On Sat, 22 Apr 2023 17:34:11 +0100 J05HYYY via Replicant wrote:

> The way to find out is to try and unlock it, and see if it tells you
> if it's already unlocked.

How do I do that?

FWIW, currently my devices are running Replicant 6.0-0004 downloaded
from the website. Are the website images with a locked or unlocked

>From your words it understand that it is more secure to have a locked
bootloader, as it would prevent the bypassing of signature checks
I found some old forum thread about re-locking the bootloader which:

1. Implies Replicant's bootloader is unlocked

2. From the replies it is not clear whether Replicant will work with a
locked bootloader. One person says it won't, another one says it might
and suggests trying through 'fastboot oem lock' (without explaining
where and how this should be run)

The thread is from 8 years ago, so I really don't know how relevant the
info is:


What can you tell about this?

> Sometimes there is an unlock symbol on the bootloader screen upon
> booting, but this is not really a reliable way of testing. Of course,
> if it is locked, you will have then unlocked the bootloader, but I
> assume you'd be wanting to install new images anyway.

I suppose you are right. I am not an expert, still learning about
Replicant (and all this Android stuff in general). Still, if a locked
bootloader would improve security, I would be interested to learn about

> Flashing an unsigned boot.img should be OK if the bootloader is
> unlocked.
> I have: Unlocked bootloader + unsigned boot.img + signed system.img
> running.

Thanks for this info. How did you sign system.img? I am still hoping
for an answer to the other thread I opened about how to sign at the end
of the build process and how this whole signature checking works, hence
how it should be approached properly.

> You could probably back up boot.img beforehand if you wanted to be
> safe about it.

Isn't that recovery-i9300.img from the website? Or do I need to backup
anything else?

> I can't help with telling you what those files are really.

I really hope someone else can step in and clarify it for us. Not
having documentation, a non-expert like me is really lost without help.
I appreciate your answers.

> What I can say is that I assume the images on the
> https://redmine.replicant.us/projects/replicant/wiki/Images page are
> probably signed.

I see they have signatures as separate files. I have no clue about
anything else signature-related though.

*I am changing the subject of this sub-thread as it got somewhat
off-topic of the main one but it is still related. I hope that is OK.
Replicant mailing list

Reply via email to