Alright, because there is constant stupidity regarding the bootloader security state for HTC devices. I feel that I can clarify and help remove some myths and misconceptions.
Let's start with the most important one:
What is S-off?
S-off is us turning off the security flag stored in the NV RAM of our device. This allows us to flash unsigned files (zips and images) to our device. The difference is stated below of why you need a zip vs an image.
S-off is not root either. Root is just a binary stored in /system and just doesnt get removed if the device has s-off. S-off just means integrity of file system / partitions aren't checked on the device. So this means the two are exclusive of each other from a user standpoint.
HTC IS JUST GOING TO TURN S-ON AND RUIN IT FOR EVERYBODY!
No, they aren't. For a few good reasons, one of which is their own engineers have s-off to begin with.
The @secuflag (S-on/S-off) is there to verify hboots and other various image files on the device to begin with. When we have s-off on a newer device but idiot user decides to turn s-on for whatever reason and we have a modified hboot? The device will brick because you broke its chain of trust. It thought you were friends but you slept with it's girlfriend or whatever. Now if HTC were to suddenly turn s-on, this would break chains of trust for those who used something like Moonshine with a patched hboot. It was their OTA that caused it. They are then held liable for it and they have to fix it under warranty. You know how much that costs them? Imagine giving 1000's of people new phones because you singlehandedly broke them all. Good job dude.
Not only that, they cant turn S-on by just updating images on the device. It's stored in the NV-RAM. They would need an entirely different method than just flashing through recovery.
Next point is:
S-off means you can flash whatever you want using fastboot flash.
Now because s-off processes before gave us patched hboots, we didnt know any better. This is all wrong. fastboot flash barely works on newer phones unless dev unlocked. Now that not all s-off's give a patched hboot it's good to know the following. The only way to install something with a locked bootloader but s-off, is to use flash zip. This means that you dont just "fastboot flash recovery" or boot.img. You need to create a zip with android-info.txt and whatever files your flashing. With the lock placed on devices, unless you htc dev unlock or flash a modified hboot, it wont allow you to flash because the dev unlock is a different part than what flashes the zips.
More info about patched / eng hboots:
Now that we've seen what we lose without a patched hboot, what does it add exactly? Well, a patched or engineering hboot allows you to fastboot flash pretty much every partition on the device with an unsigned image directly (such as fastboot flash hboot hboot.img or fastboot flash splash1 splash1.img) without giving you a not allowed or command error. The reason these are useful is because it saves time. I really dont want to always have to build a zip so I always use patched hboots. They also give you access to more commands as well which I can't remember off the top of my head. These are all commands mainly used by HTC engineers and software testers.
Final point that I can think of (may add more):
That green progress bar needs to be full when fastboot flashing a zip. While it's a pretty green bar and looks very useful...for whatever reason, htc has decided to make it wrongly report progress when in use. This can lead to users freaking out and just leaving their phone in RUU mode for however until someone tells them they're idiots for it. this progress bar means literally nothing and my favorite quote about it is: "Progress bar is like tits on a snake. Interesting but pointless." Ignore the progress bar. If the command line says the zip finished, just fastboot reboot or reboot-bootloader. It will help you finish whatever the heck you're trying to do.
Let's start with the most important one:
What is S-off?
S-off is us turning off the security flag stored in the NV RAM of our device. This allows us to flash unsigned files (zips and images) to our device. The difference is stated below of why you need a zip vs an image.
S-off is not root either. Root is just a binary stored in /system and just doesnt get removed if the device has s-off. S-off just means integrity of file system / partitions aren't checked on the device. So this means the two are exclusive of each other from a user standpoint.
HTC IS JUST GOING TO TURN S-ON AND RUIN IT FOR EVERYBODY!
No, they aren't. For a few good reasons, one of which is their own engineers have s-off to begin with.
The @secuflag (S-on/S-off) is there to verify hboots and other various image files on the device to begin with. When we have s-off on a newer device but idiot user decides to turn s-on for whatever reason and we have a modified hboot? The device will brick because you broke its chain of trust. It thought you were friends but you slept with it's girlfriend or whatever. Now if HTC were to suddenly turn s-on, this would break chains of trust for those who used something like Moonshine with a patched hboot. It was their OTA that caused it. They are then held liable for it and they have to fix it under warranty. You know how much that costs them? Imagine giving 1000's of people new phones because you singlehandedly broke them all. Good job dude.
Not only that, they cant turn S-on by just updating images on the device. It's stored in the NV-RAM. They would need an entirely different method than just flashing through recovery.
Next point is:
S-off means you can flash whatever you want using fastboot flash.
Now because s-off processes before gave us patched hboots, we didnt know any better. This is all wrong. fastboot flash barely works on newer phones unless dev unlocked. Now that not all s-off's give a patched hboot it's good to know the following. The only way to install something with a locked bootloader but s-off, is to use flash zip. This means that you dont just "fastboot flash recovery" or boot.img. You need to create a zip with android-info.txt and whatever files your flashing. With the lock placed on devices, unless you htc dev unlock or flash a modified hboot, it wont allow you to flash because the dev unlock is a different part than what flashes the zips.
More info about patched / eng hboots:
Now that we've seen what we lose without a patched hboot, what does it add exactly? Well, a patched or engineering hboot allows you to fastboot flash pretty much every partition on the device with an unsigned image directly (such as fastboot flash hboot hboot.img or fastboot flash splash1 splash1.img) without giving you a not allowed or command error. The reason these are useful is because it saves time. I really dont want to always have to build a zip so I always use patched hboots. They also give you access to more commands as well which I can't remember off the top of my head. These are all commands mainly used by HTC engineers and software testers.
Final point that I can think of (may add more):
That green progress bar needs to be full when fastboot flashing a zip. While it's a pretty green bar and looks very useful...for whatever reason, htc has decided to make it wrongly report progress when in use. This can lead to users freaking out and just leaving their phone in RUU mode for however until someone tells them they're idiots for it. this progress bar means literally nothing and my favorite quote about it is: "Progress bar is like tits on a snake. Interesting but pointless." Ignore the progress bar. If the command line says the zip finished, just fastboot reboot or reboot-bootloader. It will help you finish whatever the heck you're trying to do.
Last edited:
