command erases all user data.
(bootloader) Please re-run this command to continue.
OKAY [  0.000s]
finished. total time: 0.000s

I was wondering if locking the bootloader would really wipe all user data. Has anyone tried and can confirm that?

Thanks,

Bob

Somcom3X · May 3, 2017 at 6:29 PM

Yes it will wipe all of your data.

Sent from my XT1650-03 using Tapatalk

7bob · May 3, 2017 at 6:31 PM

Somcom3X said:
Yes it will wipe all of your data.

Thank you for your quick reply. Did you try it?

And is there some other way to lock the bootloader, without wiping data?

Somcom3X · May 3, 2017 at 6:37 PM

7bob said:
Thank you for your quick reply. Did you try it?

And is there some other way to lock the bootloader, without wiping data?

Yes, I have unlocked multiple bootloaders [emoji6]

No, there is no other way as of now.

Sent from my XT1650-03 using Tapatalk

7bob · May 3, 2017 at 6:41 PM

Somcom3X said:
Yes, I have unlocked multiple bootloaders [emoji6]

Just to make sure, I'm talking about LOCKING the bootloader, not unlocking!

Somcom3X · May 3, 2017 at 7:07 PM

7bob said:
Just to make sure, I'm talking about LOCKING the bootloader, not unlocking!

When you lock your bootloader, it should not effect your data at all. Whenever you unlock it, it will wipe your data.

Sent from my XT1650-03 using Tapatalk

7bob · May 3, 2017 at 7:09 PM

Somcom3X said:
When you lock your bootloader, it should not effect your data at all. Whenever you unlock it, it will wipe your data.

Are you sure about that? I was getting the warning like quoted in the first post, so I'm hesitant to try it out.

Somcom3X · May 3, 2017 at 7:14 PM

7bob said:
Are you sure about that? I was getting the warning like quoted in the first post, so I'm hesitant to try it out.

Well... It looks like they changed it. It appears I misread your first post. As the warning states, it will likely wipe your data. Sorry about that.

Sent from my XT1650-03 using Tapatalk

PiousInquisitor · May 3, 2017 at 11:28 PM

7bob said:
Are you sure about that? I was getting the warning like quoted in the first post, so I'm hesitant to try it out.

Did you lock your bootloader yet?

Sent from my XT1650 using Tapatalk

oxido_pank · Apr 26, 2017 5 0 0

how to lock of the bootloader

7bob said:
Hi,

I unlocked my bootloader and installed LineageOS on my Moto Z.

For security reasons, I wanted to re-lock my bootloader using

Code:

fastboot oem lock

. When doing so, I got this warning:

Code:

~ $ fastboot oem lock (bootloader) slot-count: not found (bootloader) slot-suffixes: not found (bootloader) slot-suffixes: not found ... (bootloader) WARNING: This command erases all user data. (bootloader) Please re-run this command to continue. OKAY [ 0.000s] finished. total time: 0.000s

I was wondering if locking the bootloader would really wipe all user data. Has anyone tried and can confirm that?

Thanks,

Bob

hi for you can lock the bootloader i locked od the my moto z and i can help you
first need the rom with the you want to relock your phone if is the stock is so much better
don´t care if you have the ota nougat update installed, i locked my phone next of intall de nougat via ota update
flash twrp wipe the system of the phone in advance

next you have to rund the next comand
fastboot oem lock
fastboot oem lock
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot oem lock
fastboot flash oem oem.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash system system.img_sparsechunk.8
fastboot flash system system.img_sparsechunk.9
fastboot flash system system.img_sparsechunk.10
fastboot flash system system.img_sparsechunk.11
fastboot flash system system.img_sparsechunk.12
fastboot flash system system.img_sparsechunk.13
fastboot flash system system.img_sparsechunk.14
fastboot flash system system.img_sparsechunk.15
fastboot flash system system.img_sparsechunk.16
fastboot oem lock

wait and thats all your phone restart with your boot locked

7bob · May 4, 2017 at 3:12 PM

PiousInquisitor said:
Did you lock your bootloader yet?

No.

oxido_pank said:
hi for you can lock the bootloader i locked od the my moto z and i can help you
first need the rom with the you want to relock your phone if is the stock is so much better
don´t care if you have the ota nougat update installed, i locked my phone next of intall de nougat via ota update
flash twrp wipe the system of the phone in advance

Thanks for the hints, but will that process wipe user data?

oxido_pank · May 4, 2017

7bob said:
No.

Thanks for the hints, but will that process wipe user data?

Yeah because you make a flash of system
I Ever Say make a backup of the files that you need first
Next of flash restore all files and this all, but before make a hard reset of your phone
Nice day

7bob · May 5, 2017 at 9:45 AM

I tried today, but I didn't succeed:

Code:

~ $ fastboot oem lock
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
(bootloader) WARNING: This command erases all user data.
(bootloader) Please re-run this command to continue.
OKAY [  0.000s]
finished. total time: 0.000s
~ $ fastboot oem lock
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
(bootloader) Flash valid Android images now
(bootloader) Then re-run this command to lock
OKAY [  0.001s]
finished. total time: 0.001s
~ $ fastboot oem lock
(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
...
(bootloader) Still require signed boot.img
OKAY [  0.000s]
finished. total time: 0.001s

So it seems that I cannot lock the bootloader by just executing fastboot oem lock two or three times. At least nothing was wiped after executing the commands.

benzinerwin · May 5, 2017

7bob said:

I tried today, but I didn't succeed:

So it seems that I cannot lock the bootloader by just executing fastboot oem lock two or three times. At least nothing was wiped after executing the commands.

It doesn't let you lock the bootloader with a "bad" (i.e. non-stock) kernel or special partitions (e.g. oem) etc. But you're lucky: if it had relocked the bootloader in the current setup you could have easily 'bricked' your phone. Instead, it checks the signatures of various components first and only if it finds valid (stock-rom)-signatures, the lock comes back on.

If you still want to put the lock on, flash a valid stock-rom (version: like the most recent stock rom version your phone has ever seen, or newer. The bootloader doesn't allow downgrading).
You can do it all at once or step by step: gpt.bin first, then boot.img, recovery.img .... check puttin on the lock... Then it'll complain what else it wants you to flash next.. and so on. In the end, the bootloader will be locked and there is no immediate sign that it was ever unlocked.

sp4rt4n-i17 · May 5, 2017 at 8:48 PM

benzinerwin said:
[...]
If you still want to put the lock on, flash a valid stock-rom (version: like the most recent stock rom version your phone has ever seen, or newer. The bootloader doesn't allow downgrading).
[...]

This would be the exact problem of most of the people here including myself, when trying to relock the bootloader.

I'm using the reteu variant of 1650-03 and am unable to get a stock ROM which is working with "fasboot oem lock begin".
Tried the "XT1650-03_GRIFFIN_RETBR_NPL25.86-30_cid50_subsidy-DEFAULT_regulatory-DEFAULT" as this seems to be te latest available. Unfortunately, this ROM seems to be too old, cause before unlocking/rooting etc I updated to latest april OTA...

Getting this:

Code:

(bootloader) Security version downgrade
(bootloader) Image boot failed validation
(bootloader) Preflash validation failed
FAILED (remote failure)

benzinerwin · May 1, 2008 50 54 0

sp4rt4n-i17 said:
This would be the exact problem of most of the people here including myself, when trying to relock the bootloader.

I'm using the reteu variant of 1650-03 and am unable to get a stock ROM which is working with "fasboot oem lock begin".
Tried the "XT1650-03_GRIFFIN_RETBR_NPL25.86-30_cid50_subsidy-DEFAULT_regulatory-DEFAULT" as this seems to be te latest available. Unfortunately, this ROM seems to be too old, cause before unlocking/rooting etc I updated to latest april OTA...

Getting this:

Code:

(bootloader) Security version downgrade (bootloader) Image boot failed validation (bootloader) Preflash validation failed FAILED (remote failure)

Ok, you're right, the error message clearly states that the NPL25.86-30 package is "too old"...
Which was the most recent version of Nougat you had on your phone?
What ist the current bootloader version (e.g. BL 91.05)?

sp4rt4n-i17 · May 6, 2017 at 10:36 AM

benzinerwin said:
Ok, you're right, the error message clearly states that the NPL25.86-30 package is "too old"...
Which was the most recent version of Nougat you had on your phone?
What ist the current bootloader version (e.g. BL 91.05)?

Version was NPLS25.86-30-12 and BL is 91.05

benzinerwin · May 1, 2008 50 54 0

sp4rt4n-i17 said:
Version was NPLS25.86-30-12 and BL is 91.05

Hm, and now you're trying to restore the RETBR-NPL25.86-30 image that's causing the error messages?

From what it looks like, I'd assume that you updated e.g. via OTA to even more recent versions...

If not, did you make sure that you actually unpacked the right zip file, you opened a dos window and changed into the folder of this unpacked archive, have fastboot.exe within your path or copied it into the unpacked folder..

You may try this RETMX image as an alternative: https://moto.shreps.fr/Moto Z (grif...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip

Either flash all at once and the lock the bootloader... (be aware: you're losing all userdata)

Or do only the required steps, e.g.

Code:

fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot oem lock
fastboot oem lock

then ... if it moans about boot.img ...

Code:

fastboot flash boot boot.img
fastboot oem lock
fastboot oem lock

it probably dislikes the current oem partition...

Code:

fastboot flash oem oem.img
fastboot oem lock
fastboot oem lock

and so on...

Best would be to flash everything and then lock the bootloader...

But just start with flashing the gpt.bin & bootloader.img and report back how that worked...

sp4rt4n-i17 · May 6, 2017 at 12:28 PM

benzinerwin said:
Hm, and now you're trying to restore the RETBR-NPL25.86-30 image that's causing the error messages?

From what it looks like, I'd assume that you updated e.g. via OTA to even more recent versions...

If not, did you make sure that you actually unpacked the right zip file, you opened a dos window and changed into the folder of this unpacked archive, have fastboot.exe within your path or copied it into the unpacked folder..

You may try this RETMX image as an alternative: https://moto.shreps.fr/Moto Z (grif...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip

Either flash all at once and the lock the bootloader... (be aware: you're losing all userdata)

Code:

fastboot flash partition gpt.bin fastboot flash bootloader bootloader.img fastboot flash modem NON-HLOS.bin fastboot flash fsg fsg.mbn fastboot erase modemst1 fastboot erase modemst2 fastboot flash bluetooth BTFM.bin fastboot flash dsp adspso.bin fastboot flash logo logo.bin fastboot flash boot boot.img fastboot flash recovery recovery.img fastboot flash system system.img_sparsechunk.0 fastboot flash system system.img_sparsechunk.1 fastboot flash system system.img_sparsechunk.2 fastboot flash system system.img_sparsechunk.3 fastboot flash system system.img_sparsechunk.4 fastboot flash system system.img_sparsechunk.5 fastboot flash system system.img_sparsechunk.6 fastboot flash system system.img_sparsechunk.7 fastboot flash system system.img_sparsechunk.8 fastboot flash system system.img_sparsechunk.9 fastboot flash system system.img_sparsechunk.10 fastboot flash system system.img_sparsechunk.11 fastboot flash system system.img_sparsechunk.12 fastboot flash system system.img_sparsechunk.13 fastboot flash oem oem.img fastboot erase cache fastboot erase userdata fastboot erase customize fastboot erase clogo fastboot erase ddr fastboot oem lock fastboot oem lock

Or do only the required steps, e.g.

Code:

fastboot flash partition gpt.bin fastboot flash bootloader bootloader.img fastboot oem lock fastboot oem lock

then ... if it moans about boot.img ...

Code:

fastboot flash boot boot.img fastboot oem lock fastboot oem lock

it probably dislikes the current oem partition...

Code:

fastboot flash oem oem.img fastboot oem lock fastboot oem lock

and so on...

Best would be to flash everything and then lock the bootloader...

But just start with flashing the gpt.bin & bootloader.img and report back how that worked...

Flashing (via fastboot) the NPL25.86-30 without trying to relock the BL is no problem, did this several times (on other devices too

)
You're right -like I wrote before - I've updated the device via OTA to latest april patch and I think that could cause the problem with relocking.

Other problem could be that one really need to use a (latest/Nougat) RETEU stock ROM for relocking RETEU device. I do not really know IF there is a diference between RETBR/RETMX and RETEU stock ROMs, as obviosly RETBR is working with my RETEU device and softwarechannel in "About device" is showing "reteu", but for relocking it could be necessary to use a stock RETEU ROM.

As I'm having TWRP installed, the loss of all data is no problem, and I will try what you suggested.

Final thought on this:
Solution could be just waiting for an up-to-date RETEU stock ROM with latest patchlevel or at least one which is above april (for now) and then try to relock BL with flashing this one.
I'm not in the situation that I really need a locked BL, but for research and in case of reselling the device, a solution for this problem would be great to know.

TeeHoang · May 8, 2017 at 9:33 PM

benzinerwin said:
Hm, and now you're trying to restore the RETBR-NPL25.86-30 image that's causing the error messages?

From what it looks like, I'd assume that you updated e.g. via OTA to even more recent versions...

If not, did you make sure that you actually unpacked the right zip file, you opened a dos window and changed into the folder of this unpacked archive, have fastboot.exe within your path or copied it into the unpacked folder..

You may try this RETMX image as an alternative: https://moto.shreps.fr/Moto Z (grif...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip

Either flash all at once and the lock the bootloader... (be aware: you're losing all userdata)

Code:

fastboot flash partition gpt.bin fastboot flash bootloader bootloader.img fastboot flash modem NON-HLOS.bin fastboot flash fsg fsg.mbn fastboot erase modemst1 fastboot erase modemst2 fastboot flash bluetooth BTFM.bin fastboot flash dsp adspso.bin fastboot flash logo logo.bin fastboot flash boot boot.img fastboot flash recovery recovery.img fastboot flash system system.img_sparsechunk.0 fastboot flash system system.img_sparsechunk.1 fastboot flash system system.img_sparsechunk.2 fastboot flash system system.img_sparsechunk.3 fastboot flash system system.img_sparsechunk.4 fastboot flash system system.img_sparsechunk.5 fastboot flash system system.img_sparsechunk.6 fastboot flash system system.img_sparsechunk.7 fastboot flash system system.img_sparsechunk.8 fastboot flash system system.img_sparsechunk.9 fastboot flash system system.img_sparsechunk.10 fastboot flash system system.img_sparsechunk.11 fastboot flash system system.img_sparsechunk.12 fastboot flash system system.img_sparsechunk.13 fastboot flash oem oem.img fastboot erase cache fastboot erase userdata fastboot erase customize fastboot erase clogo fastboot erase ddr fastboot oem lock fastboot oem lock

Or do only the required steps, e.g.

Code:

fastboot flash partition gpt.bin fastboot flash bootloader bootloader.img fastboot oem lock fastboot oem lock

then ... if it moans about boot.img ...

Code:

fastboot flash boot boot.img fastboot oem lock fastboot oem lock

it probably dislikes the current oem partition...

Code:

fastboot flash oem oem.img fastboot oem lock fastboot oem lock

and so on...

Best would be to flash everything and then lock the bootloader...

But just start with flashing the gpt.bin & bootloader.img and report back how that worked...

It says ''still required signed boot.img''
Guess we don't have that yet :crying:

Does locking the bootloader really wipe user data?

Senior Member

Inactive Recognized Developer

Senior Member

Inactive Recognized Developer

Senior Member

Inactive Recognized Developer

Senior Member

Inactive Recognized Developer

Senior Member

Member

Senior Member

Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member