Because the (SM-N900V) bootloader unlock allows you to flash anything you please in the Odin AP slot (but probably not a bootloader firmware downgrade), I'm wondering:
Have any of you tried partial-stock Odin flashes (just boot.img and system.img) which downgrade only the Stock ROM and kernel?
[ for example, you are on (unlocked) OF1 or OB6 and you flash just boot.img/system.img from the Stock NK1 distro? (clean flash obviously; I suppose the system.img could also be pre-rooted & pre-debloated) ]
This is mostly for the lulz; what I am wondering is if the stock kernels enforce a "bootloader version match" policy (in addition to the bootloader Odin flashing Anti-Rollback enforcement). The bootloaders pass their version string as a command line argument to the kernel that they boot; I suppose the stock kernels could use that value for lockstep-policy enforcement.
I'd run the experiment myself, but I'm still on MJ7 so there's little for me to test (afaik MJ7 can be downgraded to MI9 even *with* a locked bootloader)
One of these days I'll upgrade my boot firmware*, but that day hasn't arrived yet.
* there are multiple experiments which could be run at that time:
(a) Odin flash only bootloader, tz, apnhlos & radio firmware "underneath" a custom or rooted ROM, eliminating the need to re-root prior to re-performing bootloader unlock on upgraded firmware.
(b) use dd to manually flash all bootloader, tz, apnhlos, & radio with an offline-modified aboot, creating a pre-unlocked, pre-rooted firmware upgrade.
(b) seems a bit more dangerous esp. if there is any real time protection of firmware partitions in the tz.
Have any of you tried partial-stock Odin flashes (just boot.img and system.img) which downgrade only the Stock ROM and kernel?
[ for example, you are on (unlocked) OF1 or OB6 and you flash just boot.img/system.img from the Stock NK1 distro? (clean flash obviously; I suppose the system.img could also be pre-rooted & pre-debloated) ]
This is mostly for the lulz; what I am wondering is if the stock kernels enforce a "bootloader version match" policy (in addition to the bootloader Odin flashing Anti-Rollback enforcement). The bootloaders pass their version string as a command line argument to the kernel that they boot; I suppose the stock kernels could use that value for lockstep-policy enforcement.
I'd run the experiment myself, but I'm still on MJ7 so there's little for me to test (afaik MJ7 can be downgraded to MI9 even *with* a locked bootloader)
One of these days I'll upgrade my boot firmware*, but that day hasn't arrived yet.
* there are multiple experiments which could be run at that time:
(a) Odin flash only bootloader, tz, apnhlos & radio firmware "underneath" a custom or rooted ROM, eliminating the need to re-root prior to re-performing bootloader unlock on upgraded firmware.
(b) use dd to manually flash all bootloader, tz, apnhlos, & radio with an offline-modified aboot, creating a pre-unlocked, pre-rooted firmware upgrade.
(b) seems a bit more dangerous esp. if there is any real time protection of firmware partitions in the tz.
