We have moved to a new Sailfish OS Forum. Please start new discussions there.
114

Sailfish X startup: "Your device has been unlocked and cant be trusted"

asked 2017-10-12 08:49:56 +0200

mhe gravatar image

updated 2017-10-12 10:28:15 +0200

jiit gravatar image

On startup Sony Xperia X will show the above warning about device being unlocked. Is there any way to hide this announcement or is it possible to remove it in the future sw upgrades?

edit retag flag offensive close delete

Comments

23

Agree on this. It's really annoying.

Giacomo Di Giacomo ( 2017-10-12 10:08:17 +0200 )edit
2

I think I read that this logo is in Bios and therefore cannot be changed by the system.

peperjohnny ( 2017-10-12 12:19:14 +0200 )edit
2

Did anyone try to lock again the bootloader see if this nag disappear? I therefore thiink pepperjohnny is right :/

peyo22 ( 2017-10-12 12:42:19 +0200 )edit

If you re-lock the bootloader without a Sony stock firmware, your phone won't boot. So no, you can't AFAIK hide the "your device has been unlocked" boot warning

donaggio ( 2017-10-12 14:43:18 +0200 )edit
17

I think there shoule be a way to modify warning image from bootloader. Agreed this image is annoying.

And funnily it says "your phone can't be trusted. With Android removed my phone can finally be trusted. It's the other way.

Waxberry ( 2017-10-12 16:45:30 +0200 )edit

6 Answers

Sort by » oldest newest most voted
33

answered 2017-10-12 20:16:24 +0200

https://forum.xda-developers.com/xperia-x/help/bootloader-unlocked-warning-t3533470 Says its just an image inside the ramdisk located in: \ramdisk\res\images\warning

But i failed to access and replace it with a nice sailfish logo.

edit flag offensive delete publish link more

Comments

5

Thanks for the answer!

So it might be replaceable if it is just an image. Sailfish logo would be very nice instead of that warning.

mhe ( 2017-10-12 20:30:45 +0200 )edit
27

Suggestion for new splash screen:

"Your device is running Sailfish OS so it can be trusted"

;-)

MartinK ( 2017-10-13 03:25:33 +0200 )edit

excuse me, but how to access to \ramdisk\res\images\warning?

paolomi ( 2017-10-21 13:14:07 +0200 )edit
2

Some more info on the ramdisk.img here https://android.stackexchange.com/questions/66825/what-is-the-purpose-of-a-ramdisk-in-android

i think it would be necessary to reflash the firmware to alter this. I'm sure it could be done by Jolla in their SailfishX image but they may not be allowed to.

zepher ( 2017-11-10 01:13:38 +0200 )edit
2

I took a look at some of the mmc partitions to see if it was there, but had no luck.

mmcblk0p22 is an android boot image containing the kernel + initrd AKA ramdisk, but the warning image was not in that ramdisk. There are several other kernel images in other partitions that I didn't look closely at (check the partitions that file identifies as ELF binaries) - it is possible that one of them may contain an embedded initrd (relatively unusual setup, but certainly possible and you can use readelf to pull it out IIRC), so probably worth another look.

mmcblk0p14 is an image (file identifies as TIM format, which was used by the PlayStation, which makes sense given this is Sony, but imagemagik cannot convert it (probably updated file format since the PS) and after examining it in a hex editor I very much doubt that it is what we are after).

I ran photorec over every partition looking for other image files with no luck (but it might be in a compressed image or a format that photorec does not understand), and checked the contents of a handful of other partitions to see what they were. This doesn't mean that it isn't there - with 52(!!) partitions I could have easily missed something and I didn't check them all, but it doesn't seem likely.

DarkStarSword ( 2017-11-10 12:23:33 +0200 )edit
22

answered 2017-12-27 19:01:44 +0200

JMLatJolla gravatar image

updated 2017-12-27 19:02:45 +0200

Well,

  • I'm officially buying a piece of hardware from Sony,
  • I officially buy a piece of software from Jolla, which has been officially adapted for this piece of hardware,
  • SailfishOS Sony Xperia X is an official project, officially supported by Sony...

and after all that, a paying customer gets a message like this one?!

For sure, it's not really a show-stopper at all, but it's a bit unpleasant and let's say not very customer- and/or open source-friendly. Would be great and very interesting to get a OFFICIAL (-> Jolla) statement about this...

Tx.

edit flag offensive delete publish link more

Comments

4

This is a comment, not an answer.

bocephus ( 2017-12-28 01:56:20 +0200 )edit

@bocephus: You'r right, didn't interpret the meaning of 'Your Answer' the right way, my bad. My intention was to promote this question to the top...

JMLatJolla ( 2017-12-28 14:56:31 +0200 )edit
1

You can convert answers to comments and vice versa. FYI ;)

rozgwi ( 2018-03-04 20:27:15 +0200 )edit

Also, the statement “officially supported by Sony” is not entirely true. It’s supported by allowing to be flashed by fastboot (OEM unlock) and by Sony releasing their kernel sources for AOSP. The flashable image itself is not, and thus not signed by Sony.

Nieldk ( 2019-02-27 20:35:38 +0200 )edit

i like this message to scare my friends (and how often you restart ur sailfish device?? for me - only when new update comes)

ljimonad4iks ( 2019-02-27 21:08:17 +0200 )edit
19

answered 2017-10-12 17:39:42 +0200

ghling gravatar image

I agree that this is a bit annoying. Even though it is not a crucial bug / feature, I hope Jolla can figure something out with Sony. Ideally a way to re-lock the bootloader (aka "SFOS as legit image") or at least a way to hide / replace that boot screen (which by the way also delays the boot process by 5 seconds).

edit flag offensive delete publish link more

Comments

10

yes, it's annoying and the boot is delayed by 5 seconds, but it is faster than android! LOL

paolomi ( 2017-10-12 18:26:56 +0200 )edit
10

I hope Jolla can figure something out with Sony

Yup, I second that, it would be great if Sony accepted to sign the Sailfish X kernel with their official key.

Or do it the way that it got solved for UEFI's SecureBoot on Windows PC : Microsoft signed a shim with their official keys that passes the secureboot, and that shim in turn loads the linux boot loader (e.g.: Grub) or linux kernel.

DrYak ( 2017-10-12 19:44:31 +0200 )edit
2

agreed, Sony said it officialy support Jolla. It shall provide ways to remove this msg. can something be done to push them in that way ?

clementb ( 2017-10-17 10:02:37 +0200 )edit

I like the idea of having an integrity checked base image - preferrably including the Android support subsystem, so that it counts as safe/locked again. Might help with some security sensitive apps, though admittedly it would make the OS less tinker friendly.

Kao ( 2017-11-10 01:34:59 +0200 )edit

Somewhere it was indicated that Jolla has received help from Sony regarding this project. I find it real hard to believe that Sony would have helped Jolla if this warning screen wasn't dealt with...

lumen ( 2017-11-10 11:55:57 +0200 )edit
13

answered 2017-11-10 00:55:45 +0200

Jk gravatar image

It would be awesome if they remove this stupid message that waste 5 seconds, because then Xperia x boot incredible quick!

Then we can say benefits of sailfish are also incredible boot up comparing another operating systems.

edit flag offensive delete publish link more
10

answered 2019-02-27 18:54:41 +0200

Nieldk gravatar image

The image is stored in a compressed format, no big news there, similar in a way to the big warning screen on N9. But, sorry, the only way to “remove” this warnings, is that Jollas SailfishOS gets officially acknowledged and supported by Sony (eg. it will become available for their Emma platform, as a signed image, signed by Sony). Believe me, enough people have looked at this, including myself. It can’t be removed.

edit flag offensive delete publish link more
0

answered 2019-02-27 14:16:39 +0200

sunburnedpenguin gravatar image

This won't help us owners of Xperia Xs, but if Jolla plans to develop an image which can be used on the Librem 5, it sounds like we won't have this same problem on it thanks to its PureBoot:

"Unfortunately, most of the existing approaches to protect the boot process also conveniently (conveniently for the vendor, of course) remove your control over your own system. How? By using software signing keys that only let you run the boot software that the vendor approves on your hardware. Your only practical choices, under these systems, are either to run OSes that get approval from the vendor, or to disable boot security altogether. In Purism, we believe that you deserve security without sacrificing control or convenience: today we are happy to announce PureBoot, our collection of software and security measures designed for you to protect the boot process, while still holding all the keys."

edit flag offensive delete publish link more

Comments

Honestly there is no reason why Jolla would develop an image for the librem, as long purism isnt paying for that.

I dont see any perspective, from what your answer is an answer for the question.

mettska ( 2019-02-27 18:20:34 +0200 )edit

@mettska Is Sony paying for the image for the Xperia XA and X? I see the Librem 5 as a perfect fit for Sailfish. Jolla makes a great OS, which is not part of the big, bad Apple/Google spy apparatus, but is out of the hardware business. Purism is focused on privacy, to the point of having hardware kill switches to ensure off truly means off. Some may prefer PureOS, but from what I've seen, Sailfish is much more elegant. The original topic was about being warned every boot up that the bootloader has been tampered with. With PureBoot, this wouldn't be an issue.

sunburnedpenguin ( 2019-02-28 15:15:30 +0200 )edit
Login/Signup to Answer

Question tools

Follow
34 followers

Stats

Asked: 2017-10-12 08:49:56 +0200

Seen: 8,651 times

Last updated: Feb 27 '19