Newly flashed GrapheneOS. Should I be worried about the anti-rollback bug?

monogram

hemingway Yes, you can follow the instructions here.

hemingway

Thank you!

Oggyo

hemingway
Seems related, discussed here - https://discuss.grapheneos.org/d/28369-wished-i-knew-leaving-bootloader-unlocked-risked-brickinga-warning

hemingway

Oggyo

Thanks! Kinda sad that everyone took turns taking a dump on the user before the thread was locked. To me the fault lies with google for creating a hard brick scenario and pushing the imperative to flashing related forums and activities (including GOS) to appropriately warn users.

de0u

hemingway But on further reading, it appears that on pixel 6 and 8 devices, the reported slot 'identity' is inconsistent between reboots and there is no way of knowing if you're actually flashing to slot a or b. A lot of mentions of hard bricked pixels when performing ota updates on vanilla pixel itself, users aware of the issue still ending up with bricks, google refusing to release software required to unbrick such devices, etc.

I don't think I'm aware of reports of users running the GrapheneOS web installer, or following the GrapheneOS command-line instructions, or running the GrapheneOS automatic system updater, experiencing device bricking due to bootloader rollback protection.

hemingway The general consensus appears to be to sideload anything touching the bootloader twice. It's been a while since I've rooted phones and with the threat of hard brick I'd love to have some more concrete steps on how to go about this with confidence.

This forum isn't focused on support for rooting GrapheneOS, mixing and matching bootloader versions, etc. I believe that sort of content is more prevalent on XDA.

hemingway

de0u This forum isn't focused on support for rooting GrapheneOS

hemingway It's been a while since I've rooted phones

In this case, "rooting phones" is clearly used to indicate (outdated) flashing/fastboot/adb/recovery experience.

de0u mixing and matching bootloader versions

If the hard brick issue can affect stock pixel phones performing a normal update within the OS, it stands to reason that GOS is not immune. If mixing and matching bootloader versions is what is required to prevent a hard brick on a pixel running GOS, it should be within the scope of this forum.

Of course the lack of clarity (to me) on how the rollback feature actually causes hard bricks and whether it pertains to GOS makes it hard to determine whether it is something to be concerned about (every article I read on the issue appears to be written by someone going through early dementia). Would be nice if one could check the bootloader version installed in each slot...

de0u

hemingway If the hard brick issue can affect stock pixel phones performing a normal update within the OS, it stands to reason that GOS is not immune.

I have not analyzed reports of device bricking for users running the stock OS, let alone tried to differentiate between bricking due to bootloader anti-rollback versus other ways that devices can get bricked during an update. OS updates involve large amounts of writing to flash storage, which can cause a marginal device to go bad. Overall, sending an OTA update to millions of devices may well result in some of them bricking due to the content of the update, some bricking in the course of the update, and also some just happening to brick that day. Also, since reports live a long time on the Internet, a report of a Pixel 4 breaking due to a problem with bootloader anti-rollback involving some bootloader bug that is no longer shipped might be 100% true but 0% relevant today.

I am not trying to suggest that GrapheneOS mathematically can't run into a problem with bootloader anti-rollback. What I wrote was "I don't think I'm aware of reports of users running the GrapheneOS web installer, or following the GrapheneOS command-line instructions, or running the GrapheneOS automatic system updater, experiencing device bricking due to bootloader rollback protection". But this is a pretty energetic forum, so if somebody is aware of such an event I expect a post will appear.

hemingway

de0u Pixel 4 ... 0% relevant today.

afaict the issue primarily affects pixel 6 and 8 devices. One of the hard brick scenarios iirc was reported by a user with a pixel 8a running stock.

de0u GrapheneOS mathematically can't run into a problem with bootloader anti-rollback

There's one instance linked above.

Yes the user "didn't do things the right way". But from my pov, if a hard brick is possible due to a manufacturer failure (google), I'm better off understanding the scope of the issue if I am to avoid it.

dc32f0cfe84def651e0e

I'm wondering why does this ~~bug~~ feature brick the device instead of just refusing to boot? That's very hostile.

hemingway

dc32f0cfe84def651e0e I'm wondering why does this bug feature brick the device instead of just refusing to boot? That's very hostile.

So from what I've gathered, how the anti rollback feature is supposed to work - it flashes the bootloader to the secondary slot, and if the phone bootloops later, it deletes the snapshot/configuration changes and reverts to the old config on the primary slot. If there's no bootloop, it merges the changes to the primary slot.

But for some reason, when implemented on Pixels 6/8, the potential for a hard brick rises radically and the phone enters some kind of emergency recovery mode where it's detected if connected to the OS, but you can't power on, fastboot, use recovery or anything. I'm not finding any concrete reason for why this occurs, but it is clearly related to which slot is flashed, when and how.

Apparently google have decided that they can make bank whether or not they address the issue and can afford to give the finger to affected users instead of make public their recovery mode tools for restoring these 'hard' bricked phones to working condition.

monogram

hemingway Yes the user "didn't do things the right way". But from my pov, if a hard brick is possible due to a manufacturer failure (google), I'm better off understanding the scope of the issue if I am to avoid it.

That's understandable to me, I also took extra precautions prior to flashing GOS to a new Pixel 8 (which I then returned) on stock Android 14: I sideloaded stock Android 16 twice in a row.

hemingway

monogram

Just to clarify, sideloading twice to ensure it installs to both slots?

monogram

hemingway Just to clarify, sideloading twice to ensure it installs to both slots?

Yes, exactly.
First sideload, reboot system, reboot recovery again, second sideload.