How to Bypass Verified Boot is Enabled Error in SP Flash Tool

When it comes to flashing firmware files on MediaTek devices, it’s not that easy for normal users because OEM offers officially signed image files via Download Agent (DA). So, users may encounter a ‘Verified boot is enabled’ error in the SP Flash Tool while trying to flash firmware to protected partitions on Secure Boot Devices. If you’re also a victim, you can follow this guide on How to Bypass Verified Boot is Enabled Error in SP Flash Tool.

To be precise, the particular error message may look like the following:

“Verified boot is enabled
Please, download signed image (*-verified.img) or disable verified boot”

Now, if you can’t understand it, here * is the partition name which could be rct, md1, vbmeta, system, laf, opporeserve, etc according to your device model or manufacturer. The Secure Boot feature on Mediatek devices basically doesn’t allow any tool to read or write any file on the device without a custom DA file loaded to the tool. Therefore, secure boot devices may throw out a bunch of errors while trying to flash directly.

How to Bypass Verified Boot is Enabled Error in SP Flash Tool

How to Bypass Verified Boot is Enabled Error in SP Flash Tool

Luckily, here we’ve managed to provide you a full-depth method that should work for you and easily bypass the verified boot is enabled error on your MediaTek secure boot devices using the Smartphone Flash Tool. So, without wasting any more time, let’s jump into it. Make sure to follow all the requirements and downloads properly.


  • Stock Firmware Scatter File for your specific MediaTek model.
  • You’ll require a Windows computer and a USB cable to connect the handset.
  • PGPT [If not found in the firmware then follow this WWR Backup guide]
  • Install Mediatek USB Drivers on the PC.
  • Make sure to charge your device battery sufficiently (more than 50%).
  • Install the SP Flash Tool on your PC.
  • Install a free Hex Editor Tool on the computer.
  • Grab a Notepad++ application and install it on your PC.
  • A Hex Calculator.

Download Links:

Disclaimer: GetDroidTips will not be responsible for any type of bricking/damaging issue to your phone while/after following this guide. You should know what you’re doing. So, do it at your own risk.

Bypass Verified Boot Enabled Error

  • First of all, you’ll need to open the PGPT file in Hex Editor Tool that you’ve found in the firmware file or grabbed from the backup using WWR.
  • Now, scroll down to the last partition where it shows.
  • You can monitor from the strings section on the right. Everything after the last partition will be 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00.
  • So, make sure to click on the end of the row of the last partition to keep your mouse cursor (in the Hex section) or just highlight the first row of zeros.
  • Next, click on Search from the top menu of HexEditor Tool > Click on Replace.
  • Click on the Hex-values tab > Paste 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 in the Search field.
  • Then leave the Replace option blank > Set Search direction to ‘Forward’ > Click on ‘Replace all’.
  • Click on OK if prompted to confirm.
  • Now, you’ll need to wait for a while until the HexEditor Tool removes all the trail 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 after the last partition.
  • Finally, press Ctrl + S keys to Save the modified PGPT file which will be overwritten as the original one.
  • Next, open the Scatter file via the Notepad++ application that you’ve installed. [You can also use the default Notepad application on your PC]
  • For example, if we assume laf_a is occurring the -verified error but we can flash boot_a which is just above laf_a in the scatter file. For reference:
physical_start_addr: 0x20800000
partition_size: 0x2800000

physical_start_addr: 0x23000000
partition_size: 0x2800000
  • Use the Hex Calculator to add the partition size for laf (which is 2800000 because you remove the 0x part) and add it to the partition size for boot_a which is also 2800000.
  • So, it’ll be 2800000 + 2800000 = 5000000 in the Hex Calculator.
  • Then you can change the partition size for boot_a from 0x2800000 to 0x5000000.
  • Remove the laf_a section from the scatter file > Save the scatter file.
  • Now, go back to the HexEditor Tool > Open the boot.img_1064960 file (obtained from file_name: in the boot_a section of the scatter file) and laf.img_1146880 (file name from laf_a section).
  • Select all and copy the Hex contents of laf.img_1146880 then scroll down of boot.img_1064960 and paste Hex contents. This is basically appending laf.img_1146880 to the bottom of boot.img_1064960
  • Save the boot.img_1064960 file with increased file size.
  • Open the SP Flash Tool > Re-load the scatter file in the SP Flash Tool (Laf_a should no longer be on the list).
  • Now, flash using Format all + Download > Go back to the scatter file in Notepad++ and change is_download: false to is_download: true for PGPT.
  • Make sure to change the file name from NONE to the file name of your PGPT.
  • Save and reload the scatter file in the SP Flash Tool. Now, you’ll be able to see the PGPT file on the list in the SP Flash Tool.
  • Then you’ll have to flash only PGPT using the Download Only mode.
  • Now, you can boot up the MediaTek device as the -verified partition flashed.
  • You’re now good to go to flash firmware files via SP Flash Tool.

Please Note:

1. This technique can be used to flash multiple consecutive partitions (as they appear in the scatter file), you just need to add all their partition sizes to that of the top flashable partition then remove them from the scatter file

2. To use format all + download, all displayed partitions must-have files attached to them so hide any you don’t have a file for by setting is_download: false for that partition in the scatter file

3. Some models require preloaders to be ticked and loaded for all operations in the SP Flash Tool.

You can follow this YouTube tutorial as well if you’re facing any issues or can’t understand what to do next.

That’s it, guys. We assume this guide was helpful to you. For further queries, you can comment below.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.