Hi, Yes it's possible but not trivial, and probably not for all phones. However I can confirm you that it is doable on Pixel phones and on the OnePlus 6, I did it myself.
The reason of your boot loop is because of Verified Boot (a.k.a. avb). When the bootloader is not locked, Verified Boot is disabled. However once the bootloader is locked, Verified Boot is enabled. When enabled, the signature of the images flashed on the phone are checked. From there, there are three possibilities: 1. The signatures match the manufacturer's hardware key (GREEN STATE): the phone boots normally 2. The signatures do not match the manufacturer's hardware key, but the images are still signed by an external key (YELLOW STATE): the phone boots after having displayed a warning message "You have booted a different operating system" 3. The images are not signed at all (RED STATE): Verified Boot refuses to boot the phone There is a fourth state (ORANGE STATE) which occurs only when the bootloader is not locked: Verified Boot is disabled and the phone boots after displaying a warning message "Your bootloader is unlocked". What you want here is the YELLOW STATE; that's the best you can hope for without access to the hardware key. So what you need to do is to sign your images with your own key, and generate a vbmeta images from your other signed images. The vbmeta image contains signature metadata information for helping the bootloader to verify the images. There are tools in the AOSP for generating it, refer to the documentation. Note that the vbmeta image exists only for recent phones (e.g. the first Pixel phones don't have it, the boot image was used instead for that purpose). All of this can be found in the documentation here <https://source.android.com/security/verifiedboot/boot-flow> and here <https://android.googlesource.com/platform/external/avb/+/master/README.md>, you will need to have an in-depth read of it. In my tests, I had only a custom system image and all the other factory images. I signed system, generated vbmeta from all the images, then flashed system and vbmeta on the phone. It worked for me so it's definitively doable, but it takes some time to understand everything. Le vendredi 5 avril 2019 08:49:53 UTC+2, [email protected] a écrit : > > Hi, > > Im wondering if there is some way after building clean-ish aosp to re-lock > the bootloader? > I end up in bootloader loop if I lock it. Any in-depth tutorial would be > appreciated. > Any tutorials for this? Regarding the Google Pixel devices. > > Thank you > -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
