Bootloader | Fastboot | Cheatsheet¶
A bootloader is a vendor-proprietary image responsible for bringing up the kernel on a device. The bootloader guards the device state and is responsible for initializing the Trusted Execution Environment (TEE) and binding its root of trust. The bootloader also verifies the integrity of the boot and recovery partitions before moving execution to the kernel.
Here's an example bootloader flow:
1) Load and initialize memory.
2) Verify the device according to Verified Boot flow.
3) Verify the boot partitions, including boot, dtbo, init_boot, and recovery, according to the Verified Boot flow. As part of this step, check the boot image header version and parse the header accordingly.
4) If A/B updates are used, determine the current slot to boot.
5) Determine if recovery mode should be booted. For more information, see Supporting OTA Updates.
6) Load the boot images, such as boot.img, vendor_boot.img, init_boot.img, and other proprietary vendor boot images. These boot images contain the kernel and ramdisk images.
6.1) Load the kernel into memory as a self-executable compressed binary. The kernel decompresses itself and starts executing into memory.
6.2) Load ramdisks and the bootconfig section into memory to create initramfs.
SnowForestMountains¶
Booting into fastboot mode You can flash a device when it's in the fastboot bootloader mode.
To enter fastboot mode when a device is undergoing a cold boot mostly times on smartphones you need to press Volume Down
and Power for 7000ms for device to reboot, keep holding the combination until you see download/bootloader screen on your device
Unlocking the bootloader¶
You can flash a custom system only if the bootloader allows it. Note, though, that the bootloader is locked by default. You can unlock the bootloader, but doing so deletes user data for privacy reasons. After unlocking, all data on the device is erased, that is, both private app data and shared data accessible over USB (including photos and movies). Before attempting to unlock the bootloader, back up any important files on the device.
You need to unlock the bootloader only once, and you can re-lock it if necessary.
Unlocking recent devices¶
All Nexus and Pixel devices released since 2014 (starting with Nexus 6 and Nexus 9) have factory-reset protection and require a multistep process to unlock the bootloader.
To enable OEM unlocking on the device:¶
In Settings, tap About phone, then tap Build number seven times. When you see the message You are now a developer!, tap the back button. In Settings, tap System, then tap Developer options and enable OEM unlocking and USB debugging. (If OEM unlocking is disabled, connect to the internet so the device can check in at least once. If it remains disabled, your device might be SIM locked by your carrier and the bootloader can't be unlocked.) Reboot into the bootloader and use fastboot to unlock it.
For devices from 2015 or newer:¶
For devices from 2014 and older¶
If you're seeing adb devices output before reboot but fastboot or the flash script are misbehaving, it might be issues with your USB cable. Try a different port and/or switching connectors. If you are using a USB C port on your computer try a USB A port instead. Confirm the unlock onscreen
Unlock bootloader¶
This command allows the user to unlock the device's bootloader, which enables them to modify the device's system files and install custom firmware or recoveries. The command requires an unlock key provided by the device manufacturer.
Check state for FB¶
This command retrieves information about the lock state of the device's bootloader. It provides details about whether the bootloader is locked or unlocked, allowing the user to determine the current state of the bootloader.
Dump status for bootloader¶
This command dumps the status information for the device's bootloader. It provides detailed information about the bootloader, such as the current state, version, and other relevant details.
Get root status¶
This command checks the root status of the device, indicating whether the device has root access or not. It is useful for verifying the root status of a device after performing modifications or rooting procedures.
Relock bootloader¶
This command allows the user to relock the device's bootloader, preventing further modifications. By relocking the bootloader, the user restores the device to its original locked state, restricting system file modifications.
Erase Factory Reset Protection¶
This command erases the Factory Reset Protection (FRP) data on the device. FRP is a security feature that protects the device from unauthorized access after a factory reset. This command is useful for removing FRP protection when necessary.
Unlock Factory Reset Protection¶
This command unlocks the Factory Reset Protection (FRP) on the device. It allows the user to bypass FRP protection and gain access to the device after a factory reset.
Run emmc diagnostic¶
This command runs an eMMC diagnostic on the device. It performs diagnostic tests on the embedded MultiMediaCard (eMMC) storage of the device, checking for any issues or errors.
Dump eMMC info¶
This command dumps the eMMC (embedded MultiMediaCard) information of the device. It provides detailed information about the eMMC storage, such as its capacity, partition layout, and other relevant details.
Print key version¶
This command prints the version of the key used for cryptographic operations on the device. It is useful for verifying the integrity and security of the device's cryptographic mechanisms.
Dump battery status (millivolts)¶
This command retrieves the battery status of the device in millivolts. It provides information about the current battery voltage, which can be useful for monitoring the battery health and level.
Print hwnff version¶
This command prints the version of the hardware and firmware combined (HWNFF) on the device. It provides information about the current version of the device's hardware and firmware.
Print IMEI and serial number¶
This command retrieves the IMEI (International Mobile Equipment Identity) and serial number of the device. It provides unique identification numbers assigned to the device for identification and tracking purposes.
Print firmware model¶
This command prints the firmware model of the device. It provides information about the specific model or variant of the firmware installed on the device.
Print firmware build¶
This command prints the firmware build information of the device. It provides details about the build number, which typically includes the date, time, and other relevant information about the firmware.
Print devices connected in fastboot¶
This command lists the devices connected in fastboot mode. It displays information about the devices that are currently connected and recognized by the fastboot tool.
fastboot devices¶
Print all getvar data¶
Print kernel¶
This command prints information about the device's kernel, including the kernel version and other relevant details.
Print bootloader version¶
This command prints the version of the device's bootloader. It provides information about the current version of the bootloader installed on the device.
Print product.¶
This command prints the product name of the device. It provides information about the specific product or device model.
Print device board¶
This command prints the board name of the device. It provides information about the specific hardware board used in the device.
Print secure mode¶
This command prints the secure mode status of the device. It indicates whether the device is running in secure mode or not.
Print hwrev¶
This command prints the hardware revision of the device. It provides information about the specific revision of the device's hardware.
Print radio info¶
This command prints information about the device's radio, including the radio version and other relevant details.
Print storage type¶
This command prints the storage type of the device. It indicates the type of storage technology used in the device, such as eMMC or UFS.
Print eMMC info¶
This command prints detailed information about the eMMC (embedded MultiMediaCard) storage of the device. It provides information about the capacity, health, and other relevant details of the eMMC storage.
Print UFS info¶
This command prints detailed information about the UFS (Universal Flash Storage) of the device. It provides information about the capacity, health, and other relevant details of the UFS storage.
Print RAM info¶
This command prints information about the device's RAM (Random Access Memory), including the size and other relevant details.
Print CPU info¶
This command prints information about the device's
CPU (Central Processing Unit), including the architecture, number of cores, and other relevant details.
Print device serial number¶
This command prints the serial number of the device. It provides a unique identification number assigned to the device for identification and tracking purposes.
Print CID¶
This command prints the CID (Card Identification) of the device's storage. It provides information about the specific manufacturer and characteristics of the storage.
Print channel ID¶
This command prints the channel ID of the device. It provides information about the specific channel or distribution channel associated with the device.
Dump token¶
This command dumps the security token of the device. It retrieves the security token used for authentication and authorization purposes.
Dump device secure state¶
This command dumps the secure state of the device. It provides information about the current security state of the device, including whether it is secure or not.
Dump device verity state¶
This command dumps the verity state of the device. It provides information about the verity status of the device's partitions, indicating whether they are verified or not.
Dump warranty void info¶
This command dumps the warranty void information of the device. It indicates whether the device's warranty has been voided or not.
Dump max download size¶
This command dumps the maximum download size for flashing files to the device. It provides information about the maximum file size allowed for flashing operations.
Dump reboot reason¶
This command dumps the reboot reason of the device. It provides information about the reason for the device's last reboot.
Dump IMEI/IMEI2¶
This command dumps the IMEI (International Mobile Equipment Identity) and IMEI2 of the device. It provides unique identification numbers assigned to the device for identification and tracking purposes.
Dump MEID info¶
This command dumps the MEID (Mobile Equipment Identifier) information of the device. It provides a unique identification number assigned to the device for identification and tracking purposes.
Dump factory date device was born¶
This command dumps the factory date of the device. It provides information about the date the device was manufactured or produced.
Print SKU version¶
This command prints the SKU (Stock Keeping Unit) version of the device. It provides information about the specific version or variant of the device's SKU.
Print carrier SKU¶
This command prints the carrier SKU (Stock Keeping Unit) of the device. It provides information about the specific version or variant of the device's carrier SKU.
Dump battery serial¶
This command dumps the battery serial number of the device. It provides a unique identification number assigned to the device's battery for identification and tracking purposes.
Dump battery voltage¶
This command dumps the battery voltage of the device in millivolts. It provides information about the current voltage level of the device's battery.
Dump ICCID¶
This command dumps the ICCID (Integrated Circuit Card Identifier) of the device's SIM card. It provides a unique identification number assigned to the SIM card for identification and authentication purposes.
Dump MD5 value¶
This command dumps the MD5 (Message Digest Algorithm 5) value of a custom file. It calculates and provides the MD5 checksum for verifying the integrity of the file.
Dump max sparse size¶
This command dumps the maximum sparse size for flashing sparse image files to the device. It provides information about the maximum size allowed for flashing sparse image files.
Dump alarm status¶
This command dumps the alarm status of the device. It provides information about the status of any scheduled alarms on the device.
Dump ro.carrier¶
This command dumps the value of the ro.carrier system property. It provides information about the carrier-specific configuration of the device.
Dump ro.build.fingerprint settings¶
This command dumps the value of the ro.build.fingerprint system property. It provides information about the build fingerprint, which uniquely identifies the firmware version and configuration of the device.
Dump baseband of device¶
This command dumps the version of the baseband firmware installed on the device. It provides information about the cellular modem firmware version.
Dump kernel version¶
This command dumps the version of the kernel installed on the device. It provides information about the operating system kernel version.
Dump git info¶
This command dumps information about the Git repository used for building the device's software. It provides details such as the branch name, commit hash, and other relevant Git information.
Dump current slot in use¶
This command dumps the currently active slot on the device. It provides information about the slot that is currently being used for booting the device.
Dump FRP status¶
This command dumps the FRP (Factory Reset Protection) status of the device. It provides information about whether FRP is enabled or disabled on the device.
Dump sim slot¶
This command dumps the number of SIM slots available on the device. It provides information about the total count of SIM card slots supported by the device.
Dump booted slot¶
This command dumps the slot that the device successfully booted from. It provides information about the slot that was used for booting the device.
Dump unbootable slot¶
This command dumps the slot that is unbootable on the device. It provides information about the slot that is currently unbootable.
Dump how many times we gonna boot on active slot before changing¶
This command dumps the number of times the device will attempt to boot from the active slot before switching to another slot. It provides information about the retry count for booting from the active slot.
Dump logical block size¶
This command dumps the logical block size of the device's storage. It provides information about the size of a logical block used for storage operations.
Dump erase block size¶
This command dumps the erase block size of the device's storage. It provides information about the size of an erase block used for storage operations.
Dump status for userspace¶
This command dumps the status for userspace on the device. It provides information about the current status of the userspace environment.
Dump pcb number¶
This command dumps the PCB (Printed Circuit Board) number of the device. It provides information about the specific PCB used in the device's hardware.
Dump primary/secondary display¶
These commands dump information about the primary and secondary displays of the device. They provide details about the device's display configurations.
Dump status for fdr¶
This command dumps the allowed status for Factory Data Reset (FDR) on the device. It provides information about whether FDR is allowed or restricted.