[SIZE=+1]There seems to be a lot of confusion and misunderstanding circling the forums with regards to Knox and the 4.3 OTA.
This is an attempt to clear things up[/SIZE]
UPDATE: It seems that people can find this thread, but are unable to actually READ the information presented. The most important note here is that if you are on 4.3 firmware, you can flash ANY rom you like. No, you are not tied down or locked into stock only or 4.3 roms only. AOSP roms will work fine as well. Now scroll down and READ EVERYTHING IN THIS FIRST POST.
What is Knox? Knox is both a firmware and a software component. The OS has Knox apps, and the MK3 bootloader has a Knox component too. Having Knox apps does not necessarily mean you have the Knox bootloader, or vice-versa.
How does Knox work? Because Knox is both in the OS (apps) and in the firmware (bootloader) it works in two ways. The OS components prevent attempts to obtain root access and make rooting with these Knox apps a pain in the butt. Fortunately they can be removed. In the firmware component (bootloader), Knox works to prevent the flashing of custom kernels and recoveries. If you flash a custom rom or custom recovery WHILE on the Knox bootloader, your Knox flag will be tripped and your Warranty Bit will go from 0x0 to 0x1. The Knox bootloader cannot be downgraded to, say, the MD4 bootloader because of special protections built into it. If you attempt to downgrade it, your phone will instantly brick.
Can I get root on the Knox-enabled update? Yes. For those of us who DID NOT take the official OTA and DO NOT have the Knox bootloader, we can get root on 4.3 by injecting it and removing the Knox apps. For those WITH the Knox bootloader, you will need to wait until a full stock MK3 tar is available, which we can then use to make an Odin-flashable MK3 stock rom with root injected using the de-la-vega root method.
Can I downgrade while on 4.3? You can flash roms no matter what Android version they are. That is perfectly fine. But you cannot downgrade the bootloader if you have the Knox bootloader, or else it will cause your bootloader to become corrupted and give you a fancy paperweight. Again, for those who DO NOT have the Knox bootloader, you needn't worry about this/downgrading firmware since the Knox bootloader is what prevents you from doing this. Downgrading your bootloader includes: attempting to flash full stock tar of software versions < MK3, etc.
How can I tell if I've got the Knox bootloader?
Boot into download mode (through custom reboot menu, or by powering off then holding Power+Home+VolumeDown and then VolUp when prompted). If you see a line that starts with the following, then you've got the Knox bootloader. I will insert a picture showing how it actually looks soon
Warranty Bit:
Click to expand...
Click to collapse
[SIZE=+1]READ THIS TOO: http://forum.xda-developers.com/showthread.php?t=1788313
It's for the Verizon S3, but it applies to all the carrier 4.3 updates[/SIZE]
I will add to this as more questions come up
I hope the above helps to clear up some confusion. Ask questions if you are still concerned and I will do my best to answer them.
is there any way to make this a sticky @kennyglass123
This is great information man!
http://i.imgur.com/qrByUGN.jpg
[Q] For now, once you have Knox you'll always have knox? What's the possibility of removing Knox?
elephant007 said:
[Q] For now, once you have Knox you'll always have knox? What's the possibility of removing Knox?
Click to expand...
Click to collapse
as of right now none.
elephant007 said:
[Q] For now, once you have Knox you'll always have knox? What's the possibility of removing Knox?
Click to expand...
Click to collapse
No way to remove bootloader Knox ATM.
I've seen several posts mention "tripping KNOX" or "voiding KNOX." What does that mean, exactly, regarding rooting a phone? Does it just mean it voids the warranty if you need to get support from Samsung/Sprint? Or are there other adverse effects?
Mostly just a visible warranty void.
Samsung bought crapple disease. So sad, but its my excuse to buy a nexus.
Sent from my SPH-L710 using xda app-developers app
As said above, a voided Knox is mostly just a highly visible warranty void. Your local Sprint store may or may not care, or the specific Samsung rep that you deal with may not care, but it's easier just to not have to deal with it to begin with.
Does this mean there is already a touchwiz 4.3 ROM we can flash or do we still have to wait?
Sent from my SPH-L710 using Tapatalk
The biggest thing here is the fact that there is no full tar file to restore. So even if you do not care about knox or warranty. If something goes wrong with a flash or anything else you can't use an older tar file let's say MD4 or LJ7 or anything because you will end up with a brick. There is nothing to use to ODIN restore your device. Once you go 4.3 with Knox you have to stay 4.3 and even if you wanted to stay 4.3 and wanted to restore that there is no tar file at this time.
Have a great day!
I have a question I think we talked a bit about the problems the knox bootloader brings into the system. My question is the opposite what does it fix / change?
Im thinking along the lines of somebody modding the update so an old bootloader would be with the new rom would that be an issue? I think i remember hearing something about wifi being the problem but any clarification would be nice.
docnas said:
I have a question I think we talked a bit about the problems the knox bootloader brings into the system. My question is the opposite what does it fix / change?
Im thinking along the lines of somebody modding the update so an old bootloader would be with the new rom would that be an issue? I think i remember hearing something about wifi being the problem but any clarification would be nice.
Click to expand...
Click to collapse
Late to the party. CNexus already has a update cooking.
Sent from my SPH-L710 using Tapatalk
the question im trying to ask is what do we lose if we use the old bootloader? any functionality? (besides the knox security bull$hit)
docnas said:
the question im trying to ask is what do we lose if we use the old bootloader? any functionality? (besides the knox security bull$hit)
Click to expand...
Click to collapse
Right now, wifi is broken with the old bootloader and 4.3 rom...happened on the other devices too (tmo s3 and sprint s4)
But there is a fix: flash at&t kernel. But it messes up screen rotation. So i'm trying to come up with another fix that will let wifi turn on properly and let screen rotation work properly too
You = rock. Or some other awesome thing.
Sent from my SPH-L710 using xda app-developers app
CNexus said:
Right now, wifi is broken with the old bootloader and 4.3 rom...happened on the other devices too (tmo s3 and sprint s4)
But there is a fix: flash at&t kernel. But it messes up screen rotation. So i'm trying to come up with another fix that will let wifi turn on properly and let screen rotation work properly too
Click to expand...
Click to collapse
So is this Knox a Sprint thing, or a Samsung thing?
I can understand the reasoning for Knox(money) but, dang, I guess it's a dog eat dog world out there.
This doesn't affect CyanogenMod does it? I'm scared...
edit... I remember reading about a brick api or command, I never executed it, sounds nasty, is this what they use to brick peoples phones if they try to "hack" it?
Edge-Case said:
So is this Knox a Sprint thing, or a Samsung thing?
I can understand the reasoning for Knox(money) but, dang, I guess it's a dog eat dog world out there.
This doesn't affect CyanogenMod does it? I'm scared...
edit... I remember reading about a brick api or command, I never executed it, sounds nasty, is this what they use to brick peoples phones if they try to "hack" it?
Click to expand...
Click to collapse
This would be a we-can't-update-the-bootloader thing lol. And we can't do that because it has Knox, which is Samsung's doing
This shouldn't affect any AOSP roms because it uses a different kernel and builds its own WiFi libs
docnas said:
the question im trying to ask is what do we lose if we use the old bootloader? any functionality? (besides the knox security bull$hit)
Click to expand...
Click to collapse
From what I've read Knox is Samsung's attempt to provide strong security to their phones for the enterprise customers. As you can imagine, allowing system level access to files can be used to get around a lot of security measures that IT people would like to enforce in their client's devices. It makes sense at the enterprise level, but it's a pain for anyone who want's to mod their phone.
So I think the answer to your question is, unless you are using your phone in a locked down corporate environment then there really is no advantage to Knox. Too bad it can't be turned off, at least not officially.
Related
So... after first being impatient and buying a T-Mobile Note3 on Craigslist to use on AT&T and then later seeing how the bootloader locked AT&T Note3 was rooted by DG and Chainfire I ended up getting a contract renewal with AT&T after all and went with the AT&T Note3.
Now I thought I might try to experiment a little and see if I can replicate that root method on the T-Mobile Note3 because it's so brilliant and doesn't trigger the Know warranty void flag.
I can confirm it works just as well on the T-Mobile Note3 !!
ALL CREDIT for the method goes to DesignGears and Chainfire! The Original Thread is HERE: http://forum.xda-developers.com/showthread.php?t=2474422
All steps are exactly the same. THIS IS ONLY FOR N900TUVUBMI7 firmware, so that must be the current one installed on your phone.
Please follow all steps in the original AT&T thread, just skip the oneclick.exe and start with flashing the root_de_la_vega.tar using ODIN.
There is not really a need to so this if you already rooted with the AutoRoot method and triggered the Knox flag. This is for the careful guys who have NOT rooted yet, only want root (no custom ROM or recovery) and would rather like to preserve that Know Warranty 0x0 Flag
Link to the needed file for T-Mobile Note3 is HERE:
http://www.electron73.org/XDA/N900T/ROOT_DE_LA_VEGA-TMO.ZIP
Enjoy
Nice! If I wanted to go stock again, can I just flash the stock firmware in odin and it wont trip the knox flag?
lm that guy said:
Nice! If I wanted to go stock again, can I just flash the stock firmware in odin and it wont trip the knox flag?
Click to expand...
Click to collapse
Unfortunatley, once you trip the Knox Flag you can't untrip it - doing Odin to Stock will return you to stock but it does not remove the Knox flag...once it's tripped - it's tripped.
mocsab said:
Unfortunatley, once you trip the Knox Flag you can't untrip it - doing Odin to Stock will return you to stock but it does not remove the Knox flag...once it's tripped - it's tripped.
Click to expand...
Click to collapse
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Its good to have this method available for those who are very conscious of Knox falg/warranty. Personally:
I will be doing a full root on my second N3. I have to; in the memory of my first N3... RIP where ever you are now.
lm that guy said:
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Click to expand...
Click to collapse
I am not positive - but I think if you flash anything - it will trip it - if you odin back to stock - it would include a new kernel and that would tirp the flag - I may be wrong - but I believe I read this the other day.
WHy would you want to return to stock? To return the phone or something if something went wrong? Maybe there is another way to remove root.?
I dont think you even have to remove root. There will be now ay to tell if you are rooted using that method. Unless you use app that ask you SU permission. So before return just do Factory Reset. That i think should take care of things. IMHO.
lm that guy said:
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Click to expand...
Click to collapse
No, if you ODIN back to full stock or do a factory reset/wipe the Knox flag will NOT be triggered. That flag only triggers if you install a CUSTOM recovery or kernel (custom rom).
For the Galaxy S3, there's also a "no trip root" thread where you simply flash a root-injected TouchWhiz, which I used, and as long as you never flash anything non-Samsung in ODIN, you'll never trip the flash counter flag (which can be reset with TriangleAway anyway, unlike the KNOX flag afaik). But, once rooted, you don't need ODIN, and flashing TWRP recovery via the GooManager app (or dd'ing the img over the recovery partition) doesn't trip the flag, nor does subsequent ROM flashes from recovery over the system partition.
Is it the same situation here, or is the KNOX flag different, in that it will always get tripped as soon as it sees an unsigned partition on bootup?
Darn.. Wish I came upon this like 2 days after I had my TMO note 3. Ive already tripped my Knox. Oh well.
Has anybody tested this method. Does it work
Sent from my SM-N900T using xda app-developers app
DriftorX said:
Darn.. Wish I came upon this like 2 days after I had my TMO note 3. Ive already tripped my Knox. Oh well.
Click to expand...
Click to collapse
The one thing that will eventually have me tripping my Knox flag is if a nice custom kernel comes along. But until then, a simple way to root without tripping the flag will hold me over :fingers-crossed:. Also I'm returning my phone in a week so it's important I don't trip it right now. I want to root and play around with my phone until then.
bbh4r4l said:
Has anybody tested this method. Does it work
Sent from my SM-N900T using xda app-developers app
Click to expand...
Click to collapse
I will test in about 10 minutes when my phone gets finished charging to 100% and will report back. :laugh:
Edit: everything works Thanks OP for posting this!!
Just rooted via this method. It worked fine and knox is stil 0x0. It also didn't factory reset my phone like I thought it would, I'm going to do it anyway, but I wasn't getting any FCs or anything either. Thank you for getting this out to us TMO users!
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
HughesNet said:
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
Click to expand...
Click to collapse
For one you can use apps that require root. Also, you can uninstall bloatware and push apks to your phone using adb etc. A little more work than flashing a prebuilt custom rom, but you can get many of the same results.
*You also said rooting doesn't trip knox regardless, but it actually does unless you do it via this method.
Just did this. Easy as cake. Now I just need to sim unlock my note to use my ATT sim and I will be good to go!!
effortless said:
For one you can use apps that require root. Also, you can uninstall bloatware and push apks to your phone using adb etc. A little more work than flashing a prebuilt custom rom, but you can get many of the same results.
*You also said rooting doesn't trip knox regardless, but it actually does unless you do it via this method.
Click to expand...
Click to collapse
I know you don't need a custom rom for some things. I run stock deodex myself. I flashed custom recovery immediately after root. I guess I thought that is what triggered knox. Either way matters little to me though. I know tmobile won't check knox counter if I use jump and even if they did I could sell on ebay and come out ahead. So I don't really understand why people worry about it. Insurance covers it if you damage it or need warranty service.
HughesNet said:
I know you don't need a custom rom for some things. I run stock deodex myself. I flashed custom recovery immediately after root. I guess I thought that is what triggered knox. Either way matters little to me though. I know tmobile won't check knox counter if I use jump and even if they did I could sell on ebay and come out ahead. So I don't really understand why people worry about it. Insurance covers it if you damage it or need warranty service.
Click to expand...
Click to collapse
Yeah... Seems to me like a kinda-sorta placebo effect or simply one of those things that people can use who *must* have everything completely untraceable to the "T." Like you said, there's virtually no "real" reason this is very necessary, far's I can tell... But, regardless, good work on this - without a doubt - and definitely always a big "plus" to have multiple working methods! :good:
HughesNet said:
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
Click to expand...
Click to collapse
exactly. I think op might not know everything like he is implying. he just wants some attention
*****es be be like "nice phone"
mocsab said:
I am not positive - but I think if you flash anything - it will trip it - if you odin back to stock - it would include a new kernel and that would tirp the flag - I may be wrong - but I believe I read this the other day.
WHy would you want to return to stock? To return the phone or something if something went wrong? Maybe there is another way to remove root.?
Click to expand...
Click to collapse
If people read up on how KNOX actually works, there wouldn't be so much confusion.
The KNOX WARRANTY VOID flag is set to 0x1 when the bootloader detects (via Qualcomm SecureBoot) that you are booting either a kernel or a recovery that isn't SELinux enforcing (it displays a message such as RECOVERY IS NOT SEANDROID ENFORCING - Set Warranty Bit: recovery). It remembers that the partition you booted was insecure and flags it in its own little memory area. It sets individual warranty bits for each partition - boot (kernel), recovery, cache (if you happen to put something there that it doesn't approve of), system. If ANY of those partition warranty bits are set, the KNOX WARRANTY VOID flag is set to 0x1.
This is all explained in the KNOX white paper available on the Samsung web site.
Now, if someone figures out how to write-enable the protected flash area so the flag can be reset AND disable Qualcomm SecureBoot so that it doesn't set the flag over and over again, we'll be in business. For now, only Samsung knows how to do it.
I have read (<here> and <here>)
about new firmware versions that will not allow resetting the counter (warranty flag) to initial conditions when restoring to stock after after unlocking or rooting.
If the phone developed a hardware problem, warranty repair could be denied.
The firmware version "MGG" and beyond are reported to have this problem.
Questions:
Does this also apply to the m919 T-Mobile version?
Has anybody seen it on an m919?
Is it going out with an OTA update?
Or is MGG specific to the i9505?
I am shopping for a GS4 m919, and I want confirm that it has the "pre-MGG" firmware version before purchase.
Questions:
Is the ID contained in the "Baseband" ID string in the phone information?
Are there different identifier strings used on the M919?
The T-Mobile S4 has not received the KNOX Bootloader, it will most likely come with the 4.3 update. If anyone is on stock, I would recommend you guys disable OTA updates as you may get automatically updated to 4.3 with the KNOX bootloader.
for once...im dreading an update from tmobile
If I've already rooted and installed a custom recovery (Clockwork Mod), and nothing else, does anyone know if the 4.3 update with KNOX will still be usuable? In other words, will the phone still get an automatic OTA update and will that update install correctly?
Sent from my SGH-M919 using XDA Premium 4 mobile app
DigitalHeretic said:
If I've already rooted and installed a custom recovery (Clockwork Mod), and nothing else, does anyone know if the 4.3 update with KNOX will still be usuable? In other words, will the phone still get an automatic OTA update and will that update install correctly?
Sent from my SGH-M919 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
It wont let you get the update it will pop a box up saying unable to uodate your device has been modified. . Try to check for an uodate youll see what im talking about... I went back to stock just to see if there was anything for updates which there wasnt andbwent to reroot and installed su abd it didn't flash correctly thru odin said to heck with it till the am checked for an update for giggles in the am and wouldn't even check
Sent from my SGH-M919 using Tapatalk
i'm glad I read this thread. i was going to wait until i tried the stock 4.3 update before deciding to root and install custom ROMs. With KNOX coming, I'm just going to root ASAP. I like PA on my Nexus4, so I'll probably go with that for my S4.
So you guys are saying the new update with "knox" won't allow you to reset the counter and only that or will it stop you from completely rooting and installing custom roms?
Sent from my SGH-M919 using Tapatalk
futty said:
So you guys are saying the new update with "knox" won't allow you to reset the counter and only that or will it stop you from completely rooting and installing custom roms?
Sent from my SGH-M919 using Tapatalk
Click to expand...
Click to collapse
Let me clarify some things. The KNOX processes and functions are already on the stock ROM, most devs remove them, though. So many of you with custom ROMs haven't seen anything related to KNOX.
What the new T-Mobile update (when it gets pushed out) is most likely to come with is a "KNOX Bootloader" which will introduce a thing called "KNOX Flag" which is similar to the old counter we're all used to. This is the counter that @Chainfire was successful in resetting with his app, Triangle Away.
Unfortunately, @Chainfire or anyone else for that matter, has not been able to reset the KNOX flag.
The KNOX flags is this:
0x0 = You have not tripped the KNOX flag.
0x1 = You have tripped the KNOX flag.
Again, once you trip that flag, rooting, flashing a custom recovery, etc.. there is NO way to reset it as of now. And any KNOX functionality on your phone will not work. But the worst part is Samsung will refuse warranty on your device if they see a 0x1 in your bootloader.
Another thing.. on the new bootloader, if you try to downgrade, even with an official Samsung firmware, it will fail and you will trip the KNOX flag.
So once you're on the new bootloader, there's no going back.
There's been speculation that there's an eFuse at play here.
Anyway, this is the reason why I am suggesting you all disable OTA updates and wait until a ROM is built without the new bootloader and all the functions (Wifi, MMS, etc.) are working.
mgbotoe said:
for once...im dreading an update from tmobile
Click to expand...
Click to collapse
Hey, its sammy we have to blame for this one :/ Not T-Mobile lol.
PSSSST! Don't let them know you are dreading it, or they might put it off longer xD
As to the OP.
The KNOX Warranty counter is rumored to be what is called an eFUSE. If this is true, then resetting the KNOX warranty counter will be impossible without taking apart your phone and replacing that specific eFUSE.
However, there are rumors that some root methods DO NOT trip this new counter. Is that good? Yes, is that bad? Yes. For those users who like stock kernels and just wanna root, this is okay for them. But for 99.999999 percent of us who love to flash new kernels and get more from our devices, then it trips the counter.
I personally congratulate Samsung as well as hate them at the same time for this. I congratulate them because what seems to be happening a lot is users flash a million and 2 things to their device having not one single clue what they are doing, thus bricking their 500+ dollar smartphone then claiming it as a warranty claim and getting another one. I also feel they are trying to flex their ego muscles too -.-
I also believe that if you have insurance, this does not apply. It is only for warranty claims. Which like you stated OP, it only means Samsung can choose to deny to repair or replace it. I have read a lot of thread before where users tripped the older binary flash counter, and still were given a new device. I honestly don't know how this is going to play out for the lot of us. For me, my warranty is over in a few months anyhow so i don't really care. But its still kind of a dickish thing Samsung is doing.
I am also hoping that we can extract the contents of the new update and keep our older bootloaders and create a flashable zip with the new update stuff and have it still work. I know there were some issues with the international S4 4.3 update but im not sure if it was entirely caused by the bootloader.
Exel said:
Anyway, this is the reason why I am suggesting you all disable OTA updates and wait until a ROM is built without the new bootloader and all the functions (Wifi, MMS, etc.) are working.
Click to expand...
Click to collapse
Where do you disable OTA updates on a stock S4?
Hitting "Software Update" takes me to a Boolean"Update Now" popup with no other option than choosing Yes, No or Wifi. No option to defeat future updates is offered.
Going into developer mode doesn't seem to add any pertinent options either (correct me if I'm wrong).
Clearly, Samsung doesn't want us to be able to disable updates unless or until we root, which I'm doing this weekend on the basis of this thread.
Reignogleph MMXI said:
Where do you disable OTA updates on a stock S4?
Hitting "Software Update" takes me to a Boolean"Update Now" popup with no other option than choosing Yes, No or Wifi. No option to defeat future updates is offered.
Going into developer mode doesn't seem to add any pertinent options either (correct me if I'm wrong).
Clearly, Samsung doesn't want us to be able to disable updates unless or until we root, which I'm doing this weekend on the basis of this thread.
Click to expand...
Click to collapse
You indeed have to root to disable OTA updates.
Once the update hits im going to extract the system.img to get all the files.
Then explore where all of the Knox crap is and get rid of it.
I know I want be alone in doing this...all who develop for the S4 will be on top of it.
Someone will figure out a way to get around this Knox BS...
Sent from a Insane S4
SICK MADE DEVELOPMENT
alloycowboy said:
Once the update hits im going to extract the system.img to get all the files.
Then explore where all of the Knox crap is and get rid of it.
I know I want be alone in doing this...all who develop for the S4 will be on top of it.
Someone will figure out a way to get around this Knox BS...
Sent from a Insane S4
SICK MADE DEVELOPMENT
Click to expand...
Click to collapse
thats fine and dandy for us with existing phones.. I already removed all the knox crap from my phone, and will update but not kernel and do the same..
But what about all future phones.. If indeed the kernel is locked with knox and there is no way to remove it we are screwed for new phones coming out.
lgkahn said:
thats fine and dandy for us with existing phones.. I already removed all the know crap from my phone, and will update but not kernel and do the same..
But what about all future phones.. If indeed the kernel is locked with knox and there is no way to remove it we are screwed for new phones coming out.
Click to expand...
Click to collapse
I agree. If thats the case....then alot of people will ditch Samsung.
But I have a feeling we will figure out Knox. Its man made so it can be hacked. Who when and how is the question.
Sent from a Insane S4
SICK MADE DEVELOPMENT
that's also why I paid 400 bucks for a T-Mobile sgs 4 and I am using it on at&t... I refuse to pay or support a phone with a locked bootloader.. matter of principle...i would ditch att if T-Mobile had decent service in my area.
Sent from my SGH-M919 using Tapatalk 2
AFAIK nobody has asked anything about KNOX on the T999, so I have a few things I want to know before updating my phone to 4.3.
I bought my phone off-contract at full price and its flash counter has already been incremented many times from rooting, so I obviously don't care about setting the "KNOX warranty void" flag either, nor the enterprise-grade security features KNOX provides.
However, there is a rumor that once the KNOX warranty void flag is set to 0x1 you can't upgrade the ROM anymore, not even via Odin. Is this actually true? I know you can't OTA unless you're stock, but I don't care about OTA since I'd just upgrade via Odin anyways. But the fact you can't even upgrade via Odin seems a bit far-fetched.
Another variant of this rumor that seems more believable is that updating to a KNOX-enabled ROM also updates the bootloader to a KNOX-enabled variant, and that you can't upgrade to new KNOX-enabled ROMs if you decide to downgrade to a non-KNOX ROM after the bootloader has been updated. But if I never downgrade, can I continue to install updates, assuming Samsung releases ROMs for the S3 after 4.3?
Can anyone shed some light on this?
I somehow can't trust the first one. However the second one sounds more plausible. Anyway doc Holliday has removed KNOX from the most recent leaked Stock Rom. So this question becomes moot really.
Perseus71 said:
I somehow can't trust the first one.
Click to expand...
Click to collapse
Which is exactly why I asked this. I just wanted some more opinion.
Perseus71 said:
Anyway doc Holliday has removed KNOX from the most recent leaked Stock Rom.
Click to expand...
Click to collapse
And does this also mean that the bootloader isn't KNOX-enabled?
jim45 said:
Which is exactly why I asked this. I just wanted some more opinion.
And does this also mean that the bootloader isn't KNOX-enabled?
Click to expand...
Click to collapse
I don't think so. I flashed that Leak to test out the features. Afterwards flashed back my regular AOSP Rom.
NOTE - With the Leak, some reported that the Bootloader didn't get updated. I explicitly asked as well. If you are concerned with Knox'd Bootloader, you can Flash back UVDMD5 Bootloader too!
Here's what I know so far.
First, we do not have to worry about the Knox counter. One of my sources sent me a pic of their download mode and it was not there.
Second, I have reliable doubts that our official release will NOT include Knox. It's only included now for ease of using the same builds across multiple devices during internal testing.
Third, the bootloader is not included in any of the leaks. I do have a copy of it and have been considering releasing a recovery flashable firmware update, but haven't decided yet if I want to do this.
One of my sources ran into a problem at one point and soft bricked. Samsung simply connected remotely and flashed the firmware via Odin.
As for not being able to downgrade or flash certain things, I do not think this is the case at all. If you do something Knox doesn't like, it will lock down the secure containers it uses and you will not be able to regain access. I do not belie e it will restrict you from flashing something else, old or new, firmware or Rom, etc.
There is still a lot I do not know about it, but the information is out there. I stopped putting time into it when I found we probably won't need to worry about it anyway.
A quick Google search will net you more info, but if you really want an education on it I'd suggest visiting the S4 and Note3 forums. S4 users have been dealing with Knox longer than anyone, and the Note3 is the first device to ship with it fully implemented.
Sent from my SGH-T999 using Tapatalk
T-Mobile finally pushed the 4.3 update earlier today but DO NOT UPDATE YOUR PHONE IF YOU WANT TO KEEP YOUR ROOT! It comes with a locked bootloader. Therefore, once you are on 4.3 stock, you can only flash stock firmwares then. If you try to root your phone on 4.3 with the standard method, it will blow your efuse and void your warranty!
AGAIN, DO NOT UPDATE 4.3 VIA OTA OR ODIN IF YOU DON'T WANT TO VOID YOUR WARRANTY. IF YOU HAVE NO PROBLEM WITH THAT, FEEL FREE TO UPDATE
Info on KNOX:
Hawke84 said:
What we know so far (I think!)
1. Upgrading to newer Samsung firmware will upgrade the bootloader to knox bootloader. this will give an additional 2 lines in download mode about knox status.
2. If the Knox warranty void line says 0x1 then you cannot use knox softwareas your device has been flagged as insecure. By this i mean that if your workplace / company supports bring your own device to work for corporate emails etc and they use knox to keep security your device will not allow this. You are still able to use future samsung firmware releases with the knox flag 0x1. hope this makes sense. sorry for any confusion this has caused!
3. If the knox warranty line says 0x0 knox will work.
4. with the new knox bootloader root will work, however rooting with CFautorootwill trip the knox flag. thanks @DjeMBeY for correcting this point you can use the root method (Root de la Vega) described here for rooting a device with knox bootloader.
5. If you try to downgrade to earlier firmware / bootloader it will set the knox flag to 0x1 i.e. void.
6. once the knox flag gets set to 0x1 there is no way to set it back (that anyone has found yet anyway!)
7. some newer 4.2.2 software that's supplied with the knox bootloader has been repacked by devs to not use the new bootloader and it all works fine you can still keep up to date.
8. I've seen people trying the test build of 4.3 touchwiz without the new knox bootloader sound and wifi does not work. This is no longer the case, see point 12.
9. There seems to be a big question mark as to weather Samsung will allow hardware repairs under warranty with the knox 0x1 flag
10. only seems to affect GT-i9505 at the moment!
11. Software affected thanks to @DjeMBeY
12. it is now possible to install custom 4.3 TW roms which have been modified to work without the new knox bootloader, do make sure that they are free from knox bootloader before flashing. Do note also that if you already have knox bootloader flashing anything even these 4.3 custom roms will still trip your 0x1 flag
Click to expand...
Click to collapse
Credit: http://forum.xda-developers.com/showthread.php?t=2470635
Thanks to @Mr Impossible @Jamison904 @jovy23 and everyone else!
DO NOT FLASH MODEMS/BASEBAND EITHER..... does not let u make phone calls on the leaked 4.3 tw version..... or the regular 4.2.2 version and like some1 said 4.4..... not sure if it works on the official 4.3 tw released today since no dev has released a rom of it... so do not flash if u need to make or receive phone calls makes ur phone freeze and wont make the actual call
richardmkovach said:
Same here. Have tried GPE 4.3, stock 4.2.2, and international 4.3 TW. Phone freezes when trying to make a phone call.
Click to expand...
Click to collapse
Mr Impossible said:
Anyone taking the OTA or Odin the new firmware will be sorry they did. Modem is also tied to the bootloader somehow as was the i9505 and won't work without the bootloader. Seems to be more security in this also. More to come...
Sent from my SGH-M919 using Tapatalk
Click to expand...
Click to collapse
If you already flashed the new modem and want to get back to MDL to make phone calls lol here it is
bogdi1988 said:
http://forum.xda-developers.com/showthread.php?t=2282342
Click to expand...
Click to collapse
I dont think it comes with a lock bootloader but more of with new knox flash counter.
gypsy214 said:
I dont think it comes with a lock bootloader but more of with new knox flash counter.
Click to expand...
Click to collapse
Is already confirmed that it comes with LOCKED bootloaded
Along w/ no calls, does it include breaking sound?
gypsy214 said:
I dont think it comes with a lock bootloader but more of with new knox flash counter.
Click to expand...
Click to collapse
All Samsung bootloaders have been locked after MH8. This is part of Knox security.
Sent from my SGH-M919 using Tapatalk
gdmlaz said:
DO NOT FLASH MODEMS/BASEBAND EITHER..... does not let u make phone calls on the leaked 4.3 tw version..... or the regular 4.2.2 version and like some1 said 4.4..... not sure if it works on the official 4.3 tw released today since no dev has released a rom of it... so do not flash if u need to make or receive phone calls makes ur phone freeze and wont make the actual call
Click to expand...
Click to collapse
Thats sucks. Thanks for the heads up. I was thinking of flashing the kernel with a 4.3 9505 rom.
How about doing that?
---------- Post added at 03:17 PM ---------- Previous post was at 03:14 PM ----------
Mr Impossible said:
All Samsung bootloaders have been locked after MH8. This is part of Knox security.
Sent from my SGH-M919 using Tapatalk
Click to expand...
Click to collapse
So lock bootloader like on Att and verizon? I think samsung will loose a lot of business in the near future
This seems to be the problem
Mr Impossible said:
Anyone taking the OTA or Odin the new firmware will be sorry they did. Modem is also tied to the bootloader somehow as was the i9505 and won't work without the bootloader. Seems to be more security in this also. More to come...
Sent from my SGH-M919 using Tapatalk
Click to expand...
Click to collapse
@jovy23 flashed the OTA and now cannot Odin a custom recovery nor revert to MDL. Odin fails every time. I have a locked Verizon S4 I bought for testing (not much good that did) this is the exact same thing I fought weeks to brake.. Nothing. It is locked.
gdmlaz said:
This seems to be the problem
Click to expand...
Click to collapse
Thats sucks. I hope people on XDA will read before they make a mistake
http://forum.xda-developers.com/showthread.php?t=2324667
There is a Odin tar for T-Mobile MDL modem here. If you didn't take the OTA but Odin the modem you "should" be OK with this. Be sure to thank the OP of that thread!
I just wanted to throw this out there... I had the stock ROM but rooted. Did my update through Kies fine. My data stayed intact. However, as some others have reported, I lost my root. Now I'm not sure how to get it back. I've seen mention of rooting it another method will void my warranty but I can't find info on how that's done.
Jamison904 said:
http://forum.xda-developers.com/showthread.php?t=2324667
There is a Odin tar for T-Mobile MDL modem here. If you didn't take the OTA but Odin the modem you "should" be OK with this. Be sure to thank the OP of that thread!
Click to expand...
Click to collapse
Thanks dude. I was to the point that I didnt cared if my knox counter was stripped but now with lock bootloader plus lock modem it seems useless. Samsung is trying really hard to keep it lock.
gypsy214 said:
Thanks dude. I was to the point that I didnt cared if my knox counter was stripped but now with lock bootloader plus lock modem it seems useless. Samsung is trying really hard to keep it lock.
Click to expand...
Click to collapse
They are just trying to be more like Apple how they have been trying to avoid Jailbreak. Samsung is trying to avoid root. #DumbF**ks
Tunasty said:
They are just trying to be more like Apple how they have been trying to avoid Jailbreak. Samsung is trying to avoid root. #DumbF**ks
Click to expand...
Click to collapse
if that is the case I will not buy any more Samsung.. that is why I bought the tmobile version even though I am on At&t .. total bs.
Tunasty said:
They are just trying to be more like Apple how they have been trying to avoid Jailbreak. Samsung is trying to avoid root. #DumbF**ks
Click to expand...
Click to collapse
Exactly my point. Ive been saying it all along. Trying to become evil apple lol. It sucks for them. I dont know if I will be buying any other samsung device in the future
lgkahn said:
if that is theh case I will not buy any more Samsung.. that is why I bought the tmobile version even though I am on At&t .. total bs.
Click to expand...
Click to collapse
Same here man. Using M919 (T-Mobile) device on AT&T.
Tunasty said:
Same here man. Using M919 (T-Mobile) device on AT&T.
Click to expand...
Click to collapse
htc locks bootloaders too... does LG?
Thanks for the heads up. New to the S4 since some 3 weeks ago, and this is definitely not good news.
lgkahn said:
htc locks bootloaders too... does LG?
Click to expand...
Click to collapse
The only difference is that HTC gives you the option to unlock boooader on htcdev.com
Lg in the other hand they just dont give out any source code
Phone was lost, just got replacement this morning.
My last S4 had been rooted running custom firmware for months w/o issue.
Read through a bunch of threads, ranging from the opinion that the bootloader change + knox wont be a big issue to the sky is falling.
Is it recommended to root my phone at this time, I do have JUMP and would be replacing it once something better comes out? The phone is running 4.2.2, caught it trying to update to already.
Thanks.. I know this may seem redundant but haven't been active on these boards since I got my CFW going. Not seeking help in flashing or anything.. just advice
skrewler said:
Phone was lost, just got replacement this morning.
My last S4 had been rooted running custom firmware for months w/o issue.
Read through a bunch of threads, ranging from the opinion that the bootloader change + knox wont be a big issue to the sky is falling.
Is it recommended to root my phone at this time, I do have JUMP and would be replacing it once something better comes out? The phone is running 4.2.2, caught it trying to update to already.
Thanks.. I know this may seem redundant but haven't been active on these boards since I got my CFW going. Not seeking help in flashing or anything.. just advice
Click to expand...
Click to collapse
Up to you. If the stock rom is bearable and you wanna run the 4.3 stock rom then by all means, go for it.
skrewler said:
Phone was lost, just got replacement this morning.
My last S4 had been rooted running custom firmware for months w/o issue.
Read through a bunch of threads, ranging from the opinion that the bootloader change + knox wont be a big issue to the sky is falling.
Is it recommended to root my phone at this time, I do have JUMP and would be replacing it once something better comes out? The phone is running 4.2.2, caught it trying to update to already.
Thanks.. I know this may seem redundant but haven't been active on these boards since I got my CFW going. Not seeking help in flashing or anything.. just advice
Click to expand...
Click to collapse
Being that your'e using the T-Mobile M919, the whole KNOX bootloader situation doesn't pertain to you as long as you're sure you're on 4.2.2. Root it, flash it, theme it with Hello Kitty... whatever, it doesn't matter; you can still revert back to stock and reset any tripped counters. 4.3 is when the problems begin and the KNOX counter is implemented and can't be reset.
lordcheeto03 said:
Being that your'e using the T-Mobile M919, the whole KNOX bootloader situation doesn't pertain to you as long as you're sure you're on 4.2.2. Root it, flash it, theme it with Hello Kitty... whatever, it doesn't matter; you can still revert back to stock and reset any tripped counters. 4.3 is when the problems begin and the KNOX counter is implemented and can't be reset.
Click to expand...
Click to collapse
I second this.
SO LONG AS YOU ARE ON 4.2.2
- You can root flash do whatever, theme with hello kitty or barbie xD like lordcheeto said or keep it stock
- Install recovery and flash away.
- Will always be able to revert back to 100 percent stock
TAKE 4.3 UPDATE
- I think you are still able to root it without tripping knox counter. Can't remember the last status of that was. But as long as you root it without a custom recovery, i think you are ok. From what i can remember, the bootloader checks the recovery status and trips the knox counter based off the recovery that is on the device. If its different then stock, it trips. But double check with Google about this first.
- If you trip knox counter, you will NEVER (as of now and possibly forever) get it back to zero.
Rooting with safe root won't trip knox and also disables it. But recoveries, kernels, roms, etc will trip the flag
Sent from my SGH-M919 using Tapatalk
Root it with chain fire and never look back.
You're on 4.22, so you're golden. Just flash a rooted stock ROM that's on 4.3 and you'll avoid Knox.
I'm running 4.4.2 and never seen this Knox stuff.
Sent from my SGH-M919 using XDA Premium 4 mobile app
elesbb said:
- I think you are still able to root it without tripping knox counter. Can't remember the last status of that was. But as long as you root it without a custom recovery, i think you are ok.
Click to expand...
Click to collapse
ShinySide said:
Rooting with safe root won't trip knox and also disables it. But recoveries, kernels, roms, etc will trip the flag
Click to expand...
Click to collapse
Correct. I've rooted my my second GS4G on 4.3 MK2 and it did not trip the KNOX counter. If you're still on 4.2.2 MDL, then there is no need to update your bootloader. Simply flash ROMs through recovery and flash the 4.3 modem. You will have the goodness of 4.3 on KNOX-less 4.2.2 bootloader. :highfive: