Ask / Submit

relock bootloader sailfish X [duplicate]

asked 2018-03-04 16:12:44 +0300

NeWin gravatar image

I installed sailfish on my xperia X and it work super great but I would like to delete this "the bootloader has been unlocked and can't be trusted" that stays for 5 second. It seems to be something like "fastboot -i [some hexadecimal values] oem lock [imei related hexadecimal values]"

It seems there is a few people who found those secret codes by using the dial on android "##7378423##" but unfortunately that doesn't work on sailfish. =(

What is the procedure to find them ?

edit retag flag offensive reopen delete

The question has been closed for the following reason "duplicate question" by SaimenSays
close date 2018-03-04 20:17:23.516026



As far as I know, the annoying "can't be trusted" screen is a picture hidden somewhere in the boot area (/boot/hybris-boot.img I guess). Nobody so far managed to locate or delete it.

I suggest the joint Jolla-Sony team replaces it with a "Your device is happy to sport SailfishOS system" picture, as its current version is counterproductive on a marketing point of view.

objectifnul ( 2018-03-04 16:35:27 +0300 )edit

Unless you know what you're doing, tinkerin' with the boot imag is a bad idea anyways. I'm surprised nowbody mentioned that in the original question this one duplicates

rozgwi ( 2018-03-04 20:25:13 +0300 )edit

@objectifnul : Maybe there's also a copy of the image which happens to also be present in "hybris-boot.img".

But the one you see on Xperia X is actually displayed by the boot loader in the phone ROM.

If the boot loader is locked, then it will display the "default official" splash screen with "SONY", then check the signature of the boot image, and only if it one with a valid signature from Sony that passes verification : boot it.

If the boot loader is unlocked, then it will display the "phone unlocked" alternative splash screen, wait 5 sec (to make sure that the user notice it and realise that they might not be running what they think is a legit Sony image), then it load whatever happens to be in the phone's boot partition and try to boot it no matter what, even if fails verification, even if it happens to be android to begin with (e.g.: when hybris-boot.img was flashed there).

The only solution would be the same as what some linux distros did regarding UEFI SecureBoot : Jolla should write a shim, get that shim signed by Sony. Locked bootloader sees signed shim and runs it, shim displays the "Happy Sailfish OS" screen and loads Sailfish boot image. (with or without further verification).

The risk (and while Sony does it) is that someone could use an unlocked phone to make the phone boot immediately without any warning into a fake android image that externally looks like the default Sony android system, but actually is filled to the brim with some spyware that sends all your data to some russian mafia (instead of sending it to google :-P ). That's why Sony forces a warning, and that's why a signed shim will have to show a different warning ("Happy Sailfish" as you suggest).

DrYak ( 2018-03-05 12:03:21 +0300 )edit

I am following so many blogs shared questions to relock boot loader and queensland assignment site full info. That all details we used to gain some important stories and essay book features.

Forde ( 2018-11-12 11:45:05 +0300 )edit

2 Answers

Sort by » oldest newest most voted

answered 2018-03-04 20:17:05 +0300

rozgwi gravatar image

tl;dr: don't do it ;)

Relocking the bootloader will most likely prevent Sailfish X from booting. That is, unless Jolla hasn't got a special arrangement with Sony and gets their firmware images officially signed by Sony.
The relocked bootloader would complain about an invalid boot image and refuse loading that. This is at least how things are regarding custom Android ROMs (more details over at XDA, e.g. this thread).
So, in order to get rid of the warning you'd have to reflash an official stock Android image from Sony first, then relock the bootloader,.

Regarding the fastboot command:
It should be the same as the original unlock command (which should have been sent to you by mail from Sony), although of course you'd use lockinstead of unlock (didn't check it, so the actual commands may differ!)

edit flag offensive delete publish link more


Does this compromise device security?

kakow ( 2019-06-17 01:05:43 +0300 )edit

only insofar that it's possible to manually access certain parts of the recovery system via the USB port (e.g. physical access required), given you have the necessary fastboot image. There is a guide at Jollas Zendes or the Sailfishos Wiki on how to do this.
AFAIC there's no easy way to access personal data from there.

the other, very very remote danger is reflashing by accident ;)

rozgwi ( 2019-06-18 18:20:35 +0300 )edit

answered 2018-03-04 20:13:48 +0300

SaimenSays gravatar image

Unfortunately this is a duplicate to

edit flag offensive delete publish link more


You beat me to it. Askbot doesn't notify about new answers until one submits their own answer/comment

rozgwi ( 2018-03-04 20:20:09 +0300 )edit

Relocking the bootloader will most likely prevent Sailfish X from booting. That is, unless Jolla hasn't got a special arrangement with

JosephJennings12 ( 2018-03-05 09:06:42 +0300 )edit

Question tools



Asked: 2018-03-04 16:12:44 +0300

Seen: 2,820 times

Last updated: Mar 04 '18