Hello, I'm new to the Android hacking/modding scene with this being the first phone I am able to unlock the bootloader for. I recently picked this phone up (Model DE2118 to be specific), and got it's bootloader unlocked and installed Lineage. Now that it is all done and out of the way, would it be possible to lock the bootloader to prevent further modifications and potential security risks? Thank you in advance.
Question Is it possible to relock the bootloader after installing a custom OS?
- Thread starter Gateway05184
- Start date
Under no circumstance should you relock the bootloader. The only OS that I know of that currently lets you do that on any device is Graphene OS on pixel devices. And that is written by extremely gifted developers. So... no... not now or anytime soon. Sorry!
Nope. While you could relock your bootloader now, you'd get an error message the next time you turned on your phone and it would refuse to boot. (And there's no guarantee that you could recover it, though usually the MSM tool works.) In most cases, you should never relock the bootloader unless you're on stock, unmodified firmware. In some cases, it is possible if the custom ROM you're using instructs you to relock your bootloader and provides their own keys for you to flash or if you build and sign your own ROMs yourself, but otherwise, it's just not worth it.
You should read this reddit post for more details as to why you shouldn't relock your bootloader.
You should read this reddit post for more details as to why you shouldn't relock your bootloader.
Yeah, I kind of figured. I tried locking the bootloader out of curiosity (obviously, you shouldn't do this.) which caused it to brick. I unbricked it using the MSM tools for the specific model. I also tried flashing the public key but it only allows recovery to boot and boot loops if you just leave it sit. lol
Not entirely true. CalyxOS allows relocking bootloader on Pixels. My own development for Oneplus 6/6T/8/8T/8Pro/9 and 9Pro allows relocking bootloader.
I managed to find a way to relock the bootloader with LineageOS installed by compiling it from source and patching a few files. Then I flashed the avb_custom_key partition via fastboot with the key I used to sign the image I've compiled. This resulted in me getting the yellow error screen (Your device has loaded a different OS.) rather than the usual orange screen you get with the bootloader unlocked. I even used a tool called "avbroot" to patch the image for magisk support.
just use the MSMDownload tool for the firmware you want, it will set it back to factory defaults and factory OS including re-locking the bootloader
NOTE: if you ever want to unlock it again just use the token file/bin file that oneplus sent you originally to unlock. no need to re-apply or ask oneplus again for new token, can just use the original one they sent you.
NOTE: if you ever want to unlock it again just use the token file/bin file that oneplus sent you originally to unlock. no need to re-apply or ask oneplus again for new token, can just use the original one they sent you.
I don't like seeing my Nord n200 boot to the unlocked bootloader screen, and found a way to prevent that.
I found the method on the Reddit forum for LineageOS.
From CevicheMixto:
I was able to complete the upgrade (dirty flash from the latest LineageOS 19.1). Here's what I had to do.
First, I upgraded the device firmware, following this guide. Note that the oneplus.com page that is linked from that guide does not appear to actually provide firmware for the Nord N200. The Oxygen Updater app does allow you to download the firmware, once the app's settings have been changed to enable "Advanced mode." It will save the firmware file in the /sdcard directory, and adb can be used to transfer it to your PC. (Alternatively, the firmware can be directly downloaded from https://android.googleapis.com/packages/ota-api/package/6be3f133f8fb9bbcc30d787679bd7b5da5e30995.zip.)
At this point, my phone would not boot into the LineageOS recovery (19.1 or 20); it kept returning to bootloader mode. I fixed this by flashing the LineageOS 20 boot, dtbo, and vendor_boot images onto the device. These images can be extracted from the LineageOS 20 ZIP file with payload-dumper-go, or they can be downloaded from the dre builds page.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash vendor_boot vendor_boot.img
(Unlike fastbootd, the bootloader does not appear to support the --slot=all option, but I only needed to flash these for the active slot.)
I was now able to boot into the (installed) LineageOS 20 recovery, choose "Apply update" and "Apply from ADB" to put the device into sideload mode. I then followed the upgrade instructions to flash the LineageOS 20 ZIP file, reboot back to recovery, and flash the MindTheGapps ZIP file.
Do yourself a favor and just load Oxygen Updater onto another Android phone and download the files. It will pop up a notice that the phone isn't the correct one, but just click advanced and download the file, then continue on.
My Nord n200 now boots with the OnePlus logo then directly to LineageOS with Android 13
I don't like seeing my Nord n200 boot to the unlocked bootloader screen, and found a way to prevent that.
I found the method on the Reddit forum for LineageOS.
From CevicheMixto:
I was able to complete the upgrade (dirty flash from the latest LineageOS 19.1). Here's what I had to do.
First, I upgraded the device firmware, following this guide. Note that the oneplus.com page that is linked from that guide does not appear to actually provide firmware for the Nord N200. The Oxygen Updater app does allow you to download the firmware, once the app's settings have been changed to enable "Advanced mode." It will save the firmware file in the /sdcard directory, and adb can be used to transfer it to your PC. (Alternatively, the firmware can be directly downloaded from https://android.googleapis.com/packages/ota-api/package/6be3f133f8fb9bbcc30d787679bd7b5da5e30995.zip.)
At this point, my phone would not boot into the LineageOS recovery (19.1 or 20); it kept returning to bootloader mode. I fixed this by flashing the LineageOS 20 boot, dtbo, and vendor_boot images onto the device. These images can be extracted from the LineageOS 20 ZIP file with payload-dumper-go, or they can be downloaded from the dre builds page.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash vendor_boot vendor_boot.img
(Unlike fastbootd, the bootloader does not appear to support the --slot=all option, but I only needed to flash these for the active slot.)
I was now able to boot into the (installed) LineageOS 20 recovery, choose "Apply update" and "Apply from ADB" to put the device into sideload mode. I then followed the upgrade instructions to flash the LineageOS 20 ZIP file, reboot back to recovery, and flash the MindTheGapps ZIP file.
Do yourself a favor and just load Oxygen Updater onto another Android phone and download the files. It will pop up a notice that the phone isn't the correct one, but just click advanced and download the file, then continue on.
My Nord n200 now boots with the OnePlus logo then directly to LineageOS with Android 13
That doesn't solve what I was originally attempting to do but I appreciate the suggestion nonetheless. However, the DE2117 OTA update is not meant for the carrier exclusive models (i.e. DE2118 aka the MetroPCs T-Mobile model.) I've already attempted this on my own DE2118 and it resulted in a boot loop. This problem doesn't exist in Lineage 19.1.
there is no known way to relock the boot-loader on a custom rom on the nord n200 . However you can re-lock in on the official firmware. You can always go back to the official firmware with the locked bootloader by flashing the official firmware via MSM Download tool
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
2Nope. While you could relock your bootloader now, you'd get an error message the next time you turned on your phone and it would refuse to boot. (And there's no guarantee that you could recover it, though usually the MSM tool works.) In most cases, you should never relock the bootloader unless you're on stock, unmodified firmware. In some cases, it is possible if the custom ROM you're using instructs you to relock your bootloader and provides their own keys for you to flash or if you build and sign your own ROMs yourself, but otherwise, it's just not worth it.
You should read this reddit post for more details as to why you shouldn't relock your bootloader.1
Under no circumstance should you relock the bootloader. The only OS that I know of that currently lets you do that on any device is Graphene OS on pixel devices. And that is written by extremely gifted developers. So... no... not now or anytime soon. Sorry!
