/!\ WARNING /!\ Do NOT relock your bootloader around the time of updating to 5.1!

Status
Not open for further replies.
Search This thread

danarama

Senior Member
Aug 22, 2010
31,283
18,814
Oxenhope, West Yorkshire, UK
Guys,

We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.

If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.

If you feel you absolutely must relock your bootloader (at your own risk) please boot the phone up to check it works properly before doing this. If you intend flashing roms and kernels or custom recoveries, locking the bootloader is not a good idea

Please also see the below link provided by @efrant
https://support.google.com/nexus/answer/6172890?hl=en
This goes into more detail about how google have enhanced device security with 5.1 and some other pitfalls that you may wish to avoid. This is pretty salient information, so do give it a read.
 
Last edited:

daijizai

Senior Member
Oct 27, 2005
306
49
Good advice, i would add to that NEVER LOCK YOUR BOOTLOADER.

Sent from my Nexus 9 using XDA Free mobile app

And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.

Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.

Why are we making our phones so insecure just to have root? Not cool.
 
So just to be clear the correct procedure would be to boot the device after updating enable the setting and then go and lock your bootloader? Or just keep it unlocked overall.

Personally I keep mine unlocked but for those wanting to take full advantage of androids new device protection a locked bootloader would serve a purpose. Preventing someone from just flashing a custom rom and keeping your device.
 
Last edited:
  • Like
Reactions: phishfi

xander45

Senior Member
Jul 10, 2013
115
22
I thought I really #$# up

Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.

I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...
 

kng60ft

Member
Jun 17, 2010
25
2
Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.

I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...

im so new to this but im rooted with an unlocked bootloader but im running full stock android. i only rooted just so i can chance the provision to get free tethering with my unlimited data. i have the wugfresh nexus tool kit and cant for the life of me figure out how to upgrade my nexus 6 to 5.1. Is there in anyone that can get me a step by step on how to update so i can take advantage of hd calling and silmutaneous voice and data... ive been waiting tooooooooooo long for this update..
 

RW-1

Senior Member
Jun 30, 2010
889
336
www.dynamicflight.com
Guys,

We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.

If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.

Hi root,

I saw that thread yesterday ...

I thought this was already covered when the N6 came out, to get the bootloader unlocked you had to do a 1st boot of the device and ENABLE OEM Unlock, then you were good to go to get into fastboot and unlock.
The reason was google put the option there for 5.0, vice all our previous versions which had no toggle for it.

I think it was people jumping the gun and not doing that first boot, but immediately jumping into fastboot and flashing, and that caused it, yes? Because the BL wasn't unlocked, they couldn't flash the OTA and boot img ...
 

doitright

Senior Member
Oct 31, 2014
1,512
861
And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.

Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.

Why are we making our phones so insecure just to have root? Not cool.

This is nonsense.
You need *physical* access to it in order to carry out such an attack.
If your phone leaves your PHYSICAL access, then you already know not to trust what is on it, whether or not it has an unlocked bootloader.
 

the_rooter

Senior Member
Aug 3, 2014
2,075
525
Olean
Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.

I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...

im so new to this but im rooted with an unlocked bootloader but im running full stock android. i only rooted just so i can chance the provision to get free tethering with my unlimited data. i have the wugfresh nexus tool kit and cant for the life of me figure out how to upgrade my nexus 6 to 5.1. Is there in anyone that can get me a step by step on how to update so i can take advantage of hd calling and silmutaneous voice and data... ive been waiting tooooooooooo long for this update..

There is no need to lock the device to take an OTA. You can keep it unlocked and do an ota
 

daijizai

Senior Member
Oct 27, 2005
306
49
This is nonsense.
You need *physical* access to it in order to carry out such an attack.
If your phone leaves your PHYSICAL access, then you already know not to trust what is on it, whether or not it has an unlocked bootloader.
Not nonsense. Yes you need physical access to carry out the attack, but with a locked bootloader and the new precautions against unlocking and fastboot it makes locked bootloaders fairly bulletproof.

I cannot recommend unlocked bootloaders to anyone that works SCIF'd and leaves their phone in a shared box during the day, anyone that crosses international borders, or anyone whose phone might contain IP or trade secrets and could be a target of theft.

This is as much about trusting the phone afterwards as it is about protecting your data on the phone - even when encrypted.
 
  • Like
Reactions: schwartz.matthew.e

the_rooter

Senior Member
Aug 3, 2014
2,075
525
Olean
So just to be clear the correct procedure would be to boot the device after updating enable the setting and then go and lock your bootloader? Or just keep it unlocked overall.

Personally I keep mine unlocked but for those wanting to take full advantage of androids new device detection a locked bootloader would serve a purpose.

Just keep it unlocked
 

nyteryder79

Member
Jun 10, 2012
16
32
Guys,

We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.

If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.

If you feel you absolutely must relock your bootloader (at your own risk) please boot the phone up to check it works properly before doing this. If you intend flashing roms and kernels or custom recoveries, locking the bootlaoder is not a good idea

I had this boot loop also, but clearing Cache and Dalvik seemed to fix the loop for me.
 
  • Like
Reactions: Televinken

danarama

Senior Member
Aug 22, 2010
31,283
18,814
Oxenhope, West Yorkshire, UK
  • Like
Reactions: Marcellus1
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 21
    Guys,

    We've seen several people have flashed system.img's and OTA's and ended up in a bootloop.. Not the end of the world really, BUT for some reason, before you can unlock your bootloader using fastboot, you must enable OEM unlock in Developer options in Android settings - which you cannot do if you are bootlooping.

    If you still have a custom recovery, you'll be fine but if you're 100%, locked bootloader and bootlooping, we haven't found a fix yet so please do not lock your bootloader.

    If you feel you absolutely must relock your bootloader (at your own risk) please boot the phone up to check it works properly before doing this. If you intend flashing roms and kernels or custom recoveries, locking the bootloader is not a good idea

    Please also see the below link provided by @efrant
    https://support.google.com/nexus/answer/6172890?hl=en
    This goes into more detail about how google have enhanced device security with 5.1 and some other pitfalls that you may wish to avoid. This is pretty salient information, so do give it a read.
    16
    Good advice, i would add to that NEVER LOCK YOUR BOOTLOADER.

    Sent from my Nexus 9 using XDA Free mobile app

    And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.

    Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.

    Why are we making our phones so insecure just to have root? Not cool.
    11
    Why are we making our phones so insecure just to have root? Not cool.
    The stuff on my phone consists of the following:

    1) Phone numbers of all my friends and family;
    2) LOTS of pictures of my cat;
    3) LOTS of pictures of my friends and family;
    4) Texts consisting of messages like, "I'll be there at 10am", "Did you pick up the milk at the store?", "What do you want for dinner?", "Don't call me for the next hour, I am taking a nap" and "I don't have anything to make for dinner, let's go out to eat";
    5) Pictures of the things I make for dinner or eat when I go out to dinner; and
    6) EVEN MORE pictures of my cat.

    That's about it. I really could careless about cross border security and illegal search and seizures. The most anyone is going to glean from my phone is the names and phone numbers of my friends and family and that I love my cat and love to eat, lol!

    I do love me some Xposed modules, though so I need root!!!!

    Those of you keeping business confidential/trade secret information on your personal phones are nuts if you unlock/root and I certainly wouldn't do that w/o my employer's consent. And if you work for the government and have a security clearance and keep secret government information on a rooted/unlocked phone, you deserve to lose your job and go to jail if the phone gets hacked.

    ---------- Post added at 05:44 AM ---------- Previous post was at 05:31 AM ----------

    I cannot recommend unlocked bootloaders to anyone that works SCIF'd and leaves their phone in a shared box during the day, anyone that crosses international borders, or anyone whose phone might contain IP or trade secrets and could be a target of theft.
    Those people should not be rooting or unlocking their bootloaders at all.

    ---------- Post added at 06:00 AM ---------- Previous post was at 05:44 AM ----------

    Today I learned that people re-lock their bootloader after flashing an update.
    Today I learned that people who have business confidential/trade secret and classified information on their phones are so reckless with their employer's and the government's information that they unlock and root their phones.
    4
    And I would add that I completely disagree with this statement. Coming from an infosec standpoint, I keep my bootloader locked, and just suffer the reset when I need to tweak. If you don't, anyone - not just you - can replace your system partition or boot a random IMG which could inject functionality. This may not be the most common mechanism for attack as it requires physical access, but it basically obviates the encryption with a deepfreeze style boot IMG.

    Additionally, when you think about this in context of the border crossing exemptions many countries, including the US, have to protections against unwarranted search, I would recommend that anyone with proprietary or sensitive business data who crosses international borders keeps their bootloader locked when not modifying the system. Also, until custom recoveries include security features, I recommend using stock.

    Why are we making our phones so insecure just to have root? Not cool.

    This is nonsense.
    You need *physical* access to it in order to carry out such an attack.
    If your phone leaves your PHYSICAL access, then you already know not to trust what is on it, whether or not it has an unlocked bootloader.
    3
    Thank you for posting this...when 5.1 was dropping, I attempted to return to stock...all the way.to be able to take Verizon's OTA...when i locked the boot loader, i was stuck in a boot loop with the android guy and the gear box spinning FOREVER.....its is not easy to get out of the loop, but i managed to boot back up into boot loader mode, and force a stock image using toolkit.

    I am now unlocked, running 5.1 on Verizon, have full LTE/VOLTE, can speak and surf at same time...i have not rooted yet...but just glad it was not me....had a heart attack two nights ago...

    im so new to this but im rooted with an unlocked bootloader but im running full stock android. i only rooted just so i can chance the provision to get free tethering with my unlimited data. i have the wugfresh nexus tool kit and cant for the life of me figure out how to upgrade my nexus 6 to 5.1. Is there in anyone that can get me a step by step on how to update so i can take advantage of hd calling and silmutaneous voice and data... ive been waiting tooooooooooo long for this update..

    There is no need to lock the device to take an OTA. You can keep it unlocked and do an ota