Samsung KNOX: Mobile Security & Warranty Void Behavior
Samsung KNOX™ is the comprehensive enterprise mobile solution for work and play. With the increasing use of smartphones in businesses, Samsung KNOX addresses the mobile security needs of enterprise IT without invading the privacy of its employees.
Warranty Void Behavior
As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.
As for now, there is no way to reset that flag from 0x1 to 0x0.
Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.
Conclusions and Facts about KNOX-enabled firmwares
Based on statements from Chainfire's post and it's comments above:
- Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1, even though some people state, downgrade is possible when omitting the bootloader file in a firmware package).
- Even if you flash a KNOX-enabled firmware via Odin (e.g. the latest firmware) KNOX will be set to 0x1.
- Flashing unsigned or modified images via Odin will set KNOX to 0x1.
- Samsung stated, resetting the flag is impossible.
- KNOX is mandatory and can not be completely removed.
- Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so.
- Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an un-functional device (reversible by restoring the 0x1 partitions on the phone).
- KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works.[/B]