Edit the flash-all script and on every line that you have fastboot, add the following optionIf I were to flash factory image with verity disabled. what would the command be?
is it flash factory image then reboot to bootloader again and then, extract vbmeta and run fastboot command for disable-verity?
--disable-verity
--disable-verification
The part you would change in the flash-all.bat file is highlighted in yellow, including removing the -w to preserve data during future updates. Then just runIf I were to flash factory image with verity disabled. what would the command be?
is it flash factory image then reboot to bootloader again and then, extract vbmeta and run fastboot command for disable-verity?
flash-all.bat
hi,⚠
Hmmm, there's an update on the Play Store for "Google Play Protect Service". I'm avoiding this update thinking it might mess up passing Safetynet with the modded USNF module...
Hi Dude,All: I'm a bit overwhelmed right now with real-life work and other responsibilities. I hope you all can continue to help each other in my absence, and that I don't have to stay away too long. Thank you.
Take care, priorities!All: I'm a bit overwhelmed right now with real-life work and other responsibilities. I hope you all can continue to help each other in my absence, and that I don't have to stay away too long. Thank you.
It allows the device to boot with modified partitions. A certain amount of that is allowed by simply unlocking the bootloader. Where exactly the line is drawn seems to be a bit hazy with the Pixel 7, as some modifications with verity and verification enabled require a data wipe and others don't.what are the ramifications of disabling verity and verification?
Simply unlocking the bootloader will trip SafetyNet, so you'll need the fix in any case.
Installing a custom kernel is optional, which is why it isn't rolled into the rooting instructions. Since you're already going to have to wipe to unlock the bootloader, you may as well go ahead and disable verity and verification while you're at it.1.) do I disable verity and verification first? does this make the phone less secure? if so and there is a fix later so these don't need turned back on will I be able to flip them back ON without wiping the phone?
Disabling verity and verification aside, it is probably easier to root first then install the kernel, since you can just flash the kernel zip with an app.2.) does the kernel flashing portion happen right after unlocking the bootloader and disabling verity and verification?
3.) after that then proceed with the root instructions?
Since you're going to wipe the device after unlocking the bootloader, just skip through the initial setup the first time to get to the box to allow oem unlocking, then go through the actual setup the second time, after wiping for the bootloader unlock and disabling verity and verification.4.) then let the "welcome to your pixel" stuff start and run on the phone again?
does it make the phone any less secure per say though? this reminds me of people getting stuff to work by disabling SELinux, and while people did it, it was not recommended because it made the phone more vulnerable from a security standpoint.It allows the device to boot with modified partitions. A certain amount of that is allowed by simply unlocking the bootloader. Where exactly the line is drawn seems to be a bit hazy with the Pixel 7, as some modifications with verity and verification enabled require a data wipe and others don't.
will they stay persisted as disabled so long as i flash each month without the "-w" or will i need to remember to disable them every month when flashing security updates?Installing a custom kernel is optional, which is why it isn't rolled into the rooting instructions. Since you're already going to have to wipe to unlock the bootloader, you may as well go ahead and disable verity and verification while you're at it.
You can enable verity and verification without a wipe, but if you enable them (or forget to disable them during an upgrade), you'll have to wipe again to disable them.
but to do this I should disable verity and verification at the onset with the fastboot commands before root is installed because if I install root and then disable these, isnt the root and everything I just did undone?Disabling verity and verification aside, it is probably easier to root first then install the kernel, since you can just flash the kernel zip with an app.
I would say unlocking the bootloader is a much higher security risk. As I said above, what exactly you can get away with changing without a data wipe by only unlocking the bootloader vs also disabling verification is still a bit of an unknown on the Pixel 7. On the Pixel 6, I would have said there was zero additional security risk, since you could flash whatever you wanted, so long as you didn't break a verity device (and you could and still can freely disable verity alone without wiping).
You will have to remember to disable them with every update. If you ever forget and boot without them, you'll be forced to wipe to disable them again.will they stay persisted as disabled so long as i flash each month without the "-w" or will i need to remember to disable them every month when flashing security updates?
Root is persistent through a data wipe, but any changes you make (system setup, app installation, magisk modules, etc) will be lost. That said, yes, if you're going to install a custom kernel, you should disable verity and verification immediately after unlocking the bootloader, since you'll have to do a data wipe after either operation.but to do this I should disable verity and verification at the onset with the fastboot commands before root is installed because if I install root and then disable these, isnt the root and everything I just did undone?
fastboot flash init_boot_b magisk_patched-25200_T9evv.img
replace init_boot_b with init_bootHello
I have a fail on the magisk_patched.img flash :
FAILED (remote: partition (init_boot) not found)
I take the last platform tool (r33.0.3), usb drivers on Android studio, flashing factory firmware as it said on tuto (november one).
So, what am i forgetting please?
Edit :
I tested this :
fastboot flash init_boot_b magisk_patched-25200_T9evv.img
And that's pass!!
I saw your edit in your first post. Did you resolve this? If not, I just wanted to note another user had the exact same error message last month here. The issue ended up being an old version of fastboot on their PATH.When i try to flash factory firmware on the second slot, i have a "failed" too.
Just one question.The part you would change in the flash-all.bat file is highlighted in yellow, including removing the -w to preserve data during future updates. Then just runflash-all.bat
@Echo off
:: Copyright 2012 The Android Open Source Project
::
:: Licensed under the Apache License, Version 2.0 (the "License");
:: you may not use this file except in compliance with the License.
:: You may obtain a copy of the License at
::
:: http://www.apache.org/licenses/LICENSE-2.0
::
:: Unless required by applicable law or agreed to in writing, software
:: distributed under the License is distributed on an "AS IS" BASIS,
:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
:: See the License for the specific language governing permissions and
:: limitations under the License.
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9231809.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-cheetah-g5300g-220923-221028-b-9229469.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot --disable-verity --disable-verification update image-cheetah-t1b3.221003.008.zip
echo Press any key to exit...
pause >nul
exit
Yes, a wipe is required. Also, if you ever boot into the system without them disabled (e.g. after an update without the flags or if the device switches to an unpatched slot), you would be required to wipe to disable them.Just one question.
First time you disable verity and verification this way, you need to wipe.... right? (or maybe not..).
Correct.Just one question.
First time you disable verity and verification this way, you need to wipe.... right? (or maybe not..).
Had this with both Radioactive and Kirisakura kernels after March release, solved it by going back to stock kernel for now.My P7P has had a weird behavior since the March update: it doesn't boot to the OS right away. Now the bootloader unlocked screen shows up then the Google logo then black screen. If I push the power button again, it goes back to the bootloader unlocked screen and starts again. Then it usually initiates the boot sequence with the boot animation.
Same thing happens if I reboot. That's so weird.
Hello,Also related to this, I too use gestures but I hate the home bar/pill, so I hide it with Iconify or Fullscreen/Immersive Gestures module.
I'm curious how Circle to Search would be triggered in a scenario like this. There's basically no bar and the space it occupies is also hidden.
init_boot.img
, NOT boot.img AND we flash the patched init_boot to the init_boot partition - do not flash it to the boot partition.Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.
Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See Post #2 - Unlocking Bootloader / Rooting / Updating | SafetyNet | ADB/Fastboot & Windows USB Drivers.
If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.
There are no permanent negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while your bootloader is unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that it's unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.
TD1A.220804.031
.
- @AndyYan
- @anirudhgupta109
- @Az Biker
- @badabing2003
- @bosox284
- @capntrips
- @Chainfire
- @chiteroman
- @DanGLES3
- @DespairFactor
- @direwolf1
- @Displax
- @edcsxz
- @Eleo
- @flar2
- @foobar66
- @Freak07
- @j4velin
- @Jawomo
- @Jon8RFC
- @jorrik98
- @kdrag0n
- @kevin@TeslaCoil
- @LLStarks
- @Lughnasadh
- Mahmud0808 on GitHub
- @mariusnoor
- @Namelesswonder
- @Osanosa
- @PurppleMonkey
- @Quinny899
- @rovo89
- @siavash79
- @Sib64
- @simplepinoi177
- @StrangerWeather
- @tbalden
- @topjohnwu
- @TotallyAnxious
- @Tulsadiver
- @Typhus_
- @V0latyle
- @VR25
- @xgerryx
- @xike456
- @xstefen
- And many others from all of the previous years who I thanked in my previous OPs.
Will never be able to have their bootloader unlocked. It's like winning the lottery, and just as rare and relatively random. There is nothing that anyone on XDA can do to help you unlock your Verizon variant.
Can be unlocked once you pay the phone off, then you contact the carrier and arrange to Carrier unlock the phone. Once the phone is Carrier unlocked, then you can unlock the bootloader with the usual caveats (will wipe the device and there's no way around it).
Can be bootloader unlocked at any time. I'd try it first before putting a SIM card in the phone. If OEM unlocking is grayed out, try connecting to Wi-Fi, and reboot if necessary. If it's still grayed out, try with your SIM card, and reboot again. Historically on Pixels, most of the time you can toggle OEM unlocking immediately, but occasionally some users have found it took a little while after being either connected to Wi-Fi or having your SIM card installed in it, and then eventually (hours? day? days?) you can toggle OEM unlocking.
No idea. Feel free to ask in the thread and hopefully, someone with specific knowledge will answer.
The one-time first steps are:
- Android Settings
- About phone
- Click on
Build number
repeatedly, about seven times- Go back to the main Android Settings
- System
- Developer options
- Toggle
OEM unlocking
on. See @Namelesswonder's tip below (this won't help with variants that are supposed to be bootloader locked):
Also a little tip for anyone trying to enable OEM unlocking on a device and it is grayed out, you can force the phone to check for eligibility by connecting to the internet in whatever way, going to the dialer, and dialing*#*#2432546#*#*
(CHECKIN).
You should receive a notification from Google Play services with "checkin succeeded" and OEM unlocking should be available immediately if the device is eligible.
Google account not needed, SIM not needed, no other setup required. Works on completely-skipped-setup-wizard. Just need to make sure to connect to the internet and select the connection as metered to avoid any updates.- Toggle
USB debugging
on.- [Optional] I highly suggest you also disable
Automatic system updates
. Note that in a situation such as the Android 12 serious bootloader security issue, this setting will not keep Google from forcing an update to come through anyway.- How to actually root follows the same steps below as how to update each month.
- Download the latest ADB/Fastboot (SDK Platform Tools) and Windows USB Drivers.
- Unzip the Platform Tools and Drivers.
NOTE: If you have USB drivers for other Android devices installed, like Samsung, they can alternately sometimes work and not work with Google Pixels. I recommend uninstalling those drivers, or at least updating that driver to Google's driver as instructed below (the Device Manager entry may be different with other OEMs).
- The Windows USB Drivers may have to be installed twice:
- The first time while your phone is running and unlocked as normal.
- In Windows, right-click on the Start Button and choose
Device Manager
.- Plug your phone into the computer and look for the new hardware entry in Device Manager. Near the top of Device Manager should be
Android Device
. Click the drop-down arrow to the left of it.- Below
Android Device
, it should now showAndroid Composite ADB Interface
- Right-click the
Android Composite ADB Interface
and chooseUpdate driver
- Choose
Browse my computer for drivers
- Click
Browse
and navigate to where you unzipped the Windows USB drivers to.- Follow the prompts to install the driver.
- Keep Device Manager itself open - you'll need it again in a minute, but you can close any other Device Manager windows after you have installed the driver.
- Open a Command Prompt and navigate to the
platform-tools
folder.- Run command:
Code:adb devices
- On your Android device, you'll get an ADB prompt. Check the box to always give ADB permission and click
OK
.- Confirm that the command results in a list of Android devices. When doing these producedures, you should only have the one device you want to work on connected, to keep things simple.
- The second time to install the driver is while the phone is in Bootloader (fastboot mode), notFastbootD (fastbootd) mode. I know it's confusing.
- Run command:
Code:adb reboot bootloader
- Repeat the instructions above starting with "Right-click the Android Composite ADB Interface".
- This second time installing the drivers while in Bootloader (fastboot mode), it will show up as "Android Bootloader Interface". Thanks @simplepinoi177 for the suggestion to add this detail.
- Run command:
Code:fastboot flashing unlock
- On the phone, press either the up or down volume button once until you see
Unlock the bootloader |>|
beside the power button.- Press the power button. The phone will go black for a second and then show near the bottom
Device state: unlocked
.- After these first-time steps to unlock the bootloader, if you want to root, continue below at the step:
- Download the latest Pixel 7 Pro Factory Image (at the bottom of the "cheetah" section).
And it's a double warning if the device is brand new, the secondary slot does not even get into bootloader (because it is blank) if the active slot is becomes not bootable, automatic switching to the secondary slot bricks the device (no bootloop).
At least with factory image flashed on both slots, even if the primary slot is not system bootable, you get bootlooped and you can flash again.
Old habits are hard to break, specially if people never had issues with it in the past and are comfortable with the steps (I see a lot of people still doing factory flashing), for the very least if one chooses to stick with factory flashing, both slots should be flashed, specially with a brand new device.
Although that is still a very high risk for brand new devices because anything goes bad it's likely to end up with a brick.
OTA instructions should be the dominant guides, and factory would be used for downgrade (with a wipe).
- Download the latest Pixel 7 Pro Factory Image (at the bottom of the "cheetah" section).
- Unzip the factory image to the same
platform-tools
folder, i.e. so that flash-all.bat and all other files are in the same folder as ADB and Fastboot from the platform-tools.- * FAB VERY important - Edit the
flash-all.bat
(on Windows) orflash-all.sh
(on Linux) and remove the-w
from thefastboot update image-cheetah-etcetera.zip
line. This will keep the script from wiping your phone when you run it.- Extract only the
init_boot.img
file from theimage-cheetah-etcetera.zip
to the sameplatform-tools
folder.- Copy the init_boot.img from the PC to the phone's internal storage.
- On the phone: Apply Magisk Stable to the new stock
init_boot.img
. NOTE: It is always possible that an Android Update (Monthly, QPR [Quarterly Platform Release], new major Android versions, and Beta versions) might need a new version of Magisk Stable, Beta, or Canary from GitHub to work correctly. XDA forum for Magisk is here.
- Launch the Magisk app.
- Beside "Magisk", click "Install".
- Click "Select and Patch a File", and choose the init_boot.img that you just copied to the phone's storage.
- Copy the Magisk'd init_boot.img (filename similar to
magisk_patched-25200_1a2B3c.img
)back over to the computer.- * FAB Run commands:
Code:adb reboot bootloader flash-all.bat (on Windows) or flash-all.sh (on Linux) (Note: At least two Apple Macintosh users had trouble using the flash-all.sh - at least one of those users, everything went smooth once they used a Windows PC for this part of the process)
IMPORTANT - The flash-all will take several minutes and reboot on its own several times including to a mode called "FastbootD", and finally reboot into full Android when it's done. Do not interrupt this process. On the FastbootD screen on the phone, do not use any of the manual selection options - let the flash-all script do it's work. Do not unplug your phone until it has fully booted into Android.
Thanks to @PurppleMonkey and @xgerryx for suggesting a warning about this. Thanks to @simplepinoi177 for suggesting the "FastbootD" clarification.- On the phone:
- Wait for the phone to boot normally.
- OPTIONAL: If you want to flash both slots, after this first time, then after do the following:
So you're doing the flash-all.bat a second time on the second slot.
Code:adb reboot bootloader fastboot --set-active=other flash-all.bat
- On the computer:
- Open a Command Prompt and navigate to the
platform-tools
folder.- Run command:
Code:adb reboot bootloader
- After phone has rebooted into Bootloader (Fastboot) mode, run command:
Code:fastboot flash init_boot magisk_patched-25200_1a2B3c.img fastboot reboot
- Unlock the phone.
- Confirm that the phone boots completely normally.
- Cautiously re-enable Magisk Modules.
- Reboot.
- Confirm everything worked fine.
- If the phone won't boot correctly after having enabled Magisk Modules, see either of the two solutions below:
For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
I like to just do this first:Code:adb wait-for-device shell magisk --remove-modules
So the server is running, then I have the long one pasted and ready to go once the phone turns off.Code:adb devices
- Find problem apps, Magisk, and LSposed Modules by (three different methods) section in my next post. After following that link, you may have to scroll up a little bit and the section title will be highlighted.
These instructions assume that you've already followed the directions for unlocking your bootloader (closer to the top of this post), which includes installing the necessary drivers and platform-tools.
NOTE that it's optional to flash the Magisk'd (rooted) init_boot.img. You can flash it to both slots, you can flash it to just one slot if you need an unrooted copy of Android.
Because of some details of how the factory image zip method works, you can't use that method twice (switching slots) to update both slots AND be able to switch slots. Only one slot will work.
This Full OTA method will allow you to boot either slot.
Thanks to @Lughnasadh and @badabing2003 for testing, detailing, and refining the steps. Thanks especially to @Lughnasadh for proof-reading these steps and giving great suggestions, and making me aware of options I didn't know about.
- [ONLY if you already had your phone rooted before] UN-hide Magisk on the phone.
- [ONLY if you already had your phone rooted before] Disable all Magisk Modules just in case they're not compatible with and cause a bootloop on the new firmware
- There are three ways to get the init_boot.img:
- You can download the latest factory image zip from the bottom of the "cheetah" section, but that's a lot of wasted download for just the init_boot.img. In the factory image zip, the init_boot.img is inside the inner zip that's inside the zip you download. Put the init_boot.img in the same folder as the extracted platform-tools.
- The more effecient method is to extract the init_boot.img out of the payload.bin file, which is inside the Full OTA zip:
- Use @ssssut's (XDA thread [TOOL] A QUICK Android OTA payload dumper) OR directly from GitHub.
- At the GitHub link, click the Releases link at the far right, down the screen a bit.
- Download the latest payload dumper in the Assets section for the latest release, appropriate to whichever platform you're going to run it on. For Windows, you'll likely want the .tar.gz archive that ends in
windows_amd64
.- I use the free 7-Zip to extract the .tar.gz. I use it for zips, too. I use it for everything with rare exception.
- Extract the payload dumper to the same folder you have ADB, Fastboot, and the OTA zip.
- Extract the payload.bin out of the OTA zip.
- Open a Command Prompt while in the same folder as the ADB, Fastboot, OTA zip, payload.bin, and payload dumper.
payload-dumper-go.exe -p init_boot -o . payload.bin
- The period . after -o will cause it to put init_boot.img in the same folder as where you're running the command in.
- Possibly the easiest way to get the init_boot.img out of the payload.bin (and patch it at the same time), and still two variations of this particular solution: Magisk does all the work.
- Your choice - either copy the entire Full OTA zip, OR just the payload.bin from the zip to your phone.
- OPTIONAL - if you need to disable Verity and Verification (for custom kernels that require it), then use either of the first two init_boot.img extraction methods above for the vbmeta.img, substituting the correct partition/image name, as appropriate.
- If one of the first two methods were used (factory image zip OR using payload dumper on the payload.bin), copy the init_boot.img to your phone.
- Continue here for all methods:
- Launch Magisk.
- To the right of "Magisk", click "Install".
- Click "Select and Patch a File"
- Find and click on either the Full OTA zip, payload.bin, OR init_boot.img, depending on which method you decided to use.
- As appropriate, Magisk extracts and generates the Magisk-patched init_boot.img.
- Copy the Magisk'd init_boot.img back to the PC.
adb reboot sideload
adb sideload cheetah-ota-AB#a.YYMMDD.##-blah.zip
- Choose recovery menu option
reboot to bootloader
- OPTIONAL - if you need to disable Verity and Verification (for custom kernels that require it):
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot flash init_boot Magisk'd_init_boot.img
- If your Magisk'd init_boot.img filename has spaces in it, then use Quotes " " around it:
fastboot flash init_boot "Magisk'd init_boot.img"
- Temporarily boot into the newly updated/rooted slot, to test to make sure it boots and all seems normal:
fastboot reboot
- Unlock your phone to be assured things are working satisfactorily.
- The rest (except
fastboot reboot
at the end) is optional, if you want to update the other slot.- NOTE that it it NOT necessary to tell the phone to change slots. Each time you flash the OTA, the phone changes slots already.
adb reboot sideload
adb sideload cheetah-ota-AB#a.YYMMDD.##-blah.zip
- Choose recovery menu option
reboot to bootloader
- OPTIONAL - if you need to disable Verity and Verification (for custom kernels that require it):
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot flash init_boot Magisk'd_init_boot.img
- If your Magisk'd init_boot.img filename has spaces in it, then use Quotes " " around it:
fastboot flash init_boot "Magisk'd init_boot.img"
fastboot reboot
- Unlock the phone.
- Confirm that the phone boots completely normally.
- Cautiously re-enable Magisk Modules.
- Reboot.
- Confirm everything worked fine.
- If the phone won't boot correctly after having enabled Magisk Modules, see either of the two solutions below:
For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
I like to just do this first:Code:adb wait-for-device shell magisk --remove-modules
So the server is running, then I have the long one pasted and ready to go once the phone turns off.Code:adb devices
- Find problem apps, Magisk, and LSposed Modules by (three different methods) section in my next post. After following that link, you may have to scroll up a little bit and the section title will be highlighted.
If you ever need to switch slots, then from running Android:
Code:adb reboot bootloader fastboot --set-active=other fastboot reboot
Hide the Magisk app
.Systemless hosts
. This adds a Magisk Module to Magisk, which you can verify in a later step.Zygisk
on.Enforce DenyList
on.Configure DenyList
.Google Play Services
which it's fine to add to the DenyList, but it's perfectly normal when used in combination with the Universal SafetyNet Fix (USNF) that it is back to being unchecked the next time you visit the DenyList. Since USNF takes care of Google Play Services, you don't even have to add it to the DenyList in the first place.Modules
at the bottom.Systemless hosts
Magisk Module is added to this list, and enabled.The Play Integrity pop-up that appears should say:Go to the Play Store/Settings/General/About and tap the Version 4 times til the Dev Options for the Play Store Opens, then back out.
Go to those new Dev Options and check integrity there.
[MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY]
Did you try clearing cache and data in Wallet, GPay, Play Services, Google Framework, make sure SELinux is Enforcing??
Also I have the Deny List enabled.
STRONG_INTEGRITY
with an unlocked bootloader.
- Download the custom kernel of choice on the phone.
Be sure to read the particular installation instructions in the kernel threads' OP - any instructions in their OPs takes priority over anything I say here, which is generalized.
How to determine if you already have Verity and Verification disabled - see section in Post #3 - Other, most important resources- The two schools of thought on disabling Verity and Verification:
- My post here. If you want to discuss it any, please do so in my thread, or at least not in that custom kernel thread, so as to keep the thread on-topic.
- Extract the
vbmeta.img
file from the inner Zip of the factory image zip and put it in the same folder with the extracted platform-tools.- Hook the phone up to your computer and run the following commands:
[wait for the phone to reboot to bootloader (fastboot mode)]Code:adb reboot bootloader
Code:fastboot flash vbmeta vbmeta.img --disable-verity fastboot reboot
- Unlock the phone once it's booted up.
- Make sure the Kernel Flasher app is up to date. XDA thread for the Kernel Flasher app is here.
- Launch Kernel Flasher.
- Select the slot that's mounted.
- Choose Flash AK3 Zip.
- Select the custom kernel zip just downloaded.
- When it's done flashing, head to Android Settings and perform a Factory Reset, as is currently needed for Despair kernel.
- If you failed to disable Verity and Verification ahead of time, if you have to, just force the phone off using these instructions: Turn your Pixel phone on & off, then press the Volume Down and Power buttons for a couple of seconds to get into the bootloader (fastboot mode). You'll still have to factory reset after disabling Verity in combination with this kernel, for now.
- Whenever you use the flash-all to flash your phone, as long as you want to continue to disable Verity and Verification, you'll have to further modify the flash-all script as such:
Code:fastboot update image-cheetah-buildnumber.zip --disable-verity --disable-verification
A relevant excerpt from @Freak07's Pixel 7 Pro Kirisakura custom kernel thread:
F.A.Q:
Question: How do I disable the vbmeta flags for verity/verification?
Answer: The easiest solution is to use the android web flash tool and tick the correct checkbox.
Alternatively extract the vbmeta.img from the matching factory image and flash it in fastboot via:
Please note that disabling those flags will require a full wipe for the device to boot if coming from flags enabled state!Code:fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
And a further note: You need to repeat this command every time you flash a full firmware zip ( a factory image or a full OTA.zip) to update the firmware of your phone as those contain a vbmeta image. Otherwise the flags will be reset to default enabled and it will require another wipe to disable them again! As with the firmware.zips, you need to tick the checkbox in the webflasher every month you update your phone or flash a firmware there!
Verity enabled -> Verity disabled will require a wipe (every single time)
Verity disabled -> Verity enabled does not require a wipe, but if this happened because you forgot to keep it disabled, then you would need to disable it again and it will require a wipe.
Another caveat that you should be careful about, these devices have two slots, you might end up disabling verity on one slot, switch to the other intentionally or unintentionally which has it enabled, you can't switch back without a wipe.
Hence why it is advisable that the very first time you want to disable Verity, you do the following.
Code:adb reboot bootloader fastboot --slot all --verbose --disable-verity --disable-verification flash vbmeta vbmeta.img fastboot -w fastboot reboot
This will disable verity on both slots, perform the wipe and bring your to OOBE
At this point do what you want, and making sure that each time you keep Verity disabled.
If you forget to disable Verity and Verification, then if you don't actually try to boot the phone, you can disable them and no factory reset will be required.
If you forget to disable them, and you do try to boot the phone, then yes, you'll have to factory reset.
Note that disabling or not disabling them doesn't actually wipe your device, no matter what. It's a small difference, but rather, they corrupt (or report as corrupt) your device until you wipe it manually (although that's not the only cause of corruption messages, and in at least one other case, a different solution is required).
I have chosen to never disable them, but that's my personal preference. I have one or two accidents a year anyway where I forget some step on my phone, without having to worry about disabling them.
I am hoping that the method that has been found recently on the Pixel 7 Pro, to not need to disable them for custom kernels that implement the fix, will apply to the Pixel 7 Pro, too. If not, then I won't be using custom kernels. Nothing against anyone at all, especially the Developers. I'm just too clumsy.
You'll need this if you're going to unlock the bootloader on your Pixel 7 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
Direct downloads:
Mac https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
Linux https://dl.google.com/android/repository/platform-tools-latest-linux.zip
Windows https://dl.google.com/android/repository/platform-tools-latest-windows.zip
You can alternately use the tools from the SDK Manager, but most of us will want to stick to the basic tools-only without the complications of the full development manager.
For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after youadb reboot-bootloader
, to be able to use ADB and Fastboot.
adb reboot bootloader
fastboot flash init_boot init_boot.img
I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 7 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel7pro.html.
It's also handy to have to the full official firmware available, whether it's to recover from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 7 Pro (Cheetah) section: Pixel 7 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.
Worked for me yesterday when I accidentally tried some old version of a Magisk Module. You have to reinstall your Magisk Modules, but if you're using a third-party widget, it won't disable them like Safe mode does.For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
I like to just do this first:Code:adb wait-for-device shell magisk --remove-modules
So the server is running, then I have the long one pasted and ready to go once the phone turns off.Code:adb devices
In the future try this
adb wait-for-device shell su -c "touch /data/adb/modules/zygisk_lsposed/disable"
adb reboot
OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.
Alternative two more manual ways of checking:I keep seeing this asked, so I added a Magisk module for it to the linked Github release. With the module installed, you can just run:
Code:su avbctl get-verity avbctl get-verification
I spent way more time debugging that I downloaded Github's HTML of theupdate-binary
script rather than the raw file than I care to admit. Off to bed.
Since you´re probably already rooted anyway if you plan to flash this kernel, simply reboot your device. After you enter the device immediately take a kernel log with for example EXKM or any other app that allows to do that, terminal, etc.
Look for that line
[ 1.273480] init: [libfs_avb]AVB HASHTREE disabled on: /vendor_dlkm
If you see this line, verity/verification should be disabled.
I've seen several cases where having the ability to check would have been handy, so I pushed anavbctl
binary built against the latest aosp sources here.
The simplest way to use it would be the following:
Code:adb push avbctl /data/local/tmp adb shell su cd /data/local/tmp chmod +x avbctl ./avbctl get-verity ./avbctl get-verification
Indeed. My MOD is a temporary solution until kdrag0n release accurate fix.I would expect that once 2.4.0 is released publicly, we should probably go back to using the official release, but conversely, as long as something works for you, there's also not necessarily a need to fix what isn't broken. Personally, I plan on switching once it's made completely public.
Note that @Displax wasn't trying to replace the official version - they always kept it the same version as the most recent official along with "Mod", "Mod 2", or "Mod 2.1", so that suggests to me they were merely making temporary workarounds until/if the official was updated.