[Nokia Patches The Unofficial Bootloader Unlock With August Update
Sharif Garmon
Before you can install it, you will need to unlock the bootloader. There are no officially supported ways of doing this, but there is information on the net. Follow those guides at your own risk - I have not tested them
Some people do use the test builds and, for much of the time, there are no problems. But occasionally there will be serious problems, and it may be necessary to revert to an earlier build or, in worst cases, do a fresh install of a previous build with (rarely, but occasionally) possible loss of previous data.
Unlocking the bootloader
Warning
IMPORTANT: An official method of unlocking the bootloader is not available, but there may be some unofficial methods available. Unofficial methods are not recommended or supported by LineageOS, so use them at your own risk! An unlocked bootloader is required to install LineageOS.
Thanks Pete, most welcome advice. I forwarded your advice & the link to this forum to the rom builder & leave it to him to get in touch with you. Thank you very much for the offer in any case & for your help & best regards from Germany,
Bootloader unlocking is an essential part of Android modding. Before you can even consider rooting your device or installing a custom ROM on it, you first need to unlock your device's bootloader so you can boot unsigned boot images. Before you can unlock your bootloader, however, you need to manually go through a series of steps to make sure that you acknowledge the risks of unlocking the bootloader. Some of these steps involve disabling security features and/or requesting a bootloader unlock code which may be granted immediately or, in the case of Xiaomi devices, could take days to receive. Regardless of how many hoops you need to jump through to take control of your own device that you purchased with your own money, some smartphone makers still choose to prevent you from unlocking your device's bootloader. HMD Global is one such device maker, and the company recently rolled out the August security patch to their Nokia-branded smartphones which blocks the only known bootloader unlock method.
When HMD Global first announced the revival of the Nokia-brand, we were excited. We were even more excited to hear that HMD Global would ship Nokia-branded smartphones with near-stock builds of Android. Then they made an announcement that all of their 2018 smartphones destined for international release would be on the Android One program. And most recently, they even committed to updating all Nokia-branded smartphones to Android Pie! HMD Global clearly cares about keeping their customers happy, but the one thing that holds us back from fully supporting their brand is their refusal to make bootloader unlocking available for all. Enter the unofficial bootloader unlocking tools.
Most users on our forums know that Nokia-branded smartphones can't be bootloader unlocked, but some community members actually figured out a method on how to do so. You may have seen a few threads which suggest you can unlock the bootloader such as thesethreads on our Nokia 7 Plus and Nokia 6.1 forums. There's even an official TWRP release for the Nokia 8 that was recently published. What makes these threads possible is a bootloader unlock method discovered by XDA Senior Member hikari_calyx and members of his team. They figured out a way to generate a bootloader unlock code for Nokia-branded smartphones, although they decided to offer their tool as a paid service. Unfortunately, with the August security patch release, the bootloader unlock codes that their tool generates will no longer unlock the bootloader.
To be perfectly clear, we aren't against HMD Global patching this particular method of unlocking the bootloader. As explained by L Nguyn Chng and Samuel Ridosko on a Medium blog post, the method admittedly involved an exploit. HMD Global can, and should, patch any exploit or security vulnerability in their device's software. However, we're disappointed that the company still doesn't offer an official method of unlocking the bootloader so users don't have to turn to a closed-source, third-party paid service.
Security issues regarding unlocked bootloaders have been a matter of conversation for years now. Certain manufacturers and carriers choose to lock down their devices completely, citing security reasons. Huawei recently made the controversial decision to stop providing bootloader unlock codes, and that decision has soured the opinion of their smartphones in the eyes of some of our readers. Without an unlockable bootloader, most owners of Huawei devices (barring the Huawei P20 line and upcoming Huawei Mate 20 line) will have to wait months for an Android Pie release to make its way to their devices. With an unlocked bootloader, they can install unofficial releases right now.
Sure, we'll acknowledge that HMD Global has been quick to provide monthly security updates (albeit not without their fair share of issues) and has rolled out the Android Oreo update fairly quickly across their range of devices. And as we said before, they have committed to rolling out Android Pie to their entire device lineup. But what'll happen once HMD Global drops official support for their older budget and mid-range devices, which makes up the bulk of their portfolio? Without custom ROMs to unofficially update them, users will eventually have to ditch their perfectly functional smartphone if they want to stay up-to-date against some (but not all) of the new vulnerabilities that get discovered. Or maybe they just want to experience the latest Android release without having to spend money on an upgrade they don't want or need.
Last year, HMD Global's Chief Technology Officer, Mikko Jaakkola, took to Twitter to say that allowing bootloader unlocking was "indeed in their backlog," yet, almost one year later, users still have no way to officially do so. We're not even touching upon the company's failure to abide by the GPL by not releasing the kernel source code for the Linux kernel binaries shipped on many of their smartphones.
We reached out to HMD for comment on this latest matter, and we'll update you if we hear back. In the meantime, if you're interested in voicing your opinion, you can sign this petition or leave a comment on the official Nokia support forum.
This page contains answers to frequently asked questions about GrapheneOS. It's not an overview of the project or a list of interesting topics about GrapheneOS. Many of the answers would be nearly the same or identical for the latest release of the Android Open Source Project. The goal is to provide high quality answers to some of the most common questions about the project, so the developers and other community members can link to these and save lots of time while also providing higher quality answers.
The following devices are end-of-life, no longer receive firmware or most driver security updates and receive extended support from GrapheneOS as part of the main releases with all GrapheneOS changes including all of the latest Android Open Source Project changes:
The following devices are end-of-life, no longer receive firmware or driver security updates and receive extended support from GrapheneOS via a legacy branch based on Android 13 with only the Android Open Source Project security backports, certain other security patches and other minimal changes to keep them working:
The release tags for these devices have official builds and updates available. These devices meet the stringent privacy and security standards and have substantial upstream and downstream hardening specific to the devices.
Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.
GrapheneOS does not support being used as a Generic System Image, which only exists for development/testing purposes and isn't usable for GrapheneOS since we require kernel changes and the userspace part of the OS cannot run on top of a kernel without the required functionality. The generic targets simply run on top of the underlying device support code (firmware, kernel, device trees, vendor code) rather than shipping it and keeping it updated. It would be possible to ship generic system images with separate updates for the device support code. However, it would be drastically more complicated to maintain and support due to combinations of different versions and it would cause complications for the hardening done by GrapheneOS. The motivation doesn't exist for GrapheneOS, since full updates with deltas to minimize bandwidth can be shipped for every device and GrapheneOS is the only party involved in providing the updates. For the same reason, it has little use for the ability to provide out-of-band updates to system image components including all the apps and many other components.
Some of the GrapheneOS sub-projects support other operating systems on a broader range of devices. Device support for Auditor and AttestationServer is documented in the overview of those projects. The hardened_malloc project supports nearly any Linux-based environment due to official support for musl, glibc and Bionic along with easily added support for other environments. It can easily run on non-Linux-based operating systems too, and supporting some like HardenedBSD is planned but depends on contributors from those communities.
We strongly recommend only purchasing one of the following devices for GrapheneOS due to better security and a long minimum support guarantee from launch for full security updates and other improvements:
795a8134c1