• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE] Android 12 Update and Root **READ THE NOTES**

Search This thread
WARNING: PERMANENT ROOT WHEN UPGRADING FROM ANDROID 11 REQUIRES A DATA WIPE! THERE IS CURRENTLY NO WAY AROUND THIS.


WARNING: MANUALLY INSTALLING FACTORY UPDATES OR IMAGES REQUIRES AN UNLOCKED BOOTLOADER. If your bootloader is locked, DO NOT ATTEMPT THIS.

WARNING: MODIFY YOUR DEVICE AT YOUR OWN RISK. YOU ALONE WILL BE RESPONSIBLE FOR MALFUNCTION, DAMAGE, OR LOSS OF ANY KIND IF SOMETHING GOES WRONG.

Root will be done via Magisk. If you aren't already using it, download and install to your phone.

Warning: For the sake of simplicity, I frequently will use generalizations when referring to files ("[patched boot image]" instead of "magisk_patched-23001_xxxxx.img" for example). It is YOUR RESPONSIBILITY to ensure you are flashing the correct file. The easiest way to do this is type the command in the command line without the file itself, then drag and drop the file you want to flash into the command line window.



For those of you with a locked bootloader:

Simply install the update as usual via OTA, whether automatically through Android Update, or manually via adb sideload.

First, a bit of information on why you need to follow this guide (See this post)

Two new Verified Boot features implemented in Android 12 will interfere with attempts to root. A more detailed explanation is below if you would like.

Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.

The good news is, disabling these features is as easy as using a command switch.
The bad news, however, is that /data must be clean the first time this is done.


If you update via automatic OTA: THIS WILL REQUIRE A WIPE EVERY TIME!
1. Download the factory image (Yes, this is required) to your computer. Connect your device via USB.
2. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
2. Reboot to bootloader: With device connected via USB, Developer Options enabled and USB Debugging enabled, reboot to bootloader using ADB:
Code:
adb reboot bootloader
3. Continue to Reflash vbmeta below

To manually install the OTA:
1. Download the OTA for your device, as well as the factory image (Yes, you need both) to your computer.
2. Install the OTA
3. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
4. Let the update complete, and IMMEDIATELY reboot to bootloader.
5. Continue to Reflash vbmeta below

Reflash VBmeta
1. Reflash vbmeta with dm-verity and boot verification disabled:
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
2. If this is the first time you are rooting Android 12, you will end up in Recovery with this message: "Can't load Android system. Your data may be corrupt." You will have to perform the factory reset to continue. Once complete, let the device boot Android.
3. If you have previously wiped and are updating, let the device boot Android.
Continue to Patch Boot Image below.

1. Open this link in Google Chrome (DO NOT USE MICROSOFT EDGE OR MOZILLA FIREFOX) Here is the link for beta
2. Connect your device via USB (make sure USB Debugging is enabled)
3. Enable ADB access in the browser
4. Select your device
5. Select the Android 12 build
6. IMPORTANT: Click the pencil icon next to the selected build
7. Ensure Wipe Device, Disable Verification, and Disable Verity are checked. DATA WIPE IS REQUIRED when updating from an older version of Android. Don't lock your bootloader if you want root. Force flash all partitions should not be necessary (but use this if you've run into problems and are starting over). Skip Secondary and Force Debuggable should be unchecked, unless you want to use ADB for root access on the stock kernel for some reason.
8. Click Install Build.
9. Wait until the update finishes, including a reboot to Android.
10. Continue to Patch Boot Image below.

1. Download the factory image to your computer and connect your device via USB, with USB debugging enabled.
2. Extract the contents of the factory ZIP
3. Reboot to bootloader:
Code:
adb reboot bootloader
4. If necessary, update the bootloader: WARNING: IF DONE INCORRECTLY THIS WILL BRICK YOUR DEVICE!
Code:
fastboot flash bootloader [bootloader image]
Reboot back to bootloader.
5. If necessary, update the radio:
Code:
fastboot flash radio [radio image]
Reboot to bootloader.
6. Install the update:
Code:
fastboot --disable-verity --disable-verification -w update [factory image zip]
DATA WIPE IS REQUIRED when updating from an older version of Android.
7. Let the update complete, including a reboot to Android
8. Continue to Patch Boot Image below

1. Extract boot.img from the factory image ZIP if you haven't done so already
2. Install Magisk on your phone
3. Move the boot image to your phone via USB, and patch it using "Select and Patch a File" in Magisk
4. Move the patched boot image back to your PC
5. Reboot to bootloader
6. Flash the patched boot image:
Code:
fastboot flash boot [patched boot image]
7. Reboot to system.

For subsequent updates to Android 12:
DO NOT USE AUTOMATIC UPDATE! DO NOT LET THE DEVICE BOOT BEFORE YOU DISABLE VERITY AND VERIFICATION!

Follow the same directions as above, except you don't have to wipe.

Key reminders:
* The OTA does not have a way to set the disable flags for vbmeta, so if you update via OTA, you will have to reflash vbmeta with the disable flags every time you update.
* The most critical thing to remember is that once you have disabled verified boot and gained permanent root, YOU MUST NOT let the device boot into Android if /vbmeta is flashed without disabling verity and verification.
* If you forget to do this and let the device boot into Android, you will end up in Rescue Party: Recovery Mode screen with the message "Can't load Android system. Your data may be corrupt." YOU WILL HAVE TO WIPE TO GET ROOT BACK.



If you run into problems, or just want to share your results, please feel free to post your method and results in this thread.
 
Last edited:

elong7681

Senior Member
May 23, 2015
307
89
40
US
Moto X4
Google Pixel 2 XL
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?
 
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?
I'm honestly not that familiar with Magisk, sorry. I suggest you ask in the Magisk thread, they'll be of more help to you over there. Magisk modules live in /data, not /boot, so a data wipe would get rid of the module...and all your user data too.
 

zgfg

Senior Member
Oct 10, 2016
6,111
3,621
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?

Wiki:

Scroll down to read how to disable modules through Safe Mode

There is also a section how to manage modules from custom Recovery (if TWRP applies to your phone)
 
Last edited:

mistermojorizin

Senior Member
Dec 21, 2011
852
188
Google Pixel 5
You seem to understand the issue with vmeta (and the associated data wipe). So I went from android 11 to android 12 beta without a wipe and although on andorid 11 i could flash my kernels, on android 12 i cannot without vmeta/wipe. I thought I read that it was because 12 was in beta. I plan to flash the factory image of 12 today, withotu doing a wipe of course. Will i be able to flash my custom kernles again?
 

ShadowJP88

Senior Member
May 5, 2015
111
14
How do we get in the download mode to install the OTA?

I do use adb reboot recovery
but every time, I got this.

E:\platform-tools>adb sideload E:\platform-tools\blueline-ota-sp1a.210812.015-cee465f5.zip
adb: sideload connection failed: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.

E:\platform-tools>adb sideload E:\platform-tools\blueline-ota-sp1a.210812.015-cee465f5.zip
adb: sideload connection failed: no devices/emulators found
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: no devices/emulators found
 

ShadowJP88

Senior Member
May 5, 2015
111
14
Once you're in recovery, are you going into ADB sideload (hold the power button, then press the volume up key, then choose "Apply update from ADB")?
I can't find out how... I only have the droid page with "no command" text
 

Attachments

  • 1634696545878.png
    1634696545878.png
    54.9 KB · Views: 126

maurocds

Senior Member
Jan 30, 2013
526
165
sorry i cant understand this:
* If, after flashing a patched boot image, you get the "unable to load/verify boot image", you probably didn't get the flags quite right. Just reflash vbmeta with the disable flags and that should fix the problem.

pixel 5 here, unlocked bootloader, did a clean flash, booted magisk , after direct install and restart i was stuck at booloader menu with that message, i don't understand what i have to do reading your post

where can i do this and how? Just reflash vbmeta with the disable flags

i had to clean flash again to use the phone
 

xunholyx

Recognized Contributor
Dec 3, 2012
7,692
5,235
Vancouver
Google Pixel 2 XL
Google Pixel 5
For re-flashing the vbmeta.img, my command has always been a little different than yours.
I use: fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
It's only a little different and your way might work, but if anyone has issues you could try this different command instead.
 

rester555

Senior Member
Oct 27, 2010
365
88
With the Android 12 stable release just around the corner, I would like to make sure we have clear instructions on how to update with root.
These instructions work with the beta as well. This may seem redundant compared to other threads, but I wanted to consolidate the relevant information to one place.


WARNING: MANUALLY INSTALLING FACTORY UPDATES OR IMAGES REQUIRES AN UNLOCKED BOOTLOADER. If your bootloader is locked, DO NOT ATTEMPT THIS. You can, however, update using the OTA via ADB Sideload on a locked bootloader. DO NOT INSTALL THE BETA OTA WITH A LOCKED BOOTLOADER. BETA SOFTWARE IS EXPERIMENTAL AND MAY BE UNSTABLE, AND YOU MAY BE UNABLE TO RECOVER YOUR DEVICE IF SOMETHING GOES WRONG.

WARNING: MODIFY YOUR DEVICE AT YOUR OWN RISK. YOU ALONE WILL BE RESPONSIBLE FOR MALFUNCTION, DAMAGE, OR LOSS OF ANY KIND IF SOMETHING GOES WRONG.


Root will be done via Magisk. If you aren't already using it, download and install to your phone.

Warning: For the sake of simplicity, I frequently will use generalizations when referring to files ("[patched boot image]" instead of "magisk_patched-23001_xxxxx.img" for example). It is YOUR RESPONSIBILITY to ensure you are flashing the correct file. The easiest way to do this is type the command in the command line without the file itself, then drag and drop the file you want to flash into the command line window.



For those of you with a locked bootloader:

Simply install the update as usual via OTA, whether automatically through Android Update, or manually via adb sideload.

First, a bit of information on why you need to follow this guide (See this post)

Two new Verified Boot features implemented in Android 12 will interfere with attempts to root. A more detailed explanation is below if you would like.

Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.

To update to Android 12 with data intact and reroot:
WARNING: Per Google, an Android 12 OTA should only be installed on a device running 12 DP or 12 Beta. However, other users were able to manually install the OTA via ADB without losing data, so DO THIS AT YOUR OWN RISK! It is currently unknown what Google's official instructions will be for installing the update, so the "best" current method is wait for automatic OTA.
If you update via automatic OTA:
1. Download the factory image (Yes, this is required) to your computer. Connect your device via USB.
2. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
3. Continue to Reflash vbmeta below

To manually install the OTA:
1. Download the OTA for your device, as well as the factory image (Yes, you need both) to your computer.
2. Install the OTA
3. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
4. Let the update complete, including reboot. Wait until you are in /system with the update process finished (no update notification)
5. Continue to Reflash vbmeta below

Reflash VBmeta
1. With device connected via USB, Developer Options enabled and USB Debugging enabled, reboot to bootloader using ADB:
Code:
adb reboot bootloader
2. Reflash vbmeta with dm-verity and boot verification disabled:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
3. Reboot to bootloader:
Code:
fastboot reboot bootloader
Continue to Patch Boot Image below.

To update to Android 12 using Android Flash Tool:
1. Open this link in Google Chrome (DO NOT USE MICROSOFT EDGE OR MOZILLA FIREFOX) Here is the link for beta
2. Connect your device via USB (make sure USB Debugging is enabled)
3. Enable ADB access in the browser
4. Select your device
5. Select the Android 12 build
6. IMPORTANT: Click the pencil icon next to the selected build
7. Ensure Wipe Device, Disable Verification, and Disable Verity are checked. DATA WIPE IS REQUIRED when updating from an older version of Android. Don't lock your bootloader if you want root. Force flash all partitions should not be necessary (but use this if you've run into problems and are starting over). Skip Secondary and Force Debuggable should be unchecked, unless you want to use ADB for root access on the stock kernel for some reason.
8. Click Install Build.
9. Wait until the update finishes.
10. Continue to Patch Boot Image below.

To update to Android 12 via ADB using the factory image:
1. Download the factory image to your computer and connect your device via USB, with USB debugging enabled.
2. Extract the contents of the factory ZIP
3. Reboot to bootloader:
Code:
adb reboot bootloader
4. If necessary, update the bootloader: WARNING: IF DONE INCORRECTLY THIS WILL BRICK YOUR DEVICE!
Code:
fastboot flash bootloader [bootloader image]
Reboot back to bootloader.
5. If necessary, update the radio:
Code:
fastboot flash radio [radio image]
Reboot to bootloader.
6. Install the update:
Code:
fastboot --disable-verity --disable-verification -w update [factory image zip]
DATA WIPE IS REQUIRED when updating from an older version of Android.
7. Let the update complete
8. Continue to Patch Boot Image below

Patch Boot Image:
1. Extract boot.img from the factory image ZIP if you haven't done so already
2. Install Magisk on your phone
3. Move the boot image to your phone via USB, and patch it using "Select and Patch a File" in Magisk
4. Move the patched boot image back to your PC
5. Reboot to bootloader
6. Flash the patched boot image:
Code:
fastboot flash boot [patched boot image]
7. Reboot to system.

For subsequent updates to Android 12:
Either install the update via OTA Sideload, then reflash vbmeta with disable flags set, or dirty flash the factory image with disable flags set.
Live boot your patched boot image from bootloader (as long as you're still on Android 12, the old kernel should work fine):
Code:
fastboot boot [patched boot image]
In system, launch Magisk then select "Direct Install" to patch the stock image in /boot.


Key reminders:
* The OTA does not have a way to set the disable flags for vbmeta, so if you update via OTA, you will have to reflash vbmeta with the disable flags every time you update.
* If you forget to do this and have a patched boot image, bootloader will return an error: "failed to load/verify boot image"
* The fastest and easiest way to update is via OTA, but remember you will lose root until you're able to reflash vbmeta and repatch the boot image.
* Manually patching the new boot image in Magisk via "Select and Patch a File" should be unnecessary every time you update. You can, instead, just keep the image you originally patched, boot it every time you update, and flash the stock image in /boot using Magisk.
* If, after flashing a patched boot image, you get the "unable to load/verify boot image", you probably didn't get the flags quite right. Just reflash vbmeta with the disable flags and that should fix the problem.
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img

I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
 

xunholyx

Recognized Contributor
Dec 3, 2012
7,692
5,235
Vancouver
Google Pixel 2 XL
Google Pixel 5
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img

I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
I haven't read his full instructions hidden behind the spoiler tags, but in my experience after flashing the vbmeta.img the first time, I needed to follow it with "fastboot -w" and wipe my phone, then flash the patched boot.img.
On subsequent updates as long as I booted to bootloader immediately after flashing the OTA.zip to flash vbmeta, I didn't have to wipe. If I boot to system by mistake, I'll need to fastboot -w again
 

rester555

Senior Member
Oct 27, 2010
365
88
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img

I haven't read his full instructions hidden behind the spoiler tags, but in my experience after flashing the vbmeta.img the first time, I needed to follow it with "fastboot -w" and wipe my phone, then flash the patched boot.img.
On subsequent updates as long as I booted to bootloader immediately after flashing the OTA.zip to flash vbmeta, I didn't have to wipe. If I boot to system by mistake, I'll need to fastboot -w again
@xunholyx I did what you suggested, flashing the vbmeta.img and then patching the magisk boot image and I got the corrupt system message in recovery. So I ended up reflashing stock image with wipe through adb.. did minimal initial setup, then reflashed the vbmeta.img to all slots and then immediately flashed the patched magisk image. That seemed to work for me to gain root on A12.
 
  • Like
Reactions: sevenmentoreindia

killchain

Senior Member
Oct 6, 2012
326
71
30
Google Pixel 4a 5G
4a 5G here (sorry, I know that this is the section for Pixel 5, but I assume most or all things are the same). I rushed and installed the OTA the normal way, thinking I'll be able to patch and flash boot.img afterwards (like normally). Update went fine (upgrading from 11, haven't used any of the DPs/betas), but after I flash the patched boot.img, I get "failed to load/verify boot images" in fastboot. Am I out of luck?
 
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img

I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
So are you saying that using the slot all flag fixed your problem?
 
  • Like
Reactions: andybones
4a 5G here (sorry, I know that this is the section for Pixel 5, but I assume most or all things are the same). I rushed and installed the OTA the normal way, thinking I'll be able to patch and flash boot.img afterwards (like normally). Update went fine (upgrading from 11, haven't used any of the DPs/betas), but after I flash the patched boot.img, I get "failed to load/verify boot images" in fastboot. Am I out of luck?
Did you follow the instructions on flashing vbmeta with the disable flags set?
 
  • Like
Reactions: andybones

esta0

New member
Oct 20, 2021
3
3
Another 4a 5G owner here. I installed the OTA via recovery yesterday and tried to flash a patched boot.img, but got "failed to load/verify boot images". Reanimated the phone using a factory image, then tried to flash vbmeta.img with verification disabled (but no wipe) and patched boot.img. The phone couldn't boot into the system and offered to perform factory reset. I didn't want to wipe anything so I didn't go with it, but it seems like there is no way to root 4a 5G and keep your data (at least for now).
But I will be happy to be proven wrong!
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    On that note, has anyone on A11 October tried either:

    - Flashing just vbmeta from A11 Oct full system image, using the disable flags, then tried a dirty flash of A12 Nov FSI, also with disable flags

    -or-

    - Dirty flash A11 Oct FSI over the same installed A11 Oct using the disabled flags, then dirty flash A12 Nov FSI

    Wondering if either would avoid the necessity of the system wipe with the first install of A12 FSI in order to be able to then flash modified boot images with success.

    If nobody's done it yet or knows for certain it wouldn't work I may go guinea pig and try it. *May not be for a bit yet, but as soon as I have a day of life buffer to deal with possible issues and restores, there's really nothing to lose as currently I have to wipe anyhow.*
    3
    Universal SafetyNet Fix 2.2.0 is out for public access; this version has been ported to Zygisk.
    2
    Agreed

    Best way to update to the latest firmware is to use the factory image, so as to avoid reflashing anything

    1. Compare bootloader version. If different, flash new bootloader image.
    2. Compare radio version. If different, flash new radio image.
    3. Flash system image:
    Code:
    fastboot update image-redfin-buildnumber.zip --disable-verity --disable-verification
    4. Allow update to complete, device will reboot into system.
    5. Patch and flash boot image.

    I recommend allowing the system a clean boot on the stock boot image before you flash a patched boot image.
    Worked perfectly, no more having to wipe hopefully for the next year.
    2
    No, I first disabled Verity and verification under Android 11.

    Then I updated with Android Flash Tool
    Well, the whole idea was to see if it was possible to upgrade to Android 12 and root without wiping data.
    So, after reading the full thread and the last page of posts, it is unclear to me whether there is now a way to upgrade to Android 12 with root and without having to wipe.
    If it is indeed possible (and confirmed) on a Pixel 5/5a, could someone write up the adjusted full set of steps required (and perhaps even start a new thread to keep it clear). I don't want to do something wrong that would require me to deal with a wiped phone (again).
    If it's not confirmed or if it doesn't work universally, I will can wait (patiently) on Android 11 until a confirmed solution emerges.

    Thanks.
    As of right now, no. Follow the directions in the OP; there is unfortunately no way that we know of to preserve your data.

    Just make sure your photos are backed up, and everything else to Google One, and you'll be fine.
    2
    Hi,

    I have a rooted (using this guide) Pixel 5 on Android 12 with,
    Unlocked bootloader​
    SP1A.211105.002.A1​
    Magisk canary 23015 and USF 2.2.0​

    I am looking to follow steps in the post above to install December security update SQ1A.211205.008 without having to wipe.

    I have some questions:
    1. Bootloader and radio image zip files are NOT the downloaded factory zip. These are inside the downloaded factory zip. Correct?
    Correct - inside the factory zip you will see radio-number.img (the radio/modem image) and bootloader-number.img (the bootloader image).
    1. To check if I need bootloader and radio update, can I just compare the names of the files for bootloader and radio in the two factory zip files (current vs new) ?
    Yes.

    1. If yes, I think I need to update both.
      Current (SQ1A.211205.008)New (SP1A.211105.002.A1)
      bootloader-redfin-r3-0.4-7758093
      radio-redfin-g7250-00161-211008-b-7807492
      bootloader-redfin-r3-0.4-7617468
      radio-redfin-g7250-00147-210830-b-7686829
    You're on the right track.
    1. I have a unlocked bootloader. If I update bootloader using following, will I have to unlock the bootloader again? What will it do to my root?
      Code:
      fastboot flash bootloader [bootloader image]
    Updating or downgrading the bootloader does not affect bootloader lock.
    1. First post in this thread says,

    What precaution do I have to take to avoid bricking my device?
    Make sure that you only flash the bootloader with the bootloader image - do not accidentally use any other image.

    The safest and most foolproof way to update is via the Android Flash Tool - it automatically updates your bootloader and radio if necessary. However, you will still need to download the factory zip and manually patch the boot image.
  • 18
    WARNING: PERMANENT ROOT WHEN UPGRADING FROM ANDROID 11 REQUIRES A DATA WIPE! THERE IS CURRENTLY NO WAY AROUND THIS.


    WARNING: MANUALLY INSTALLING FACTORY UPDATES OR IMAGES REQUIRES AN UNLOCKED BOOTLOADER. If your bootloader is locked, DO NOT ATTEMPT THIS.

    WARNING: MODIFY YOUR DEVICE AT YOUR OWN RISK. YOU ALONE WILL BE RESPONSIBLE FOR MALFUNCTION, DAMAGE, OR LOSS OF ANY KIND IF SOMETHING GOES WRONG.

    Root will be done via Magisk. If you aren't already using it, download and install to your phone.

    Warning: For the sake of simplicity, I frequently will use generalizations when referring to files ("[patched boot image]" instead of "magisk_patched-23001_xxxxx.img" for example). It is YOUR RESPONSIBILITY to ensure you are flashing the correct file. The easiest way to do this is type the command in the command line without the file itself, then drag and drop the file you want to flash into the command line window.



    For those of you with a locked bootloader:

    Simply install the update as usual via OTA, whether automatically through Android Update, or manually via adb sideload.

    First, a bit of information on why you need to follow this guide (See this post)

    Two new Verified Boot features implemented in Android 12 will interfere with attempts to root. A more detailed explanation is below if you would like.

    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.

    The good news is, disabling these features is as easy as using a command switch.
    The bad news, however, is that /data must be clean the first time this is done.


    If you update via automatic OTA: THIS WILL REQUIRE A WIPE EVERY TIME!
    1. Download the factory image (Yes, this is required) to your computer. Connect your device via USB.
    2. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
    2. Reboot to bootloader: With device connected via USB, Developer Options enabled and USB Debugging enabled, reboot to bootloader using ADB:
    Code:
    adb reboot bootloader
    3. Continue to Reflash vbmeta below

    To manually install the OTA:
    1. Download the OTA for your device, as well as the factory image (Yes, you need both) to your computer.
    2. Install the OTA
    3. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
    4. Let the update complete, and IMMEDIATELY reboot to bootloader.
    5. Continue to Reflash vbmeta below

    Reflash VBmeta
    1. Reflash vbmeta with dm-verity and boot verification disabled:
    Code:
    fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
    2. If this is the first time you are rooting Android 12, you will end up in Recovery with this message: "Can't load Android system. Your data may be corrupt." You will have to perform the factory reset to continue. Once complete, let the device boot Android.
    3. If you have previously wiped and are updating, let the device boot Android.
    Continue to Patch Boot Image below.

    1. Open this link in Google Chrome (DO NOT USE MICROSOFT EDGE OR MOZILLA FIREFOX) Here is the link for beta
    2. Connect your device via USB (make sure USB Debugging is enabled)
    3. Enable ADB access in the browser
    4. Select your device
    5. Select the Android 12 build
    6. IMPORTANT: Click the pencil icon next to the selected build
    7. Ensure Wipe Device, Disable Verification, and Disable Verity are checked. DATA WIPE IS REQUIRED when updating from an older version of Android. Don't lock your bootloader if you want root. Force flash all partitions should not be necessary (but use this if you've run into problems and are starting over). Skip Secondary and Force Debuggable should be unchecked, unless you want to use ADB for root access on the stock kernel for some reason.
    8. Click Install Build.
    9. Wait until the update finishes, including a reboot to Android.
    10. Continue to Patch Boot Image below.

    1. Download the factory image to your computer and connect your device via USB, with USB debugging enabled.
    2. Extract the contents of the factory ZIP
    3. Reboot to bootloader:
    Code:
    adb reboot bootloader
    4. If necessary, update the bootloader: WARNING: IF DONE INCORRECTLY THIS WILL BRICK YOUR DEVICE!
    Code:
    fastboot flash bootloader [bootloader image]
    Reboot back to bootloader.
    5. If necessary, update the radio:
    Code:
    fastboot flash radio [radio image]
    Reboot to bootloader.
    6. Install the update:
    Code:
    fastboot --disable-verity --disable-verification -w update [factory image zip]
    DATA WIPE IS REQUIRED when updating from an older version of Android.
    7. Let the update complete, including a reboot to Android
    8. Continue to Patch Boot Image below

    1. Extract boot.img from the factory image ZIP if you haven't done so already
    2. Install Magisk on your phone
    3. Move the boot image to your phone via USB, and patch it using "Select and Patch a File" in Magisk
    4. Move the patched boot image back to your PC
    5. Reboot to bootloader
    6. Flash the patched boot image:
    Code:
    fastboot flash boot [patched boot image]
    7. Reboot to system.

    For subsequent updates to Android 12:
    DO NOT USE AUTOMATIC UPDATE! DO NOT LET THE DEVICE BOOT BEFORE YOU DISABLE VERITY AND VERIFICATION!

    Follow the same directions as above, except you don't have to wipe.

    Key reminders:
    * The OTA does not have a way to set the disable flags for vbmeta, so if you update via OTA, you will have to reflash vbmeta with the disable flags every time you update.
    * The most critical thing to remember is that once you have disabled verified boot and gained permanent root, YOU MUST NOT let the device boot into Android if /vbmeta is flashed without disabling verity and verification.
    * If you forget to do this and let the device boot into Android, you will end up in Rescue Party: Recovery Mode screen with the message "Can't load Android system. Your data may be corrupt." YOU WILL HAVE TO WIPE TO GET ROOT BACK.



    If you run into problems, or just want to share your results, please feel free to post your method and results in this thread.
    6
    Who is calling you stupid?!?! It's an American expression: for example, your costume is ruined by rain, so, you say: it's the weather stupid.

    Anyway, I am trying to help, so, there is no reason to seek insults where there isn't one.
    It's just the way you worded it is all. I am born in America, and actually thought the same thing when I read it.
    It's confusing to me though..

    I would say, not "it's the weather, stupid"
    but rather
    "it's the stupid weather"

    so reading "It's the bootloader stupid"
    I feel should be,
    "it the stupid bootloader"

    but thank you for clearing up that you aren't passing insults.
    And it's hard to tell through text whose being argumentative, and whose being helpful.
    Glad you're the latter.
    5
    Or he/you could add this to it when flashing factory image via ADB only. Why? Because it works on the pixel 4a 5(G) and may work on the Pixel 5. It would not confuse anyone, just provide another less complicated option for upgrading/updating those phones. Seems pretty black and white to me.
    Agreed.

    The confusion arises from this:
    PS :
    Pixel 4a 5(G) phone owners need to know for the initial upgrade (Android 11 to Android 12), they do not need the fastboot flash --disable-verity --disable-verification --slot-all vbmeta vbmeta.img step in this case
    This implies that verity and verification need not be disabled when upgrading from Android 11...which if you want permanent root, is not true. This can be omitted if one flashes the factory image, as they can incorporate the flags into the command:
    Code:
    fastboot update -w --disable-verity --disable-verification image-device-buildnumber.zip
    However, if the update is performed via the OTA, then vbmeta must be specifically disabled.

    If you understand what he is saying, why not add the Pixel 4a 5(G) note to the Reminders?
    This is true across ALL affected devices - Pixels on the SD765G and Tensor. It is not specific to one device.

    Still, I will update the notes for the sake of clarity.
    4
    For those of you who have not yet wiped data and are using unrooted Android 12:

    As long as your system boots, you should be able to live boot a patched boot image and use that for temporary root:

    fastboot boot patched_boot.img

    If you are currently stuck at the "corrupted data" message in recovery, try sideloading the OTA or dirty flashing the factory image (with NO FLAGS). If that doesn't work, the only fix that I know of that works is to perform a factory reset...but if you get to that point, you might as well clean flash the factory image with both --disable flags:

    fastboot --disable-verity --disable-verification -w update redfin_image.zip

    at which point you should be able to flash and boot the patched boot image.
    4
    Who is calling you stupid?!?! It's an American expression: for example, your costume is ruined by rain, so, you say: it's the weather stupid.

    Anyway, I am trying to help, so, there is no reason to seek insults where there isn't one.
    I didn't seek one, I guess I misunderstood. I have never heard of that expression before, at least not in that context. I'm American too, and I've generally heard it like this:

    "Hey, what's making that howling noise?"
    "It's the wind, stupid!"

    I digress.

    I'll have to pick this up later; it's late, my wife is demanding....attention, and I want to enjoy the weekend.