Huawei rolled out an update which broke Magisk, but it can be easily fixed

By | 8th September 2018

Despite recent troubles in the United States and Australia, Huawei continues to grow their business around the world. The company, which rapidly grew to dominate the Chinese market, now challenges the likes of Apple and Samsung. Their Huawei P20 flagship lineup is a testament to their success, with reviewers largely praising it for its camera, build quality, and features, and they’re bound to make waves again with the Huawei Mate 20. The company’s sub-brand, Honor, offers devices like the Honor Play and the Honor 10 to compete in the mid-range market. It’s because of smartphones like these that many on XDA were fans of Huawei and Honor devices, but as many of you are aware, Huawei decided to stop providing bootloader unlock codes in a surprising anti-consumer move, effectively blocking most development and modding for their phones.

We’ve previously addressed this issue on the Portal, and we’re still heavily disappointed by this decision. Getting a giant like Huawei to reverse their decision or at least come up with a compromise isn’t easy, and while there has been some progress on that front, the situation is still grim for enthusiasts. A recent update made people lose even more faith in the company as the update caused phones that were rooted with Magisk to no longer boot unless the stock ramdisk image was re-flashed. So not only are Huawei and Honor device owners unable to unlock their bootloaders, but those that have already done so became unable to root their devices. Many bashed the company for what seemed like (yet another) anti-enthusiast move, but an investigation into the update reveals that the soft brick is a side-effect of an update and not intentionally done to block Magisk/root. Here’s everything we know about this update.


Huawei’s “Patch01” Update Preventing Magisk-rooted Phones from Booting

This issue was first brought to light, and then further detailed, by XDA Senior Member Tecalote on the official Magisk Beta XDA forum thread. The member stumbled upon this issue on his Huawei P9 after rebranding his device so he could install the official Android Oreo update and then installing a small “bug-fixing” OTA update. The update itself, which is called “patch01”, includes fixes for MMS and gaming, but it also includes a kernel patch which soft bricks Magisk-rooted devices.

According to him, he flashed the original boot image, the original recovery, and uninstalled Magisk Manager before taking the update, at which point the phone managed to boot just fine. However, reflashing Magisk after the update resulted in the phone getting stuck in the “Your device cannot be trusted” splash screen. The updated firmware only booted up with the original b528 ramdisk image. This behavior persisted regardless of whether dm-verity, forced encryption, or Android Verified Boot were disabled, and both Magisk v16.0 and v16.7 have been tested. (Just flashing TWRP was not an issue as the recovery is flashed to its own partition called recovery_ramdisk, but attempting to root the phone afterward would trigger a bootloop.)

So far, there have been several users confirming this behavior so far. It also appears that it is not limited to the Huawei P9, as a user on the Huawei Mate 10 forums is also confirming the same behavior after installing the “patch01” OTA update, which leads us to think that this patch will roll out to all currently supported Huawei/Honor phones. Given Huawei’s recent actions regarding bootloader unlocking, it’s not hard to see why people believe this update was rolled out to intentionally block rooting. XDA Recognized Developer / Recognized Contributor topjohnwu, the main developer behind Magisk, initially acknowledged the issue on his Twitter account.

Tecalote himself, as well as several Huawei users and developers, took on the task to investigate the issue thoroughly during the past few days and managed to figure out a solution.

Why is this being done?

Initial evidence (and highly rushed speculation, rumors, and articles/discussion) led users to believe that this update was pushed out with the sole purpose of locking out rooted users from the device. After all, Huawei has recently taken a hostile approach to bootloader unlocking. This wouldn’t be the first time that a phone manufacturer went after rooted phones, either: Last year, we reported that LG included a root checker tool that would go haywire when it detected root. And of course, we also have the many cases of manufacturers and carriers blocking bootloader unlocking to prevent users from messing with their phones, where we’re also including Huawei since recently.

However, further research by XDA Senior Member Tecalote and other users has revealed that this isn’t necessarily a case of Huawei cracking down on rooted users. Rather, it’s more likely that we’re dealing with an unintended side effect of a kernel patch which caused the Magisk-patched ramdisk image to be incompatible and preventing phones from booting. Furthermore, users can easily work around the issue to get Magisk working just fine on patched phones.

At the end of the day, we can’t tell for sure whether this was intentional or not, as Huawei’s exact intentions are not known. We don’t see a justifiable reason why this update, if indeed intentionally done to block rooted users, exists at all because the affected users have already jumped through hoops to get their bootloaders unlocked. But given recent research and context around the subject, and the fact that you can still install Magisk after the update, we don’t believe this was intentional at all.

How can I fix this?

If you’ve already updated your device and want to install Magisk on it, you’ll need to enable the “Preserve AVB 2.0/dm-verity” flag before installing, as Tecalote revealed on our forums. You can’t simply flash the latest Magisk zip on TWRP, as said flag is not set automatically on install, but you can manually patch the boot image with Magisk Manager:

  1. Download the latest Magisk Manager APK from the official thread, install it on your device and open the app.
  2. Make sure that the “Preserve AVB 2.0/dm-verity” checkbox is enabled, and enable it if it’s disabled. If your device is encrypted, also make sure that “Preserve force encryption” is enabled.
  3. Tap on the Install button and select the “Patch Boot Image File” option. This will create a Magisk-patched boot image inside the app.
  4. Flash the resulting boot image to your device. You can either install it on fastboot mode by moving the file to your computer’s fastboot directory, rebooting your phone to fastboot mode and using the “fastboot flash boot boot.img” command, or simply flashing it with TWRP by going to Install, tapping the “Install image” button and flashing the newly patched boot.img.
  5. Reboot to system and open the Magisk Manager app again. If you get a popup asking you if you want to proceed with Magisk’s additional setup, tap Yes.
  6. Enjoy!

If you’re already rooted and don’t feel like taking the update, you can still go the old-school way of disabling the OTA manager:

  1. Download Solid Explorer, MiXplorer, FX File Explorer, or any other root-enabled file browser from the Google Play Store or XDA Labs.
  2. Open the app, accept the terms and conditions, give it permissions, and grant it root access.
  3. Go to the root of your storage, and then move to /system/app/HwOUC.
  4. Rename HwOUC.apk to HwOUC.bak.
  5. Reboot, and you should be good to go.

Solid Explorer File Manager (Free+, Google Play) →

FX File Explorer: No ads, No tracking, No nonsense (Free+, Google Play) →

MiXplorer (Free, XDA Labs) →

If you’re running a custom ROM thanks to Project Treble support, then you should be safe from this, as this feature should only affect Huawei’s own EMUI software.

If you had in mind rolling back from the “Patch01” update if you’ve already updated, we highly discourage doing so: Some updates may have a different XLoader (such as some updates on the Huawei Mate 10), and you run the risk of permanently bricking your device if you flash an incompatible XLoader. Additionally, a workaround for Magisk was already found. Downgrading is not for the faint of heart, so if you really want to do it and acknowledge the risk, we advise you to search our forums for a working downgrade method for your device.


The Bottom Line

Blocking bootloader unlocking and having policies against root access is something we can live with, even if we don’t agree with those policies. But actively blocking rooted users who have already unlocked their bootloaders, and intentionally bricking their phones with an update? There’s no good reason for that, and it’s, at least in our opinion, too unnecessary of a stretch, especially given that rooted users make up a negligible number of Huawei’s massive global user base. We do understand why users would think that Huawei is blocking root, though, but we really don’t think it’s the case here.

Rooting should not be seen as akin to piracy, hacking, or any cybercrime. A rooted Android smartphone is pretty much comparable to a Windows computer with admin permissions… or a Linux PC with superuser access. Those who choose to root their devices are fully aware of the security risks involved with rooting and are just looking for ways to get additional capabilities on the devices they spent a lot of money to own.

While we don’t think this is an intentional change, we did reach out to Huawei for clarification and will update this article accordingly if we hear back. It’s still not the wisest choice to buy a Huawei/Honor device if you’re really interested in rooting/using ROMs: as we mentioned before, they are still not providing bootloader unlock codes. But in the meantime, if you’ve already updated, simply follow the steps above to get root back.