Goodoh.
I don't have a Samsung device, but noted this requirement for those who do, and I guess it's peculiar to Samsung. At least my (Xiaomi) device w/ unlocked bootloader doesn't grey-out OEM unlocking toggle.
Not sure attestation fails due to Knox trip (guess you mean evalType = Hardware / ctsProfile fails?) - After all you should be able to relock bootloader to pass ctsProfile even w/ Knox fuse blown, and ctsProfile trip due to Hardware key attestation w/ unlocked bootloader is common to most recent devices now, even if evalType shows Basic. Solution is to use Universal SafetyNet Fix Magisk module and Magisk root. (Working presently incl. customised fix for Samsung which, of course, also have tripped Knox, but won't work after Google swings the Big Hammer finally.)
You won't be able (on recent Samsung devices) to reset Knox so will have lost ability to set up/use secure Knox partition and possibly other 'Enterprise' mode features forever.
Please correct me if there is any evidence attestation is affected by Knox status. Would be helpful to know of any new connection. PW
I've tried the latest Canary, still does not work. What I've done and discovered so far:
- The proper way to enter ODIN mode on a SM-T575 is not "adb reboot download" - this ODIN invocation won't print much debug information. Power the tablet off, then hold VolUp+VolDn, then plug in the USB cable.
- The way to Recovery is hold the red Bixby button and VolUp, then press power to boot (and with unlocked bootloader, you may need to press Power again - but keep holding Red/VolUp!
- The way to Safe Mode: press and hold VolDn.
- KG State is "Prenormal" (probably "Knox Guard"), FRP LOCK is OFF, OEM LOCK is OFF (U), Secure Download is Enabled (whatever that means)
- Replacing the vbmeta.img and vbmeta_samsung.img with an empty one (created with avbtool info_image --image empty.img) doesn't help, still the same error about "only official released binaries allowed to be flashed
- A really nasty problem: removing super.img and userdata.img to reduce the file copy and flash times from the stock AP image and to prevent ODIN from wiping out all user data (and thus, also from the Magisk patched image) leads to a corrupt system. Here's what I did: a flash of the full stock AP image, followed by booting into Android, doing the first-time initialization, rebooting to ODIN mode, and then flashing stock AP image sans userdata.img / super.img yields a prompt_and_wipe_data reason=set_policy_failed:/data/misc error in last_history. So, then I wiped the data in recovery, completed the install assistant - suddenly, it crashes and goes to recovery again, this time with a postrecovery_failed / rason=dataresizing_failed / RecoverySystemdataresizing_failed in /cache/recovery/last_history.
- Removing only userdata.img seems to work, but of course it takes *ages* to copy files between my Windows machine where Odin runs and my Mac
Is there anything I can do to help?