Moto G32 Locking issue

FonkyKoala · April 14, 2025, 2:04pm

Hi iodeOS community,

I need some help concerning the Bootloader Lock on my Moto G32 mobile(XT2235-2).

I successfully maanaged to install iodéOS 6.2 ROM through the flash_all.bat.

When I lock the bootloader (Last installation step), iodéOS boot is prevented, and following message appear on the screen :

No valid operating system could be found. The device will not boot. For more information visit our support forums: support.motorola.com

When I go back into Fastboot, unlock the bootloader again and restart, iodéOS is correctly launched.

However, I would like to properly lock the bootloader.

Did someone has an idea about the reason and the way to lock the bootloader ?

Thanks and regards,

FK

FonkyKoala · April 14, 2025, 8:11pm

Just to add a precision, I suspect that my issue is linked to this Warning during installation :

(bootloader) WARNING : vbmeta_a anti rollbck downgrade, 23 vs 24

After some research on other forum, this anti rollback mecanism doesn’t seem easy to solve.

Did anyone face this issue ?

Thanks !

rik · April 15, 2025, 12:37am

Sorry not a Moto user (well not since a Moto G6), but do you (or others) know for certain it is possible to re-lock the bootloader with a custom ROM installed? Some manufacturers allow the bootloader to be unlocked but not relocked, etc.

iodysseus · April 15, 2025, 4:17am

@FonkyKoala
(re)locking the bootloader with iodè OS works perfectly for me with my three Motorola G32, G42, G52.

It is important that Moto firmware works properly. For example, a pending stock Android OTA update registered in the device must also be fully completed, otherwise the relocking bootloader with iodéOS will be blocked.

FonkyKoala · April 15, 2025, 7:15am

Thanks @rik and @iodysseus for your help !

Actually, I personally own a moto g32 on which I’ve already installed a iodéOS and lock the bootloader without any issue.
When ordering a second one for my wife, I encoutered this lock issue.

As suggested by the iodé wiki on the G32 section, I’ve previously updated the stock firmware to the latest (the latest official security update is from March 2025), before flashing iodéOS.
Therefore, concerning the Moto firmware, I was ok.

I’m an android beginner, but as far as I understood, the iodé ROM (like every ROM) comes with a vbmeta.img, which is part of the Verified Boot process. The aims of that is to ensure the integrity of the software that will be launch at startup. (More detail here : Android Verified Boot 2.0)

This “Verified Boot” mechanism includes an anti-roolback protection which prevents the device from being downgrading in term of security feature.
And this is where I face my issue (At least, I guess to) : The vbmeta.img included in the iodéOS 6.2 is not the latest one, compared to the one I’ve officially installed before iodé flashing. And that triggered the anti-rollback protection, and prevent my device bootloader from being locked.

I think there should be a hack that could make possible to downgrade this VBMeta, but I really don’t want to dive into such painful and risky manipulation

As far as I understand, I don’t have any solution to lock the bootloader for now. I must wait for iodéOS team to release a new version (a 6.3 maybe) that includes the latest Verified Boot version.

Is there someone from the iodéOS team that could confirm that, or help ?

And could it be possible to patch the vbmeta.omg/vbmeta_system.img from the 6.2 release to be able to lock the bootloader before waiting the next release ?

(What annoy me, is that locking the bootloader will erase the personal data. And if the backup/restore by SeedVault doesn’t work as expected and lead to a loss of data, I may face serious personal issue )

iodysseus · April 15, 2025, 1:13pm

iodéOS 6.2 (as well as LineageOS 22.1) is based on stock Android 13 (XT2235-2_DEVON_xxxxx_13_T2SNS33.73-22-3-13) March, 2025.

I only know one person who can provide qualified information and a remedy - his majesty @vince31fr lead developer of iodéOS.

FonkyKoala · April 15, 2025, 1:33pm

Thanks very much for this info @iodysseus !
The official ROM that I had on my Moto G32 before flashing iodéOS 6.2 was :

DEVON_G_T2SNS33.73_22_3_13_subsidy_DEFAULT_regulatory_DEFAULT_cid50_CFC

That has been confirmed by the Software Fix v7.2.3.13 software downloaded from Motorola website.

It seems to be more or less the one that you mentionned.

I must have missed something somewhere. But I have very limited knowledge about Android architecture, so I’m navigating in the fog

I also tried to re-flash this official ROM and then lock manually the bootloader in the Fastboot, and it works well.

But when I lock the bootloader with iodéOS flashed, startup message told me that no valid OS is installed, and thus system can’t boot.

That would be great if his majesty @vince31fr could bring us with his lights on this ! (Next time I go to Toulouse, I offer you a fresh bier)

FonkyKoala · April 15, 2025, 1:53pm

I have saved the flash_all.bat logs, if someone can see something…

PS C:\Users\xxx\Documents\Moto g32\iodeos\6.2\iode-6.2-20250407-devon-fastboot> .\flash-all.bat
Erasing 'avb_custom_key'                           OKAY [  0.014s]
Finished. Total time: 0.020s
Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 1032).
Sending 'avb_custom_key' (1 KB)                    OKAY [  0.001s]
Writing 'avb_custom_key'                           OKAY [  0.014s]
Finished. Total time: 0.029s
Warning: userdata type is raw, but f2fs was requested for formatting.

    F2FS-tools: mkfs.f2fs Ver: 1.16.0 (2023-04-11)

Info: Debug level = 1
Info: Trim is disabled
Info: Set conf for android
Info: Enable Project quota
Info: Segments per section = 1
Info: Sections per zone = 1
Info: sector size = 512
Info: total sectors = 230928344 (112757 MB)
Info: zone aligned segment0 blkaddr: 512
Info: add quota type = 0 => 4
Info: add quota type = 1 => 5
Info: add quota type = 2 => 6
Info: format version with
  ""
[f2fs_init_sit_area: 641]       Filling sit area at offset 0x00600000
[f2fs_init_nat_area: 675]       Filling nat area at offset 0x01200000
[f2fs_add_default_dentry_root:1258]     Writing default dentry root, at offset 0x1d800
[f2fs_write_root_inode:1303]    Writing root inode (hot node), offset 0x1d200
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d801 (1/2)
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d802 (2/2)
[f2fs_write_qf_inode:1441]      Writing quota inode (hot node), offset 0x1d201
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d803 (1/2)
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d804 (2/2)
[f2fs_write_qf_inode:1441]      Writing quota inode (hot node), offset 0x1d202
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d805 (1/2)
[f2fs_write_default_quota:1390]         Writing quota data, at offset 0001d806 (2/2)
[f2fs_write_qf_inode:1441]      Writing quota inode (hot node), offset 0x1d203
[f2fs_update_nat_default:1478]  Writing nat root, at offset 0x00001200
Info: Overprovision ratio = 0.430%
Info: Overprovision segments = 246 (GC reserved = 239)
[f2fs_write_check_point_pack: 857]      Writing main segments, cp at offset 0x00000200
[f2fs_write_check_point_pack: 945]      Writing Segment summary for HOT/WARM/COLD_DATA, at offset 0x00000201
[f2fs_write_check_point_pack: 959]      Writing Segment summary for HOT_NODE, at offset 0x00000202
[f2fs_write_check_point_pack: 971]      Writing Segment summary for WARM_NODE, at offset 0x00000203
[f2fs_write_check_point_pack: 982]      Writing Segment summary for COLD_NODE, at offset 0x00000204
[f2fs_write_check_point_pack: 990]      Writing cp page2, at offset 0x00000205
[f2fs_write_check_point_pack:1010]      Writing NAT bits pages, at offset 0x000003fe
[f2fs_write_check_point_pack:1031]      Writing cp page 1 of checkpoint pack 2, at offset 0x00000400
[f2fs_write_check_point_pack:1050]      Writing cp page 2 of checkpoint pack 2, at offset 0x00000405
[f2fs_write_super_block:1083]   Writing super block, at offset 0x00000000
Info: format successful
Warning: skip copying userdata image avb footer due to sparse image.
Sending 'userdata' (97 KB)                         OKAY [  0.004s]
Writing 'userdata'                                 (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
Warning: skip copying modem_a image avb footer due to sparse image.
Sending 'modem_a' (75544 KB)                       OKAY [  1.732s]
Writing 'modem_a'                                  OKAY [  0.395s]
Finished. Total time: 2.145s
--------------------------------------------
Bootloader Version...: MBM-3.0-devon_g-8847829342a-250214
Baseband Version.....: HAK11_15.154.01.89R DEVON_EUDSDS_CUST
Serial Number........: ZY22H3G5G3
--------------------------------------------
extracting android-info.txt (0 MB) to RAM...
Checking 'product'                                 OKAY [  0.000s]
Setting current slot to 'a'                        OKAY [  0.201s]
extracting fastboot-info.txt (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to disk... took 0.000s
(bootloader) super-partition-name: not found
Writable partitions are not supported
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting super_empty.img (0 MB) to RAM...
extracting boot.img (96 MB) to disk... took 0.248s
archive does not contain 'boot.sig'
extracting super_empty.img (0 MB) to RAM...
Sending 'boot_a' (98304 KB)                        OKAY [  2.873s]
Writing 'boot_a'                                   OKAY [  1.160s]
extracting super_empty.img (0 MB) to RAM...
extracting dtbo.img (24 MB) to disk... took 0.043s
archive does not contain 'dtbo.sig'
extracting super_empty.img (0 MB) to RAM...
Sending 'dtbo_a' (24576 KB)                        OKAY [  0.768s]
Writing 'dtbo_a'                                   OKAY [  0.090s]
extracting super_empty.img (0 MB) to RAM...
extracting vendor_boot.img (96 MB) to disk... took 0.170s
archive does not contain 'vendor_boot.sig'
extracting super_empty.img (0 MB) to RAM...
Sending 'vendor_boot_a' (98304 KB)                 OKAY [  2.673s]
Writing 'vendor_boot_a'                            OKAY [  0.380s]
extracting super_empty.img (0 MB) to RAM...
extracting vbmeta.img (0 MB) to disk... took 0.003s
archive does not contain 'vbmeta.sig'
extracting super_empty.img (0 MB) to RAM...
Sending 'vbmeta_a' (8 KB)                          OKAY [  0.001s]
Writing 'vbmeta_a'                                 (bootloader) WARNING: vbmeta_a anti rollback downgrade, 23 vs 24
OKAY [  0.008s]
extracting super_empty.img (0 MB) to RAM...
extracting vbmeta_system.img (0 MB) to disk... took 0.000s
archive does not contain 'vbmeta_system.sig'
extracting super_empty.img (0 MB) to RAM...
Sending 'vbmeta_system_a' (4 KB)                   OKAY [  0.001s]
Writing 'vbmeta_system_a'                          (bootloader) WARNING: vbmeta_system_a anti rollback downgrade, 23 vs 24
OKAY [  0.007s]
Rebooting into fastboot                            OKAY [  0.000s]
< waiting for any device >
extracting super_empty.img (0 MB) to disk... took 0.002s
Sending 'super' (4 KB)                             OKAY [  0.001s]
Updating super partition                           OKAY [  0.012s]
Resizing 'system_a'                                OKAY [  0.005s]
Resizing 'system_ext_a'                            OKAY [  0.005s]
Resizing 'product_a'                               OKAY [  0.005s]
Resizing 'vendor_a'                                OKAY [  0.004s]
extracting super_empty.img (0 MB) to RAM...
extracting system.img (900 MB) to disk... took 3.586s
archive does not contain 'system.sig'
Resizing 'system_a'                                OKAY [  0.005s]
Sending sparse 'system_a' 1/4 (262092 KB)          OKAY [  7.921s]
Writing 'system_a'                                 OKAY [  0.615s]
Sending sparse 'system_a' 2/4 (262052 KB)          OKAY [  8.314s]
Writing 'system_a'                                 OKAY [  0.599s]
Sending sparse 'system_a' 3/4 (262092 KB)          OKAY [  8.176s]
Writing 'system_a'                                 OKAY [  0.639s]
Sending sparse 'system_a' 4/4 (132232 KB)          OKAY [  3.732s]
Writing 'system_a'                                 OKAY [  0.404s]
extracting super_empty.img (0 MB) to RAM...
extracting system_ext.img (444 MB) to disk... took 1.869s
archive does not contain 'system_ext.sig'
Resizing 'system_ext_a'                            OKAY [  0.005s]
Sending sparse 'system_ext_a' 1/2 (260462 KB)      OKAY [  7.969s]
Writing 'system_ext_a'                             OKAY [  1.089s]
Sending sparse 'system_ext_a' 2/2 (191652 KB)      OKAY [  5.782s]
Writing 'system_ext_a'                             OKAY [  0.526s]
extracting super_empty.img (0 MB) to RAM...
extracting product.img (1076 MB) to disk... took 6.821s
archive does not contain 'product.sig'
Resizing 'product_a'                               OKAY [  0.005s]
Sending sparse 'product_a' 1/5 (262036 KB)         OKAY [  8.194s]
Writing 'product_a'                                OKAY [  0.642s]
Sending sparse 'product_a' 2/5 (262108 KB)         OKAY [  8.122s]
Writing 'product_a'                                OKAY [  0.599s]
Sending sparse 'product_a' 3/5 (262044 KB)         OKAY [  8.198s]
Writing 'product_a'                                OKAY [  0.612s]
Sending sparse 'product_a' 4/5 (262120 KB)         OKAY [  8.194s]
Writing 'product_a'                                OKAY [  0.619s]
Sending sparse 'product_a' 5/5 (49612 KB)          OKAY [  1.574s]
Writing 'product_a'                                OKAY [  0.187s]
extracting super_empty.img (0 MB) to RAM...
extracting vendor.img (481 MB) to disk... took 1.895s
archive does not contain 'vendor.sig'
Resizing 'vendor_a'                                OKAY [  0.005s]
Sending sparse 'vendor_a' 1/2 (261897 KB)          OKAY [  8.240s]
Writing 'vendor_a'                                 OKAY [  0.685s]
Sending sparse 'vendor_a' 2/2 (229208 KB)          OKAY [  6.681s]
Writing 'vendor_a'                                 OKAY [  0.559s]
Finished. Total time: 147.074s
Erasing 'userdata'                                 OKAY [  0.267s]
Finished. Total time: 0.282s
is-userspace: yes
Sending 'abl_a' (332 KB)                           OKAY [  0.008s]
Writing 'abl_a'                                    OKAY [  0.006s]
Finished. Total time: 0.037s
Warning: skip copying bluetooth_a image avb footer due to sparse image.
Sending 'bluetooth_a' (792 KB)                     OKAY [  0.020s]
Writing 'bluetooth_a'                              OKAY [  0.008s]
Finished. Total time: 0.047s
Sending 'devcfg_a' (123 KB)                        OKAY [  0.004s]
Writing 'devcfg_a'                                 OKAY [  0.007s]
Finished. Total time: 0.029s
Sending 'dsp_a' (32768 KB)                         OKAY [  0.962s]
Writing 'dsp_a'                                    OKAY [  0.080s]
Finished. Total time: 1.124s
Warning: skip copying fsg image avb footer (fsg partition size: 0, fsg image size: 18464768).
Sending 'fsg' (18032 KB)                           OKAY [  0.431s]
Writing 'fsg'                                      FAILED (remote: 'No such file or directory')
fastboot: error: Command failed
Sending 'hyp_a' (507 KB)                           OKAY [  0.013s]
Writing 'hyp_a'                                    OKAY [  0.012s]
Finished. Total time: 0.050s
Sending 'keymaster_a' (507 KB)                     OKAY [  0.013s]
Writing 'keymaster_a'                              OKAY [  0.009s]
Finished. Total time: 0.042s
Sending 'logo_a' (10544 KB)                        OKAY [  0.269s]
Writing 'logo_a'                                   OKAY [  0.030s]
Finished. Total time: 0.348s
Sending 'prov_a' (251 KB)                          OKAY [  0.008s]
Writing 'prov_a'                                   OKAY [  0.005s]
Finished. Total time: 0.047s
Sending 'qupfw_a' (75 KB)                          OKAY [  0.002s]
Writing 'qupfw_a'                                  OKAY [  0.004s]
Finished. Total time: 0.023s
Sending 'rpm_a' (507 KB)                           OKAY [  0.013s]
Writing 'rpm_a'                                    OKAY [  0.007s]
Finished. Total time: 0.041s
Sending 'storsec_a' (123 KB)                       OKAY [  0.004s]
Writing 'storsec_a'                                OKAY [  0.005s]
Finished. Total time: 0.026s
Sending 'tz_a' (4091 KB)                           OKAY [  0.104s]
Writing 'tz_a'                                     OKAY [  0.021s]
Finished. Total time: 0.170s
Sending 'uefisecapp_a' (2043 KB)                   OKAY [  0.055s]
Writing 'uefisecapp_a'                             OKAY [  0.016s]
Finished. Total time: 0.102s
Sending 'xbl_config_a' (251 KB)                    OKAY [  0.007s]
Writing 'xbl_config_a'                             OKAY [  0.010s]
Finished. Total time: 0.034s
Sending 'xbl_a' (5115 KB)                          OKAY [  0.132s]
Writing 'xbl_a'                                    OKAY [  0.037s]
Finished. Total time: 0.215s
Rebooting into bootloader                          OKAY [  0.000s]
Finished. Total time: 0.004s
< waiting for any device >
FAILED (remote: '')
fastboot: error: Command failed
Press any key to exit...

Last command (fastboot oem lock) failed because I didn’t choose to lock the bootloader. (I sent the command manually in fastboot mode).