Can anybody advise me as to why i cannot turn on OEM Unlock. It is not greyed out and when i enter my password everything looks ok...but when it reverts back out to Dev. options OEM Unlock is still off.
OEM Unlocking - need help!
You should only enable OEM unlocking immediately before you are flashing an OS (either from stock Android to GrapheneOS, or from GrapheneOS to stock Android). So enable OEM unlocking and reboot to the bootloader interface.
Note that to enable OEM unlocking on a new Stock Android device you will need to connect to the internet first so that Google can check whether the device is carrier unlocked.
Which part are you stuck at exactly?
Thanks for the info.
I understand that enabeling OEM unlocking expands the attack surface. However there is a deeper answer as to why i want on unlock the OEM. I do not want to change the operating system...GrapheneOS is good for me. However i have suspissions that the OS has been breached.
Granted that i have device attestation setup and it is showing all good.
I want to take a system image of the whole system and my understanding is that this can only be crried on root.
Being unable to unlock OEM also raises my suspisions of a breach..i should be able to unlock it. The phone should not be tied to a carrier as i was able to unlock OEM when loading GOS.
Can you shed any light on this ?
Thanks
Also...the OEM Unlock is not greyed out...i can enter my password and return to the Dev. ops however the toggle does not switch.
- Edited
You can verify your installation if you are concerned about the integrity of your OS. In addition to using the Auditor app, you can restart your device. If you see only the yellow warning triangle, then that means verified boot on your device is working. You can also check the boot key hash has on that screen.
Both verification tools are described in more detail here:
https://grapheneos.org/install/web#verifying-installation
- Edited
peoples I want to take a system image of the whole system and my understanding is that this can only be crried on root.
It is strongly recommended that you do not do that, because it undermines the Android security model, and is counter to the goals of GrapheneOS. If you think you need to root, you have misunderstood how things work.
Nothing...I cannot enable it. I input password it doesn't refuse the password...it reverts back to dev ops screen but OEM toggle still in off position.
I genuinely believe that the OS is compromised without going into great detail on how...I believe it is something that the verified boot is not picking up on and either is the attestation app.
I have cyber triage on my PC and I would like to run the system image file through it to see what it flags if anything but I cannot get a full system image.
I'm not an IT guru but I think I have a fair understanding and I do have an engineering background.
I need to get the system image to do forensics on it.
The starting point is OEM unlock which I cannot do.
Also to strengthen my suspicions...I believe the compromise is preventing me from unlocking the OEM.
I just bought an 8a and the auditor says oem unlocking allowed...
Actually 2 of 3 phones have this,
i bought them on ebay...
i dont have a laptop or wifi...
Is there anyway to fix this
so my 2 phones dont get compromised, actually the one runs hot that says oem unlocking allowed...
christiee
https://grapheneos.org/install/web#disabling-oem-unlocking
If you need to enable or disable OEM unlocking in the future, it can be done in the developer settings menu within the operating system.