Jump to content

Qx1000, Intune, secureboot, Questions.


Recommended Posts

Hi

Brand New device out the box with only following changes applied below.

i am currently  trying to enrol a QX1000 into our corporate environment and it will not join due to it being unlocked. I made a few changes and still get the same error.

image.png.5a92d174d6a1c30c76c0b1123ec505e7.png

After reading some posts  i made a few changes above. Locked device, locked critical, and enabled the charging screen when off.

 

image.png.61b234e940267791f8d3faccc82ad7c3.png

 

I am now wondering does this have something to do with the secure boot set to disabled?  And if so how do I enable secure boot to try this theory?

 

 

Edited by Alwayswithasmile
  • Like 1
Link to post
Share on other sites

Secure Boot is a Qualcomm-specific mechanism that enforces the phone must run signed (trusted) code from power-on to the bootloader.  This setting cannot be changed by the user, it is a very low level setting that can only be enabled at the factory (and, once enabled, can never be disabled -- it's a hardware fuse).  The "device state" (locked or unlocked) is a bootloader setting that may be toggled by the user with the fastboot tool.

 

As far as I know, the Secure Boot flag is not visible to Android in any way at all.  I don't do corporate stuff on my personal device, so I can't say why your device can't play on your corpnet.  But it's almost surely not due to Secure Boot.

 

  • Like 1
  • Thanks 4
Link to post
Share on other sites
10 minutes ago, Alwayswithasmile said:

Thank you TDM for a most succinct and insightful answer. It looks like it's going back in the box.

Does it pass the Safetynet test?

A few devices were sent out with a not yet certified software version, And those will not pass the safetynet test, if that is the case, you should contact support.

You can also check your software version under Settings, System, Advanced, System updates, that has a long name including dates in the version name.

  • Like 3
Link to post
Share on other sites
59 minutes ago, Alwayswithasmile said:

Thank you TDM for a most succinct and insightful answer. It looks like it's going back in the box.

I'm honestly not sure how you read his post and came to this conclusion. He pretty much said that secure boot is nothing to worry about since its status cannot be read from Android so it can't be a factor of locking you out.

With that being said, can't you get in contact with the person who is responsible for corporate environment? Surely they'd know a bit better than just "yeah, because not locked".
As far as states that could be read out from an app go, it's almost definitely Safetynet anyways. Recent devices were shipped with test OS builds for some reason as Eske mentioned, but I'd actually be surprised if you could just re-lock the bootloader while that is installed... perhaps it is signed properly still (but not Google certified).

Either way I keep being shocked how some people don't even give if it a couple days after waiting so long to receive the device. I'd suggest trying a full reset with the official OS images available on the forums and see what happens at least.

  • Like 1
Link to post
Share on other sites

I see you mentioned Intune in the post title. FWIW I installed Intune on my Pro1 (from the Google store) to access our corporate systems with no issues, working fine. Locked device, In Fastbood mode I get the same screen as you (except that my serial number is visible - guessing/hoping you blacked it out) - that is, no Secure Boot, Device locked. So I don't think Secure Boot is your problem (at least not specifically for installing Intune).

Only difference I can think of: my device is showing up as Certified in the Play Store, though I'm on the 20200304 OTA. And that doesn't mean it passes SafetyNet - I haven't look at that specifically, but I know Netflix won't update anymore so I'm pretty sure my device isn't actually passing SafetyNet.

 

 

  • Like 1
  • Thanks 2
Link to post
Share on other sites
5 hours ago, jjarmasz said:

I see you mentioned Intune in the post title. FWIW I installed Intune on my Pro1 (from the Google store) to access our corporate systems with no issues, working fine. Locked device, In Fastbood mode I get the same screen as you (except that my serial number is visible - guessing/hoping you blacked it out) - that is, no Secure Boot, Device locked. So I don't think Secure Boot is your problem (at least not specifically for installing Intune).

Only difference I can think of: my device is showing up as Certified in the Play Store, though I'm on the 20200304 OTA. And that doesn't mean it passes SafetyNet - I haven't look at that specifically, but I know Netflix won't update anymore so I'm pretty sure my device isn't actually passing SafetyNet.

Yes the 20200304 does NOT pass SafetyNet. The official version that does is 20200306, but hopefully a new certified OTA will available soon.

Link to post
Share on other sites

Thanks for the input folks helps a lot.  I checked the play protect  and it is not certified. I assumed locking it would enable this but completely forgot to check. ( My inexperience with dealing with under the hood android)

image.png.e6e6c727b129d59d7e3b2e14c6b4cb97.png

Phone version

image.png.ef5ef2403df7c86c89b6706c679ee9b7.png

 

My question now is should safetynet be working on this version?

Edited by Alwayswithasmile
  • Like 1
Link to post
Share on other sites

No. This a userdebug build (which shouldn't really be on shipped devices, but eh), so it's not certified by Google. But it seems like an official update just came out (finally!) that should fix this issue. I don't have a Pro1 myself right now, so I don't know if you can just update from this build to the new certified or have to reflash completely, but either way you should be able to get Safetynet working on this device with the right OS version.

  • Like 1
Link to post
Share on other sites
5 hours ago, Alwayswithasmile said:

image.png.ef5ef2403df7c86c89b6706c679ee9b7.png

You are one of those with the not yet certified software... 😥

EDIT: I have just been offered the new OTA update....

 

Screenshot_20200623-173632.png

Just checked it passes SafetyNet check now. 🙂

  • Like 1
  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Terms