• December 2019
 

[BE AWARE] Anti Rollback Protection is Enabled on Poco F1 MIUI 10.2 Stable ROM

 
 
 

Recently I have got the MIUI 10.2 Stable ROM for my Poco F1 phone based on Android Pie. Things are pretty good such as the new user interface, animations etc are more or less look like iOS now.
But this post is not about the MIUI 10.2 stable ROM features, review etc. rather I want to bring something into notice of people about the anti rollback protection of Android.

Anti Rollback Protection is Enabled on Poco F1 MIUI 10.2 Stable ROM


According to one of the posts on XDA, Android makes it mandatory for OEMs to implement Anti Rollback protection on devices running on Android Pie.
I don’t know if it’s really true or not!

I verified the anti rollback protection on my Google Pixel and Pixel 2 both running on Android Pie which does not have a rollback index on it’s bootloader.
Recently my Poco F1 was updated to MIUI 10.2 Stable version which is based on Android Pie, and surprisingly I found that it has the Anti Rollback index on it’s bootloader.

Well, it’s my bad that I never verified the Poco F1 when it was on Android Oreo based MIUI 9.

What is Rollback Protection on Android:

In short, Rollback protection was enabled on Android Oreo which as the name suggests, will not allow a rollback to a previous version of Android once it is updated to Android Oreo.

Android has something called as Android Verified Boot (AVB), which verifies certain partitions at boot time for integrity and fails to boot if the software on the device is tampered.
Rollback protection is designed to prevent a device to boot if downgraded to an older Android version, which could be vulnerable to some known exploit.

Problem with Rollback Protection on any Xioami Phones:

In a single sentence, Xiaomi hard bricks the device if the bootloader detects that an older Android version is being flashed.

The VBMeta structure (Verified Boot Meta Data Structure) in the vbmeta partition keeps the information of rollback_index which you can think of the current rollback index of the phone.
On the other hand the images which are being flashed has it’s own rollback_index value.
Once a new version of Android (or MIUI) is flashed, the vbmeta rollback_index is incremented.

The bootloader code is written in such a way that if the bootloader’s rollback_index is less than that of the vbmeta structure then it permanently hard bricks the device making it unusable by a user.

Following is what happens based on the rollback_index:

If (current rollback_index < rollback_index of files to be flashed)
- Increment the rollback_index to that of the flashing images and then allow the flashing
else if (current rollback_index = rollback_index of files to be flashed)
- Don't change the rollback_index but allow the flashing
else if (current rollback_index > rollback_index of files to be flashed)
- Block the flashing and lock the device

Should you be worried of this Rollback Protection:

YES, If you are flashing custom ROM and MIUI ROM back on your Xiaomi phone.
NO, If you don't install any custom ROM on your Xiaomi phone or if you never want to come back to MIUI ROM after flashing a custom ROM.

It is always advisable to verify the current rollback_index on your Poco F1 phone (or any other Xiaomi phone for that matter) and the image that you are flashing.

How to know what is the current Rollback index on your Poco F1:

Boot the Poco F1 on fastboot mode.
Turn off the phone. Press and hold the Volume Down button + Power button to boot into fastboot mode.

Execute the following code on a fastboot installed PC:
$ fastboot getvar anti

You will get a result similar to the following:
anti: 1 (my device's current rollback index is 1)

How to know what is the Rollback index of the fastboot ROM you are flashing:

Usually, the MIUI fastboot ROM has a rollback index set in flash_all.bat file inside the flashable images archived file.
You can extract the files and look for the CURRENT_ANTI_VER value in the flash_all.bat file to know what is the index.

Proceed to flash the images only if it greater than your current device's index.

 

About the Author

A Software Engineer by profession who has worked for few big organizations; such as: Broadcom, Cypress Semiconductor, LSI Corporation, Toshiba, Western Digital; on various cutting edge technologies and product lines, such as: RAID storage Driver, SSD firmware, Wi-fi firmware etc. Having more than 8 years of experience in software engineering domain.

   
 

Leave a Reply