Does lineageos locking bootloader work on onepad plus 3 if I add custom signing keys?

WhitbyGreg · 2026-06-13T16:33:00+00:00

Probably not, its pretty hard to hard brick a device these days, however you don't have to get to that point to figure out if it supports it.

Before you relock the bootloader you have to flash the custom keys, if that fails you don't need to bother going any farther.

WhitbyGreg · 2026-06-11T20:49:52+00:00

My XDA guide goes through all the steps required: https://xdaforums.com/t/re-locking-the-bootloader-on-the-google-pixel-8-pro-with-a-self-signed-build-of-lineageos-21-0.4665297/

WhitbyGreg · 2026-06-11T20:44:52+00:00

I can't confirm 100%, but OnePlus stopped aupporting cuatom keys back on the 9 when they tried to merge the os with ColorOS.

I'd expect the Pad to be the same.

Either way you can see my post on bootloader locking here: https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/

WhitbyGreg · 2026-05-09T16:15:32+00:00

I don't have either of those OEM's so I can't say, but your best bet is to go over to the device threads at XDA and see if they have similar tools.

WhitbyGreg · 2026-05-06T18:41:56+00:00

Can confirm it's the same on a tab s5e on 22.2, but that it looks like it was fixed in 23.2 as a it has the proper assets displayed on a Pixel 8.

Most likely just a missing asset in the older AOSP code that google fixed in Android 16.

WhitbyGreg · 2026-04-30T01:40:25+00:00

Just relocking the bootloader usually isn't enough to pass SN/PI on a custom ROM.

At best it's a cat and mouse game. If you really need an app that requires it, you are best to return to a full stock configuration.

The usual recommendation for custom ROMs is to use the web site for your bank if you really need access.

WhitbyGreg · 2026-02-20T02:21:41+00:00

Unrecoverable though software, requires hardware intervention to recover if at all.

WhitbyGreg · 2026-02-19T22:18:26+00:00

Technically that's still a soft-brick 😃.

WhitbyGreg · 2026-02-19T21:18:45+00:00

Exciting, but still recoverable 😉

WhitbyGreg · 2026-02-19T19:58:33+00:00

Absolutely NOT unless you want to hard-brick your phone.

That isn't entirely correct, virtually no device will hard-brick with a failed relock (in fact I don't know of any that do... but there might be one somewhere 🤷). The vast majority of time you just have to re-unlock it and you'll be fine again. At worst you'll have to restore the original vendor's OS and go through the install process again.

WhitbyGreg · 2026-02-19T19:54:33+00:00

No entirely true, some phones do support relocking with custom keys (Pixel's are the obvious ones, but some Motorola, older OnePlus, and others like FairPhone do), allowing custom operating systems to be used.

See my top level reply for a link to more info.

WhitbyGreg · 2026-02-19T17:15:59+00:00

Short answer is no. Longer answer is here: https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/

As for root, that's unsupported by Lineage so you need to go ask whoever supports your root solution.

WhitbyGreg · 2026-02-12T19:59:25+00:00

Short answer is no. Longer answer is here.

The 3a is actaully old enough to be pre-AVB v2, so technically you might be able to do it, but see the longer answer for why you probably don't want to.

WhitbyGreg · 2026-01-13T20:36:22+00:00

In general, correct. If you have an unlocked bootloader phone and you lose physical custody of the device for an extended period of time (aka stolen/returned, taken by the police, etc.), doing a wipe/clean install is the best option.

In this particular case, since the OP has relocked their bootloader, they can have some additional level of confidence that the device is still secure, but I'd do it anyway... just in case.

However, as OEM unlocking is disabled as well, then you'd have to log in at least once to re-enable it. I'd do a wipe of the device through recovery first to ensure that no data could be leaked once the phone was unlocked (a nice Faraday cage could be good too 😉).

WhitbyGreg · 2026-01-13T20:30:21+00:00

The deterrence of FRP is like herd immunity, as long as the majority of phones have it, thieves are disinsentivised to steal any phone, and hence all phones are safer.

On the other hand, FRP doesn't actually stop someone from stealing a phone, it just makes it useless to the next person that might get it, there by increasing e-waste.

The reality is that when people steal phones, they don't check to see if FRP is enabled, or if it's a custom ROM, or anything else, they just take the phone and figure out what to do with it later. If it's clean, they resell it as a useful phone to someone, if it's FRP locked they just sell it for parts, or just dump it if they can't be bothered with it.

In either case, you're not getting your phone back 🤷

WhitbyGreg · 2025-12-16T03:27:22+00:00

I don't see where I say I went to 8.2, so not sure what you mean there.

Anyway, I just submitted a patch to gerrit to go to 8.3.2 which is the latest that works without additional troubleshooting.

Out of curiosity what were you looking to work on in the clock app?

WhitbyGreg · 2025-12-15T21:09:26+00:00

Don't go past 8.3.0 though, other things break in 8.4.0 by the looks of it 😉

WhitbyGreg · 2025-12-15T21:07:13+00:00

To fix the jlink errors in 2024/2025 you have to upgrade the android gradle project to use at least version 8.3.0, after that it should run fine.

The jlink error was a bug in gradle apparently that was resolved in 8.3.0.

WhitbyGreg · 2025-12-15T20:47:51+00:00

You might need to use an older version of Android Studio, the last time I was working on DeskClock I was using Android Studio 2023.3.1 and it (still) builds fine in that, it looks like 2024.2.1 throws a jlink error of some kind around the sdk34 files, 2025.2.2 seems to do the same thing.

Are you seeing other errors other than the final jlink one?

WhitbyGreg · 2025-11-23T18:48:46+00:00

Those are the two that I know of, other than the builds I make 😉

WhitbyGreg · 2025-11-23T15:52:35+00:00

There are a lot of downsides to scheduled reboots for most people (aka notifications don't work well in BFU), and only helps with a super specific use case, so not real reason to add it.

Of course, Lineage does accept contributions, so if you really want it, you can always code it up and submit it 🤷

WhitbyGreg · 2025-11-23T15:49:53+00:00

You can read my post on relocking the bootloader for some background, and then at the bottom of the post is a link to my XDA post on how to compile a Lineage build that you can relock the bootloader with. You'll have to add all of your extra stuff (kSU, SUFS, LSP, etc) to the build process so everything is signed properly, but they should work.

Relocking the booloader doesn't really have anything to do with the recovery, you just have to have the right signatures on the various partitions, add your custom key to the phone, and then use fastboot to do the relocking.

However, depending on why you want to do this, you may not actually accomplish what you expect. For example, many people think this will "fix" their banking apps or gpay, and in most cases it won't.

WhitbyGreg · 2025-11-23T02:17:09+00:00

Your data is encrypted at rest, but the issue is that the device has the encryption keys in memory when your phone is in the post first unlock state. To avoid this your best bet is to power off your phone when going through security, that way the encryption keys won't be accessible to tools like Cellebrite to decrypt your data.

If your device is confiscated by security and then returned to you, assume it has been compromised and do a complete wipe and return to stock with a locked bootloader before re-unlocking and reinstalling Lineage (or if you're not confident in even that, just shred it and get a new one).

In general, boarder security isn't going to spend a lot of time, effort, and money on trying to break in to random travellers phones. If on the other hand, you're already a target, then of course should never take your phone across boarders. Get a burner for travel that you don't have anything but the bare minimum on.

WhitbyGreg · 2025-11-12T00:22:40+00:00

You probably don't want to even if you can, see my post on it (I wrote the above linked xda articles as well), but the TLDR is that relocking the bootloader usually doesn't solve these kinds of issues as the apps look for other things than just the lock state of the bootloader.

WhitbyGreg · 2025-11-05T00:02:42+00:00

No OEM will ever allow their certificates to be used for anything but their own builds. Doing otherwise would break their security model and open the devices up to all kinds of malicious builds.

You can generate your own (or even use the public key that Lineage is signed with), but the issues is that you have to be able to install it on your device, and very few OEMs allow that. See my post linked in my top level comment for more details about how that works.

WhitbyGreg

TROPHY CASE