How To Guide [GUIDE] Pixel 6 "oriole": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread

V0latyle

Forum Moderator
Staff member
⚠️⚠️⚠️WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST! ⚠️⚠️⚠️

If you are looking for my guide on a different Pixel, find it here:
Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates, as well as support for the Android 13 beta.
Discussion thread for migration to 24.0+.

DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

Prerequisites:


Android Source - Setting up a device for development


  1. Follow these instructions to enable Developer Options and USB Debugging.
  2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
  3. Connect your device to your PC, and open a command window in your Platform Tools folder.
  4. Ensure ADB sees your device:
    Code:
    adb devices
    If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
    If you see "unauthorized", you need to authorize the connection on your device.
    If you see the device without "unauthorized", you're good to go.
  5. Reboot to bootloader:
    Code:
    adb reboot bootloader
  6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
    Code:
    fastboot flashing unlock
    Select Continue on the device screen.

  1. Install Magisk on your device.
  2. Download the factory zip for your build.
  3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
  4. Copy boot.img to your device.
  5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
  6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
  7. Reboot your device to bootloader.
  8. Flash the patched image:
    Code:
    fastboot flash boot <drag and drop master root.img here>
  9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

  1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
  2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
  3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
  4. You should now be updated with root.

  1. Download the OTA.
  2. Reboot to recovery and sideload the OTA:
    Code:
    adb reboot sideload
    Once in recovery:
    Code:
    adb sideload ota.zip
  3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
  4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
  5. Reboot to bootloader.
  6. Boot the master root image (See note 1):
    Code:
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  8. Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
  1. Download the factory zip and extract the contents.
  2. Reboot to bootloader.
  3. Compare bootloader versions between phone screen and bootloader.img build number
    Code:
    fastboot flash bootloader <drag and drop new bootloader.img here>
    If bootloader is updated, reboot to bootloader.
  4. Compare baseband versions between phone screen and radio.img build number
    Code:
    fastboot flash radio <drag and drop radio.img here>
    If radio is updated, reboot to bootloader.
  5. Apply update:
    Code:
    fastboot update --skip-reboot image-codename-buildnumber.zip
    When the update completes, the device will be in fastbootd. Reboot to bootloader.
  6. Boot the master root image (See note 1):
    Code:
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  8. Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update  --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

For instructions, downloads, and support, please refer to the PixelFlasher thread.

  1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
  2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
  3. Boot the master root image (See note 1):
    Code:
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  5. Reboot your device. You should now be updated with root.

SafetyNet has been deprecated for the new Play Integrity API. More information here.

In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.

However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to bypass TEE, meaning that the device will pass BASIC and DEVICE integrity.

Mod available here. Do not use MagiskHide Props Config with this mod.

This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
  • Google Play Store
  • GPay
  • Any banking/financial apps
  • Any DRM media apps
Modules:
  • Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
To check Play Integrity status:
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

Points of note:
  • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
  • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
    screenshot_20211218-194517-png.5486339
  • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
  • "App" simply shows the version of the app itself.
  • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
  • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
  • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


Credits:
Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
 
Last edited:

draymond1987

Senior Member
Apr 21, 2014
365
128
Philadelphia
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
 
  • Like
Reactions: V0latyle

lackalil

Member
Mar 10, 2011
33
8
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
 

V0latyle

Forum Moderator
Staff member
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
 

lackalil

Member
Mar 10, 2011
33
8
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
 
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
 
  • Like
Reactions: V0latyle

V0latyle

Forum Moderator
Staff member
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
 

V0latyle

Forum Moderator
Staff member
  • Like
Reactions: miss and JimSmith94

sic0048

Senior Member
Jun 25, 2010
981
521
Google Pixel 6
Google Pixel 6a
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
 

vandyman

Senior Member
Jul 30, 2012
848
467
S.Jersey
Google Pixel 5
Google Pixel 6
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.

You really never know if there is some sort of residue left from your previous setup.
 
  • Like
Reactions: sic0048

V0latyle

Forum Moderator
Staff member
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.

But yes, it's very useful to be able to test.
 

capntrips

Senior Member
Aug 29, 2020
303
668
OnePlus 6T
Google Pixel 6
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:


The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.

I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.

Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.

On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
 
Last edited:

KedarWolf

Senior Member
Apr 27, 2012
295
157
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:


The process should be considered experimental until a few other people have tested it.

I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.

Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.

On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).

So, if I use this tool after rooting OTA updates will work and I'll still have root?

Edit: And can you explain more clearly the process on how to do this?
 
Last edited:

capntrips

Senior Member
Aug 29, 2020
303
668
OnePlus 6T
Google Pixel 6
So, if I use this tool after rooting OTA updates will work and I'll still have root?

Edit: And can you explain more clearly the process on how to do this?

No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

The steps would be:
  1. Restore boot in the Magisk app
  2. Restore vbmeta in Vbmeta Patcher
  3. Take the OTA in System Updater
  4. Patch vbmeta in Vbmeta Patcher
  5. Patch the new boot image in the Magisk app and copy it to your computer
  6. Reboot into fastboot
  7. Boot from the new patched boot image
  8. Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
 
Last edited:

V0latyle

Forum Moderator
Staff member
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Patch vbmeta how? What does patching the image accomplish?
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
 
  • Like
Reactions: ipdev
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.


did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
 

lackalil

Member
Mar 10, 2011
33
8
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.

I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.
 
Last edited:
  • Like
Reactions: ipdev and dadoc04

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    FYI, your post was moved from the sticky thread, because that wasn't the appropriate place to ask your question.
    Hi, I just today purchased a Pixel 6 Pro that came with the TP1A.221005.002 build.
    Bootloader is locked and greyed out. Seems that this is the intended experience.
    I was planning on unlocking the bootloader, but it seems Google stopped allowing OEM unlocking in Android 13.
    Not true.
    Is there any hope for google to go back on this ? OEM unlocking was the reason for most people to purchase Pixels, so it would seem kinda stupid to take away their only actual feature... Do correct me if I'm wrong...

    Thanks for all the ressources you make available, just frustrated that this doesn't work :(
    This has not been removed or disabled in any way from Google non-carrier devices. The device does need to be connected to the Internet before OEM unlocking will become available; if it remains unavailable, it must be a carrier locked variant. I assume you did not buy this device direct from Google?
  • 47
    ⚠️⚠️⚠️WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST! ⚠️⚠️⚠️

    If you are looking for my guide on a different Pixel, find it here:
    Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates, as well as support for the Android 13 beta.
    Discussion thread for migration to 24.0+.

    DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:


    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code:
    fastboot flash bootloader <bootloader image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot flash radio <radio image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot update  --skip-reboot <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
    The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

    For instructions, downloads, and support, please refer to the PixelFlasher thread.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    SafetyNet has been deprecated for the new Play Integrity API. More information here.

    In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.

    However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to bypass TEE, meaning that the device will pass BASIC and DEVICE integrity.

    Mod available here. Do not use MagiskHide Props Config with this mod.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    • Universal SafetyNet Fix 2.3.1 Mod - XDA post
    To check SafetyNet status:
    To check Play Integrity status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    7
    Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before. This needs testing, make sure you back up your data and photos before you do this!

    Additionally, for the Pixel 6 and 6 Pro, fstab will now load from /system/etc which should fix the root issue many of you were having.

    Q: "If verity/verification are disabled, do I need to enable them now?"
    A: No. The only thing you have to do is update to Magisk 23016.
    Q: "Will enabling verity/verification wipe my data?"
    A: No.

    I will be updating the OP to reflect this.
    5
    Magisk 24306 (release notes) is now available on the canary channel, and I can confirm that the installation to the inactive slot OTA method is working for the April update.
    5
    Interesting. How did you command the reboot?

    When I tried to update this way on my wife's 5a, it bootlooped back to the original slot.
    I always follow these steps once I know the OTA is available:

    1. Open Magisk and select 'Uninstall Magisk -> Restore Images'
    2. Open Settings and Download/Install OTA *DO NOT REBOOT*
    3. Go back to Magisk and select 'Install -> Install to Inactive Slot (After OTA)' *DO NOT REBOOT*
    4. Go back to Settings and 'Reboot' to finalize the OTA
    5
    So, if I use this tool after rooting OTA updates will work and I'll still have root?

    Edit: And can you explain more clearly the process on how to do this?

    No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

    The steps would be:
    1. Restore boot in the Magisk app
    2. Restore vbmeta in Vbmeta Patcher
    3. Take the OTA in System Updater
    4. Patch vbmeta in Vbmeta Patcher
    5. Patch the new boot image in the Magisk app and copy it to your computer
    6. Reboot into fastboot
    7. Boot from the new patched boot image
    8. Direct Install Magisk in the Magisk App
    As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

    I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.