Alwayswithasmile 3 Posted June 22, 2020 Share Posted June 22, 2020 (edited) Hi Brand New device out the box with only following changes applied below. i am currently trying to enrol a QX1000 into our corporate environment and it will not join due to it being unlocked. I made a few changes and still get the same error. After reading some posts i made a few changes above. Locked device, locked critical, and enabled the charging screen when off. I am now wondering does this have something to do with the secure boot set to disabled? And if so how do I enable secure boot to try this theory? Edited June 22, 2020 by Alwayswithasmile 1 Quote Link to post Share on other sites
tdm 2,322 Posted June 22, 2020 Share Posted June 22, 2020 Secure Boot is a Qualcomm-specific mechanism that enforces the phone must run signed (trusted) code from power-on to the bootloader. This setting cannot be changed by the user, it is a very low level setting that can only be enabled at the factory (and, once enabled, can never be disabled -- it's a hardware fuse). The "device state" (locked or unlocked) is a bootloader setting that may be toggled by the user with the fastboot tool. As far as I know, the Secure Boot flag is not visible to Android in any way at all. I don't do corporate stuff on my personal device, so I can't say why your device can't play on your corpnet. But it's almost surely not due to Secure Boot. 1 4 Quote Link to post Share on other sites
Alwayswithasmile 3 Posted June 22, 2020 Author Share Posted June 22, 2020 Thank you TDM for a most succinct and insightful answer. It looks like it's going back in the box. 1 1 Quote Link to post Share on other sites
EskeRahn 5,460 Posted June 22, 2020 Share Posted June 22, 2020 10 minutes ago, Alwayswithasmile said: Thank you TDM for a most succinct and insightful answer. It looks like it's going back in the box. Does it pass the Safetynet test? A few devices were sent out with a not yet certified software version, And those will not pass the safetynet test, if that is the case, you should contact support. You can also check your software version under Settings, System, Advanced, System updates, that has a long name including dates in the version name. 3 Quote Link to post Share on other sites
elvissteinjr 359 Posted June 22, 2020 Share Posted June 22, 2020 59 minutes ago, Alwayswithasmile said: Thank you TDM for a most succinct and insightful answer. It looks like it's going back in the box. I'm honestly not sure how you read his post and came to this conclusion. He pretty much said that secure boot is nothing to worry about since its status cannot be read from Android so it can't be a factor of locking you out. With that being said, can't you get in contact with the person who is responsible for corporate environment? Surely they'd know a bit better than just "yeah, because not locked". As far as states that could be read out from an app go, it's almost definitely Safetynet anyways. Recent devices were shipped with test OS builds for some reason as Eske mentioned, but I'd actually be surprised if you could just re-lock the bootloader while that is installed... perhaps it is signed properly still (but not Google certified). Either way I keep being shocked how some people don't even give if it a couple days after waiting so long to receive the device. I'd suggest trying a full reset with the official OS images available on the forums and see what happens at least. 1 Quote Link to post Share on other sites
jjarmasz 81 Posted June 22, 2020 Share Posted June 22, 2020 I see you mentioned Intune in the post title. FWIW I installed Intune on my Pro1 (from the Google store) to access our corporate systems with no issues, working fine. Locked device, In Fastbood mode I get the same screen as you (except that my serial number is visible - guessing/hoping you blacked it out) - that is, no Secure Boot, Device locked. So I don't think Secure Boot is your problem (at least not specifically for installing Intune). Only difference I can think of: my device is showing up as Certified in the Play Store, though I'm on the 20200304 OTA. And that doesn't mean it passes SafetyNet - I haven't look at that specifically, but I know Netflix won't update anymore so I'm pretty sure my device isn't actually passing SafetyNet. 1 2 Quote Link to post Share on other sites
EskeRahn 5,460 Posted June 23, 2020 Share Posted June 23, 2020 5 hours ago, jjarmasz said: I see you mentioned Intune in the post title. FWIW I installed Intune on my Pro1 (from the Google store) to access our corporate systems with no issues, working fine. Locked device, In Fastbood mode I get the same screen as you (except that my serial number is visible - guessing/hoping you blacked it out) - that is, no Secure Boot, Device locked. So I don't think Secure Boot is your problem (at least not specifically for installing Intune). Only difference I can think of: my device is showing up as Certified in the Play Store, though I'm on the 20200304 OTA. And that doesn't mean it passes SafetyNet - I haven't look at that specifically, but I know Netflix won't update anymore so I'm pretty sure my device isn't actually passing SafetyNet. Yes the 20200304 does NOT pass SafetyNet. The official version that does is 20200306, but hopefully a new certified OTA will available soon. Quote Link to post Share on other sites
Alwayswithasmile 3 Posted June 23, 2020 Author Share Posted June 23, 2020 (edited) Thanks for the input folks helps a lot. I checked the play protect and it is not certified. I assumed locking it would enable this but completely forgot to check. ( My inexperience with dealing with under the hood android) Phone version My question now is should safetynet be working on this version? Edited June 23, 2020 by Alwayswithasmile 1 Quote Link to post Share on other sites
elvissteinjr 359 Posted June 23, 2020 Share Posted June 23, 2020 No. This a userdebug build (which shouldn't really be on shipped devices, but eh), so it's not certified by Google. But it seems like an official update just came out (finally!) that should fix this issue. I don't have a Pro1 myself right now, so I don't know if you can just update from this build to the new certified or have to reflash completely, but either way you should be able to get Safetynet working on this device with the right OS version. 1 Quote Link to post Share on other sites
EskeRahn 5,460 Posted June 23, 2020 Share Posted June 23, 2020 5 hours ago, Alwayswithasmile said: You are one of those with the not yet certified software... 😥 EDIT: I have just been offered the new OTA update.... Just checked it passes SafetyNet check now. 🙂 1 1 Quote Link to post Share on other sites
Alwayswithasmile 3 Posted June 23, 2020 Author Share Posted June 23, 2020 Looks like a solution is in sight. @elvissteinjr Made a good point; Quote so I don't know if you can just update from this build to the new certified or have to reflash completely, I will see if an update comes down tonight. Once again thanks for all your help. Quote Link to post Share on other sites
EskeRahn 5,460 Posted June 23, 2020 Share Posted June 23, 2020 1 hour ago, Alwayswithasmile said: I will see if an update comes down tonight. Or try polling using: Settings►System►Advanced►System Update 😉 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.