Android

Huawei Update that Breaks Magisk Likely Isn’t Intentional, Easy Way to Fix Inside

A recent update to Huawei devices has apparently broken Magisk installations and caused those devices to no longer boot, unless the stock ramdisk image is flashed.

After Huawei and Honor stopped offering bootloader unlock codes for the development community, some saw this as an attempt to force rooted users into flashing their stock image (and therefore being unable to root their devices again), if those users had applied this latest rooted phone breaking update.

What causes rooted devices to bootloop after applying this Huawei patch is apparently a small kernel “fix” included in the patch. This issue was first mentioned on the XDA forums, and further explored by XDA Senior Member Tecalote within the official Magisk Beta XDA forum thread:

Tecalote explains how the kernel patch breaks rooted Huawei devices.

New issue on Huawei Phones – Mate 10, Mate 10 Pro, P9 – Huawei roll out a new OTA called: “patch01”. In the changelog is some fix mentioned (example: mms…) but the main patch is to disable the possibility of Root.

That means: if someone flash Magisk with TWRP, or flash patched_boot.img to ramdisk and reboot the phone, Phone get stuck on the splash screen: “Your device cannot be trusted…”

Only flashing back the original Huawei ramdisk.img helps to boot again to system. But no Root with Magisk is anymore possible.

Downgrade helps (if available, because for some Phones like Mate 10 it is dangerous to downgrade, if the Downgrade Firmware has another Xloader.img… but this is another story)

→ So, for Users of Huawei Phones it is better not to install OTA with Patch01 and disable Systemupdate in /system/app/HwOUC – rename HwOUC.apk to HwOUC.bak

Basically, Tecalote flashed the original boot image, the original recovery, and uninstalled Magisk Manager before taking the update, at which point the phone managed to boot just fine. However, re-flashing Magisk after the update resulted in the phone getting stuck in the “Your device cannot be trusted” splash screen.

The updated Huawei firmware was only able to boot with the original b528 ramdisk image, and this behavior persisted whether or not dm-verify, forced encryption, or Android Verified Boot were disabled, and both Magisk v16.0 and v16.7 have been tested.

Flashing TWRP itself was not an issue as the recovery will flash to its own partition called recovery_ramdisk, but the phone cannot be rooted through flashing anything in TWRP and will subsequently trigger a bootloop if attempted.

So far, there have been several users confirming this behavior so far. It also appears that it is not limited to the Huawei P9, as a user of the Huawei Mate 10 also confirms that the “patch01” OTA update will break a rooted device as well. The scary thing is that its more than likely this update will roll out to a wide range of Huawei devices and Huawei will not do anything about the phone-breaking kernel “fix”, as they pretty much do not support the development community anymore.

As we said earlier, many are seeing this as intentional – and its hard to argue. Huawei stops offering bootloader unlocking codes, then rolls out a update that breaks already rooted phones, so they need to re-flash back to stock image and lose root? Its definitely suspicious, though some are willing to give Huawei the benefit of the doubt (we’re undecided).

Magisk developer topjohnwu also acknowledged the issue on his Twitter account:

So as we said, its hard not to believe this is an intentional update to block Magisk installations and other root methods – and they wouldn’t be the first phone manufacturer to target rooted devices. Sometime last year, LG had included a root checker tool in some of their devices, which intentionally spawned a ton of unnecessary processes on rooted devices, and thus severely degraded the device’s performance if it detected root.

But in Huawei’s defense, it might not be intentional – this really could just be the side-effect of a legitimate kernel patch which inconveniently causes the Magisk-patched ramdisk image to become incompatible. The reason we say this is because after further investigating this issue, some users in the development community were able to come up with a rather easy workaround, and can even get Magisk working on post-patched Huawei devices.

So it seems like the whole “Huawei is preventing rooted devices from booting” controversy is simply an unintentional side effect of a patch rather than an intentional thing. Can be easily worked around if you’ve already updated, too

So of course, we’re unable to say exactly for sure if this was an intentional act by Huawei, or just a side-effect of a legitimate patch. One thing we’re pretty sure of is that they didn’t care or consider how the patch might affect rooted users, or warn anybody about it – why would they, considering they’ve stopped supporting the development community? But maybe we’re just fishing for more reasons to be upset with Huawei after everything.

How can I fix this?

If you’ve already updated your device and want to install Magisk on it, you’ll need to enable the “Preserve AVB 2.0/dm-verity” flag before installing, as Tecalote revealed on the XDA forums forums. You can’t simply flash the latest Magisk zip on TWRP, as said flag is not set automatically on install, but you can manually patch the boot image with Magisk Manager:

  • Download the latest Magisk Manager APK from the official thread, install it on your device and open the app.
  • Make sure that the “Preserve AVB 2.0/dm-verity” checkbox is enabled, and enable it if it’s disabled. If your device is encrypted, also make sure that “Preserve force encryption” is enabled.
  • Tap on the Install button and select the “Patch Boot Image File” option. This will create a Magisk-patched boot image inside the app.
  • Flash the resulting boot image to your device. You can either install it on fastboot mode by moving the file to your computer’s fastboot directory, rebooting your phone to fastboot mode and using the “fastboot flash boot boot.img” command, or simply flashing it with TWRP by going to Install, tapping the “Install image” button and flashing the newly patched boot.img.
  • Reboot to system and open the Magisk Manager app again. If you get a popup asking you if you want to proceed with Magisk’s additional setup, tap Yes.

If you’re already rooted and don’t feel like taking the update, you can still go the old-school way of disabling the OTA manager:

  • Download Solid Explorer, MiXplorer, FX File Explorer, or any other root-enabled file browser from the Google Play Store or XDA Labs.
  • Open the app, accept the terms and conditions, give it permissions, and grant it root access.
  • Go to the root of your storage, and then move to /system/app/HwOUC.
  • Rename HwOUC.apk to HwOUC.bak.
  • Reboot, and you should be good to go.

Leave a Reply

Your email address will not be published.

Close