Session 15 — 2026-03-26a
| Field | Value |
|---|---|
| Date | 2026-03-26 |
| Phase | 03a — Custom UEFI ABL |
| Duration | ~2 h |
What Happened
- Built v1.3 with three changes:
VBSendRot()call added,EnableDisplayMenu=FALSE, andoem reboot-edlfastboot command handler - Factory reset performed to clear corrupted FDE/FBE keymaster state from previous experiments
- v1.3 boots Android successfully — no FDE loop, no AVB failure
- Confirmed EDL one-write-per-Sahara-session rule: after flashing one partition in a 9008 session, PBL closes the Sahara channel; a second flash in the same session silently fails or causes corruption
- Removed dead v1.2 cmdline injection code from source
Key Findings
EDL One-Write-Per-Sahara-Session
PBL 9008 Sahara protocol terminates the session after one successful partition write. Attempting a second write in the same session (without power-cycling) results in silent failure or corruption. Always power-cycle between EDL flash operations targeting different partitions.
VBSendRot is required for clean boot
VBSendRot() (Verified Boot Send Rot = Root of Trust) must be called before handing off to the kernel. Without it, the keymaster does not receive the verified boot state and subsequent FDE/FBE operations fail.
EnableDisplayMenu=FALSE
The stock ABL shows a 5-second “press any key to enter fastboot” menu on every boot. Setting EnableDisplayMenu=FALSE suppresses this — the device boots straight to Android without waiting.
ABL v1.3 Change Summary
| Change | Effect |
|---|---|
| +VBSendRot() | FDE/FBE keymaster initialised correctly |
| EnableDisplayMenu=FALSE | No fastboot menu delay on normal boot |
| +oem reboot-edl command | Software EDL trigger via fastboot |
| −v1.2 cmdline injection | Dead code removed; no functional change |