Moritz Meißelbach

Risk Register

Written by

in

All known risks, categorised by severity. Review before any destructive operation. Source: docs/risks.md.

🔴 Critical — Potential Hard Brick or Data Loss

ID	Risk	Trigger	Mitigation
R01	Flash wrong bootloader (XBL/ABL)	Copying NA2 `xbl.elf`/`abl.elf` to NA1	Never flash XBL or ABL from NA2 onto NA1. A UFS bootloader on eMMC hardware = permanent brick.
R01b	Flash custom XBL	Any XBL modification	Never touch the `xbl` partition. ABL failure is recoverable via EDL. XBL failure = hard brick with no recovery.
R02	EDL 900E — no recovery loader	Device fully unresponsive in 900E	EDL 9008 is the only recovery. Keep a working OS. Never flash `boot` without a verified backup.
R03	Flash during low battery	Device powers off mid-write	Installer checks battery ≥ 40%. Do not flash manually on low battery.
R04	Wrong programmer in EDL	Using NA2 UFS programmer on NA1 eMMC	NA1 = `prog_emmc_ufs_firehose_Sdm636_ddr.elf`. NA2 = UFS programmer. Never mix.
R12	ABL crash → no 9008, only battery-drain recovery	ABL uses unmapped MMIO, bad pointer, etc.	v2.0 incident: Raw `MmioRead32(0x03069004)` caused data abort → device bricked. Recovery required full battery drain + cold-boot PBL 9008. Never use raw MMIO without GCD memory mapping. Always identify last known-good ABL before flashing a new version.

🟠 High — Functionality Loss, Requires Recovery

ID	Risk	Trigger	Mitigation
R05	Partition size mismatch	NA2 image larger than NA1 partition	Always check image size vs. partition size from Phase 01 before flashing.
R06	Incorrect fstab block paths	Booting NA2 system with UFS paths on eMMC	Phase 05 core task. Never flash un-patched system/vendor from NA2.
R07	Incremental OTA on rooted device	Update via OTA while rooted	Use only full firmware images. Block OTA in AFWall+ during development.
R08	Accidental userdata wipe	Wrong option in recovery	TWRP on e-ink is confusing. Proceed slowly and confirm each action.

🟡 Medium — Degraded Functionality

ID	Risk	Trigger	Mitigation
R09	Loss of root after firmware flash	Full OTA update	Expected behaviour. Re-root using Phase 02 procedure.
R10	Onyx telemetry during testing	Unblocked network	Install AFWall+ immediately after rooting.
R11	GPL compliance issues	Publishing firmware with Onyx kernel binary	Do not redistribute modified `boot.img` binaries in a way that implies GPL compliance.

🚨 Emergency Recovery Procedures

EDL 9008 — Boot Partition Restore

# 1. Trigger EDL 9008 (software, from Android)
adb reboot edl

# 2. Restore pristine boot partition
python edl.py --loader=prog_emmc_ufs_firehose_Sdm636_ddr.elf 
  w boot builds/backup-YYYY-MM-DD-pristine/boot.img

# 3. Reboot
python edl.py --loader=prog_emmc_ufs_firehose_Sdm636_ddr.elf reset

FDE RoT Mismatch — No EDL Required

If the device boots to the FDE password prompt but no password works (RoT changed due to ABL swap):

Enter any wrong password repeatedly at the FDE prompt (~30 times).
At ~7 remaining attempts: warning appears.
After ~30 total: “Encryption unsuccessful” screen → tap factory reset.
Device wipes userdata and re-encrypts under the current ABL’s RoT. Only userdata is lost — system and ABL preserved.

More posts