Great instructions @OnePlus6user! One question… is it necessary or recommended to re-lock the bootloader after the flashing of /e/ is all completed? Thanks!
Hi @jsparknz, I personally have not re-locked the bootloader yet, as I am still having issues with the OTA upgrades (see this post: OnePlus 6 (enchilada): over-the-air (OTA) upgrade not working for me - #7 by OnePlus6user). By the way, does OTA work correctly for you? Would be great if you can comment in the above topic.
Locking the bootloader is something I however would like to do in the future: it would be great if you could try it out and document the necessary steps in detail.
Please keep in mind the operation will require erasing all your data, so make the necessary backups beforehand and be ready to restore.
Maybe you already knew, but here are the places I would suggest to start from for trying the operation:
Let me know how it goes!
Hey, sorry, just realized I did not answer your question:
No, it is not strictly necessary, but if you don’t do it, everytime you reboot the phone, you will receive a very verbose warning message (something like: Warning, unlocked bootloader … security issue… don’t store any sensitive data on device etc. etc.) before the boot of the OS.
I don’t know if by re-locking the bootloader the message disappears completely or if it is substituted by something else, AFAIU it depends on the device. In such case the boot image would be signed and the bootloader would be re-locked, but the signature of the boot image would not correspond to the original stock one loaded by the mainifacturer.
If you have success in re-locking the bootloader, let us know what happens to the pre-boot warning screen.
Regarding if the re-locking operation is recommended or not, the first XDA link of the previous post states the following advantages:
- Virtually total protection of your data, especially if encrypted
- Inability to flash another recovery, even stock recovery (if OEM unlock allowed is unchecked)
- Inability to flash another kernel, including stock kernel, (again if OEM unlock is unchecked)
- Inability to unlock bootloader in fastboot, see above
- Total inability to flash anything in fastboot. The only access to the phone is through TWRP
- You can still change/update roms, backup/restore data to your liking
- You get a different boot warning screen: ‘your phone has loaded a different operating system’ with a fingerprint (four rows of numbers). Write them down and compare once in a while: if the numbers are different, someone (and I am talking a sophisticated adversary) tempered with your phone
The disadvantages are:
- You would have to set up things once
- When changing or updating roms, one extra step is required - flashing Chainfire’s modified Verified boot signer zip to resign kernel (right after Magisk and before reboot).
Plus, I would add, the need to restore your data because the operation erases it all.
… is it necessary or recommended to re-lock the bootloader after the flashing of /e/ is all completed?
I myself haven’t tried it yet, as I’m not aware of possible negative consequences for hardware and system operation. Our /e/ experts say:
I disagree with the above, especially the “you can’t lock the bootloader after flashing any custom rom” statement.
I have not tried with my device (OnePlus 6) and /e/, but I know for sure that the bootloader could be re-locked successfully when running, for example, Lineage OS on OnePlus 5: the two XDA links above demonstrate it is actually possible.
It is quite possible that it is device-dependent.
GrapheneOS runs with locked bootloader and verified boot on Google Pixel models.
The developer of GrapheneOS writes about OnePlus::
The answer to requests for device support will always be similar, and devices like those aren’t going to be supported because they don’t offer anything compelling in terms of privacy and security.
OnePlus also doesn’t meet the minimum security requirements. They don’t keep up with monthly security updates, among other issues.
Hey there, I followed this guide yesterday. Using android aftter few years again. Thank you so much for helping those with android 10 installed alredy. Anyway - everything went fine, I followed the guide using ubuntu linux.
There are only two things I made differently. I did not restore twrp after installing /e/ os and I did lock the bootloader by “fastboot oem lock” after /e/ installing.
Everything looks good so far, heavy testing yet to come though.
Hello @Hawk, that sounds exciting. I’m curious about the result of your " heavy tests".
@archje by heavy tests I mean daily use as an iphone replacement without any deep android knowledge, so my output would be “it is working”, “it is not working” or “it is bricked”
Yes @Hawk , please do so. It’s and remains exciting how the device will behave now during an OTA update and more …
I’ve made an OTA update to latest /e/ rom. Phone rebooted and got stuck in locked bootloader. It was possible to switch to recovery and use adb and fastboot. I had to flash TWRP again (I did use pie 9 version now) and I had to flash /e/ again. So locking the bootloader the way I did wasn’t good idea. At least if you wanna do OTA update.
You’re great, @Hawk. I thank you for your courage and your joy of experimentation.
Okay, a working OTA update is a fine thing, but not important for everyone. Will you continue to use the device with the bootloader locked?
Hello @Hawk, I am happy my guide has been useful for you, thanks a lot for reporting back your experience and confirming the same set of commands works fine under Linux.
It is interesting that you did not install TWRP and re-locked the bootloader and OTA still does not work, it’s a scenario to add to the OnePlus 6 (enchilada): over-the-air (OTA) upgrade not working for me topic.
I am curious to hear if with the stock recovery (Lineage OS recovery) and unlocked bootloader OTA works or not.
So far, OTA not working is the only relevant issue I have found while running /e/ on my phone. I use it daily for work and personal purposes since 2.5 months and all is smooth.
@hawk, out of curiosity: since you re-locked the bootloader, what happens to the startup message that warns that your device is at risk, you should not store any sensitive data on it etc.?
AFAIU depending on the device, the message could be substituted by another warning (about the OS being signed but not being the original OS provided by the vendor) or could disappear completely, accepting /e/ as a legit replacement of the stock OS.
Do you have a picture or a video of how the boot sequence looks like when you re-lock the bootloader?
@OnePlus6user hey, I tried to perform next OTA update with Lineage recovery and unlocked bootloader and it didn’t work too, I had to flash TWRP and do the update manualy (with zip file), then it booted correctly without loosing any data.
I’m not sure about the startup message with locket bootloader, I don’t remember to be honest
I can still try to lock bootloader and check it, I could re-unlock again afterwards.
Hi @Hawk, this confirms OTA is totally broken.
That would be great to know, even if we know without a working OTA the locked bootloader is unfortunately not a long term option.
Actually not. A user said it works for him.
I installed /e/ two days ago by following exactly the same steps as he did so I just need to wait for the next update and see if the OTA update works for me.
Hope it helps,
After reading this all and spending lots of time trying to install TWRP, Lineageos and /e/ on my Oneplus 6 I’m rather confused and not successfully.
After buying this phone I was successfully with installing Lineage on it. After trying to install /e/ on the device was in fastboot loop so I had to send it to the service department of Oneplus. It is functional now again but I don’t like the whole google stuff.
It seems to me that there is changed a lot what makes that it does not work for me now. I was successfully with my FairPhone3, this device runs well on /e/.
But Oneplus is to difficult for me I think.
Is there maybe the possibility to send my phone to somewhere/someone for installing /e/ on it?
Thanks in advance!
@OnePlus6user @Lance Hi,
I wondered, do you still have your oneplus 6?
Have you flashed the 1.5 version of /e/?
I have planned to do it during holidays. Do you have any tips to give me? Everything went well for you?
Thanks a lot!
Hello Martin, sorry for the late reply,
I’m not using OnePlus anymore so I cant help you.
Good luck and regards, Jan