Just bought pixel 6 pro before familiarizing with OEM carrier lock scenario.
My question, does anyone have any experience with (unidentified)carrier locked OEM fastbooting or is it too degen?
OEM (possibly carrier) locked phone
- Edited
I'm not quite sure if I've understood your question correctly, I hope I can help anyway:
To enable developer options, the following steps are necessary:
Enable developer options menu in Settings> About phone and press "build number" menu until "developer mode" is enabled. Then go to Settings> System>Developer options and toggle on " OEM unlocking".
If OEM unlocking is greyed out, one additional point may be relevant for you before the actual installation of GrapheneOS can take place (quoting from the GOS website):
On device model variants (SKUs) which support being sold as locked devices by carriers, enabling 'OEM unlocking' requires internet access so that the stock OS can check if the device was sold as locked by a carrier. <
If the requirements are met, you can use the GrapheneOS Webinstaller - you can find a well-written step-by-step guide here.
- Edited
Murcielago
The developer mode is unlocked, but the OEM unlock is greyed out, which based on what I have understood in the last 2 days digging, means that is probably locked by the carrier
On device model variants (SKUs) which support being sold as locked devices by carriers, enabling 'OEM unlocking' requires internet access so that the stock OS can check if the device was sold as locked by a carrier.
Not exactly clear what does it mean from the GOS description, because even with internet access OEM cant
be unlocked
- Edited
basically I have the same situation (https://www.fitzsim.org/blog/?p=545)
bought an unlocked phone which is true in the sense that any sim works with it, however the OEM cant be unlocked
this is an old article about How to Fix OEM Unlock Greyed Out not sure if it worth to try
- Edited
carrier lock ≠ OEM lock
A carrier locked phone is bound to a specific carrier, which means you cannot change SIM card in order to use it with another (cellular) network provider.
The OEM-lock is a security feature against unauthorized unlocking a device's bootloader, located in the developer options.
Not exactly clear what does it mean from the GOS description, because even with internet access OEM cant be unlocked
It means that some special variants, sold as locked devices by carriers, will need internet access to let the stock OS check if the device was sold as locked by a carrier.
You don't have a Verizon phone by any chance? According to the forum, there seem to be regular difficulties with the OEM unlock.
You don't have a Verizon phone by any chance? According to the forum, there seem to be regular difficulties with the OEM unlock.
My wrong before I phrased the title bad, haven't tested with simcards.
But it turns out it works fine, just tested with two different sim card, so I don't think its a Verizon thing.
The OEM-lock is a security feature against unauthorized unlocking a device's bootloader, located in the developer options.
Basically it's only about the OEM, but it's seems this security feature is more common among google pixel phones based on Ycombinator thread.
will need internet access to let the stock OS check if the device was sold as locked by a carrier.
This steps are not described in details on GOS site, where can I find instruction about this?
- Edited
"This steps are not described in details on GOS site, where can I find instruction about this?"
The instructions are in the settings themselves. A pixel device should be connected to the internet before checking if it can be OEM unlocked. Usually if it can't check it will be greyed out with a message saying something along the lines of 'connect to the internet or check with carrier' on the bottom.
deathpectation This steps are not described in details on GOS site, where can I find instruction about this?
Yes, they are as seen here: https://grapheneos.org/install/web#enabling-oem-unlocking.
"Next, go to Settings ➔ System ➔ Developer options and toggle on the 'OEM unlocking' setting. On device model variants (SKUs) which support being sold as locked devices by carriers, enabling 'OEM unlocking' requires internet access so that the stock OS can check if the device was sold as locked by a carrier."
My wrong before I phrased the title bad, haven't tested with simcards. But it turns out it works fine, just tested with two different sim card, so I don't think its a Verizon thing.
Sorry, maybe I didn't phrase it very clearly. If both SIM cards work, it just means that your phone is not carrier locked.
Nevertheless, it may still be the case that the bootloader cannot be unlocked (OEM-unlock). It sounds like Verizon is your carrier, and if I interpret the forum posts correctly, it seems to be the rule rather than the exception that the bootloader from phones purchased from Verizon can't be unlocked (I don't use Verizon, so I can't confirm this myself).
but it's seems this security feature is more common among google pixel phones...
Actually most Android devices ship with a locked bootloader. A locked bootloader is an important security feature (therefore it should be locked again directly after the installation of GrapheneOS. Full Verified Boot will only work when the bootloader is locked (either with stock OS (green Boot state) or an alternate OS with a custom root of trust (yellow Boot state)).
This steps are not described in details on GOS site, where can I find instruction about this
If I understand the GOS instructions mentioned above correctly, the system should be able to automatically check whether it allows OEM unlock or not when accessing the Internet. Unfortunately, I can't answer this more precisely as I haven't had this problem.
- Edited
Actually most Android devices ship with a locked bootloader.
After scanning through other forums seems like most pixel 6 pro models are default bootlocked phones, regardless of the carriers
However, I was wondering does anyone tried to root their OEM unlocked phone, is this option safe?
I wonder if you followed the official instructions. I connected a new Pixel 8 to the internet for 48 hours and installed all the updates. (Without SIM card.)
During this time I read through the installation options carefully and prepared my OS.
- Edited
The problem you are describing is not that the bootloader is locked - as mentioned above, this is a security feature and is the way it should be.
If you have followed all the steps described, your problem seems to be that you cannot unlock the bootloader in the developer options - which some providers such as Verizon seem to prevent. If that's the case with your phone, you can't unlock the bootloader and I don't know of a way around that.
About rooting:
1.) As I understand it (I'm not sure about that - maybe someone with more knowledge can give a more precise answer), a phone with a locked bootloader cannot be rooted - unless via an existing vulnerability.
2.) It is probably possible to use GOS with a rooted phone [-1.) still applies as you first have to make your way around the locked bootloader] - but not, if you want to preserve the underlying Android security model. In my opinion, it makes little sense to install one of or even the most secure custom OS and then tear huge holes in the security architecture by rooting the device.
If the above-mentioned circumstance prevents you from unlocking the bootloader and you absolutely want to use GrapheneOS, if i were you I would sell your phone and get one that allows you to unlock the bootloader.
- Edited
thanks for constructive insight, I agree with your view.
Unfortunately, most of the models are after pixel 5 have this default security feature which. The chance to find a factory new OEM unlocked pixel pro are almost negligible
deathpectation based on Ycombinator thread
- Edited
thanks for constructive insight, I agree with your view.
You are welcome.
Unfortunately, most of the models are after pixel 5 have this default security feature which.
If by default security switch you mean the fact that you can't unlock the bootloader...no, that's not a security switch. The bootloader is always locked - that is a security feature. However, the bootloader can be unlocked as described above. And this was and is possible with almost all Google Pixels - except for those that are locked by the mobile carriers- as it appears to be in your case. Solution see above.
The chance to find a factory new OEM unlocked pixel pro are almost negligible
That's not correct - what source is your conclusion based on? The Pixel devices mentioned here are fully supported for installing GrapheneOS - this also applies to brand new devices.
If you search the forum for good ways to buy a Pixel, you will certainly quickly find recommendations for your geographical region. A safe bank (regarding OEM unlocking) seem to be Google Stores - online or offline.
- Edited
A safe bank (regarding OEM unlocking) seem to be Google Stores - online or offline.
well this guy bought directly from Google store and it turned out to be security locked, so I don't have high hopes
- Edited
deathpectation When buying directly from the Google store, you have to select the Unlocked option. That person clearly did not even though they stated that they did. I've purchased numerous Unlocked devices directly from the Google store and have never had any issues.
- Edited
Here is an alternative method via CLI (using a terminal shell) to verify if the device's bootloader may be unlocked.
Turning on USB debugging:
Enable developer mode.
Settings→System→Developer options→Debugging→USB debugging.Open a shell
Terminal:
adb shell getprop ro.boot.cidIf it returns ANY value except
000000then you won't be able to install GrapheneOS.
When buying directly from the Google store, you have to select the Unlocked option.
Where exactly?
I'm afraid I only have
- color
- storage size
- "trade in your phone"
option for pixel 7 pro
- Edited
deathpectation
I think by "unlocked option" Ernest means buying a Google phone without Fi. It seems that Google offers versions with Fi already pre-installed on the phone which I can only assume makes the device "locked".
- Edited
deathpectation You have to choose a carrier after you've selected the color and size of your device's storage space. The carrier options (here in the U.S. at least) are Unlocked, Google Fi, Verizon and AT&T.