relock bootloader sailfish X [duplicate]
asked 2018-03-04 16:12:44 +0300
I installed sailfish on my xperia X and it work super great but I would like to delete this "the bootloader has been unlocked and can't be trusted" that stays for 5 second. It seems to be something like "fastboot -i [some hexadecimal values] oem lock [imei related hexadecimal values]"
It seems there is a few people who found those secret codes by using the dial on android "##7378423##" but unfortunately that doesn't work on sailfish. =(
What is the procedure to find them ?
As far as I know, the annoying "can't be trusted" screen is a picture hidden somewhere in the boot area (
/boot/hybris-boot.imgI guess). Nobody so far managed to locate or delete it.I suggest the joint Jolla-Sony team replaces it with a "Your device is happy to sport SailfishOS system" picture, as its current version is counterproductive on a marketing point of view.
objectifnul ( 2018-03-04 16:35:27 +0300 )editUnless you know what you're doing, tinkerin' with the boot imag is a bad idea anyways. I'm surprised nowbody mentioned that in the original question this one duplicates
rozgwi ( 2018-03-04 20:25:13 +0300 )edit@objectifnul : Maybe there's also a copy of the image which happens to also be present in "hybris-boot.img".
But the one you see on Xperia X is actually displayed by the boot loader in the phone ROM.
If the boot loader is locked, then it will display the "default official" splash screen with "SONY", then check the signature of the boot image, and only if it one with a valid signature from Sony that passes verification : boot it.
If the boot loader is unlocked, then it will display the "phone unlocked" alternative splash screen, wait 5 sec (to make sure that the user notice it and realise that they might not be running what they think is a legit Sony image), then it load whatever happens to be in the phone's boot partition and try to boot it no matter what, even if fails verification, even if it happens to be android to begin with (e.g.: when hybris-boot.img was flashed there).
The only solution would be the same as what some linux distros did regarding UEFI SecureBoot : Jolla should write a shim, get that shim signed by Sony. Locked bootloader sees signed shim and runs it, shim displays the "Happy Sailfish OS" screen and loads Sailfish boot image. (with or without further verification).
The risk (and while Sony does it) is that someone could use an unlocked phone to make the phone boot immediately without any warning into a fake android image that externally looks like the default Sony android system, but actually is filled to the brim with some spyware that sends all your data to some russian mafia (instead of sending it to google :-P ). That's why Sony forces a warning, and that's why a signed shim will have to show a different warning ("Happy Sailfish" as you suggest).
DrYak ( 2018-03-05 12:03:21 +0300 )editI am following so many blogs shared questions to relock boot loader and queensland assignment site full info. That all details we used to gain some important stories and essay book features.
Forde ( 2018-11-12 11:45:05 +0300 )edit