Those wondering why they cannot unlock their Pixel 6a currently, you (most likely) need to wait for Google's servers to begin authenticating Pixel 6a OEM unlocking. Hopefully should happen soon!
Conversation
Replying to
Wait, OEM unlocking in Pixel is tied to online service? I thought it was a local process in Pixel unlike other OEMs that issue unlock key for your device.
1
It checks the service to determine if the Pixel is unlocked. Hardware, firmware and software is identical across all Pixels whether or not they're locked by carriers. That's the point of the service. It allows the same hardware to be sold as unlocked or as locked carrier devices.
1
5
Where does this OEM Unlocking enabled/disabled byte is stored? I'm guessing, in Titan M so that the user cannot physically tamper with the byte?
1
Stored in the OEM lock data block which is backed by Titan M on Pixels just like lock state, verified boot rollback indexes for the OS, user flashed verified boot key, Weaver tokens used as an extra input for encryption for throttling, factory reset protection data block, etc.
2
1
4
On Pixel 2, before the Titan M, Weaver was the only part of that provided by the secure element.
OEM lock state, lock state, rollback indexes, user vboot key, etc. were stored with RPMB (Replay Protected Memory Block) feature of Qualcomm's TEE (TrustZone) implementation (QSEE).
1
3
OEM unlocking was introduced as part of implement anti-theft (factory reset protection). Gating whether it can be toggled based on the seller of the phone allowing it was added later to avoid needing actual carrier variants of Pixels. It's not why the feature exists at all.
Google doesn't care about the carrier bootloader locking being secure and they implement that purely as a UI feature in the Settings app. The Settings app in the stock OS checks if OEM unlocking is allowed and only allows toggling it on if the service says that it's allowed.
1
2
OEM unlocking being disabled on Pixels locked by carriers is purely a UI layer thing in the developer options menu. Even for the earlier system of marking Pixels with a carrierid in factory, it was entirely enforced in the UI and the firmware has never checked / enforced that.
2