OK, if I'm already unlocked and rooted but want to just update to the latest bootloader OF1, can I do that without having to go through the whole unlock process again? Can I just Odin something? My baseband is already on OF1. Thanks in advance.
I think you are really asking "do I need to go through the whole re-root and re-unlock process again"?
My best guess at this time is "maybe not all the way back to full stock & square zero, but partway".
The safest way to attempt it might be "preserve root, but re-do the unlock process." But even this is untested (so far... would you like to be the guinea pig?).
When you Odin-flash a new stock replacement bootloader, the phone goes back to a "locked" state, meaning that you can not boot any non-stock boot image (kernel + ramdisk). That includes:
- any custom recovery
- any custom kernel
- any 100% stock kernel which is not the same version as the new bootloader release
- any "stock kernel" which was modified in any way shape or form (for instance, new "systemless" root installs of chainfire's superSU modify the boot image, thus breaking the Samsung signature.)
I have prepared a number of different
recovery-flashable (.zip) "stock" ROMs which use the stock kernel and a nearly-stock system image (mostly I suppressed Knox or OTA deliveries in /system). What I notice is the following:
Using an
unlocked NC4 bootloader, I can boot any of these (custom recovery-)flashable ROMs (NC4/NJ6/NK1/OB6/OF1/PL1) and they will operate in a stable fashion. Only in the case of the NC4 ROM (with the NC4 stock kernel, of course) do I
NOT observe the Knox kernel warranty bit message. So that sort of implies that even though the other kernels are 100% stock (and signed by Samsung), the signing verification method is not generalized to "any Samsung-signed kernel", but rather that a given bootloader release version will only successfully validate the signature of the kernel from the same release.
BUT they all do boot successfully and are stable when booted from the NC4 bootloader ... so keep reading.
Well, we can test for other combinations: folks on
unlocked OB6 can (custom recovery-)flash the stock OB6, OF1 or PL1 ROMs to see if they boot and are stable; folks on
unlocked OF1 can try booting the OF1 or PL1 ROMs. And furthermore, test to see if they do not observe the "Knox warranty bit kernel" message on boot when they have flashed the ROM which matches the version of their currently in use (unlocked) bootloader.
All this testing described above can be done without danger: the handset owner makes a backup of their current ROM, and test-flashes the "stock" ROMs just as if it were some other ROM they were trying out. They will either boot or not or be stable or not, but if things don't work out, or someone is just volunteering to be a tester, they just restore their daily driver ROM from backup and move along. No harm no foul, just a little time spent.
The important observation here is that - so long as you can get the (recovery flashable-)stock ROM to boot and be stable using
ANY unlocked bootloader and custom recovery, you can inject root into it from the custom recovery (/system injection, not "boot image" injection). Then, you overflash only the stock bootloader (using Odin)
matching the kernel/ROM version of the rooted ROM. Even though you are locking the bootloader by doing so, the "rooted" ROM should boot just fine, as the (new) bootloader version matches the kernel/boot image version. As the ROM is already rooted, all you need to do is run the unlocker tool again (as root) to immediately unlock the new bootloader.
If this actually works, you would not need to
- do anything with the currently-installed custom recovery
- back up the entire device as if it were going to be completely wiped.
Of course, the "guinea pig" tester or first person that tries this should assume that it won't work correctly, and actually back every last thing up under the assumption that their device will get completely wiped and they will have to flash (in Odin) a full 100% stock bundle.
Whew. I used a lot of words up there^^^^, so instead let's use a concrete example:
Suppose you are (a) unlocked, (b) have a custom recovery installed, (c) your are currently on the OB6 bootloader, and (d) you have a desire to upgrade to the OF1 bootloader, and get it unlocked. The steps would look like
1) Make a back-up of your current ROM using your current custom recovery. Get a copy of the ROM backup off of the device.
2) Flash the (custom recovery-)flashable OF1 ROM. Inject root into that ROM using a method that does not modify the boot image, so the OF1 "boot image" retains a valid Samsung signature.
3) Boot the new rooted-stock ROM. Validate that root actually works. You are still on OB6 bootloader at this point, and it is highly likely that when booting you will see the "Knox kernel warranty" message (because you have a OB6 bl and a OF1 kernel).
4) Prepare a Odin flashing bundle from the OF1 full-stock tar.md5 release which contains ONLY the bootloader components (aboot.mbn, sbl1.mbn, rpm.mbn, tz.mbn, sdi.mbn). Load it into Odin in the BL slot and verify that the MD5 signature validation works.
5) Put the device into Odin/Download mode and flash the OF1 bootloader-only Odin bundle you just created. This locks the device with new OF1 firmware....
but you have a full-stock OF1 boot image and rooted OF1 ROM still on the device.
6) Boot the device.
===>> In theory (and if you did everything right) <<=== it will boot OF1 which already pre-rooted. Even though the OF1 bootloader is now locked, it shouldn't have any trouble booting... because the ROM & boot image you put in place ahead of time uses a pure-stock OF1 boot image and is indeed the OF1 ROM. Immediately use the "unlocker" tool to unlock the OF1 bootloader.
IF this all goes well as indicated above, there will have been no need to completely unload/backup the internal SD card, nor re-flash a custom recovery, or use something like the crazy complicated Yemen rooting tool. It's still a bit of work, but it's really not a lot more work than what people typically go through when they flash a new dev ROM: in all those cases they generally make a ROM backup of whatever it was they are currently using, so that they can go back to it if things don't work out with the new ROM.
Now you might have read through all of this and decided "that seems like too much work, I'll just start over from scratch". That's your choice, of course. But if you want to try this method get hold of me via PM and you can be the tester that tries it out and proves the method. But of course I will insist that you back up your entire device as a precaution. In which case, this method will be just as much work as "starting from scratch". But if it succeeds, you can help out other people in your shoes by showing them that it works... and
they will be able to save some effort.
.
