Android Upgrades, Custom ROMs (LineageOS), & Kernels

LineageOS & AVB: A Step-by-Step Guide to Bypassing Verity for Custom Kernel Flashing

By Antigravity Research Published May 30, 2026 ⏱️ 7 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: Navigating Android Verified Boot (AVB) and dm-verity

For enthusiasts eager to unlock the full potential of their Android devices, custom kernels represent a significant leap. They offer enhanced performance, better battery life, and access to advanced features not available in stock configurations. However, modern Android, especially devices running LineageOS or other AOSP-based ROMs, is protected by robust security measures like Android Verified Boot (AVB) and dm-verity. These features, while crucial for user security and device integrity, often stand as formidable barriers to flashing custom kernels.

This comprehensive guide will walk you through the process of safely bypassing AVB and dm-verity on your LineageOS device to successfully flash a custom kernel. We’ll cover the underlying concepts, essential prerequisites, and a detailed step-by-step procedure, complete with necessary commands and troubleshooting tips.

What are Android Verified Boot (AVB) and dm-verity?

Android Verified Boot (AVB) is Google’s implementation of a chain of trust, ensuring that all executed code from the bootloader to the system partition comes from a trusted source (usually the device manufacturer). It verifies cryptographic signatures of partitions like boot, system, and vendor at boot time.

dm-verity (device mapper integrity verifier) works hand-in-hand with AVB. It’s a kernel feature that provides transparent integrity checking of block devices. Essentially, it ensures that your system partitions haven’t been tampered with since the last verified boot, preventing malicious modifications from gaining persistence. Any unauthorized modification detected by dm-verity will prevent the system from booting or force a warning.

While these mechanisms are vital for protecting against malware and ensuring a secure user experience, they consider a custom kernel as an “unauthorized modification.” Therefore, to flash and boot a custom kernel, we must explicitly tell the bootloader to ignore these verification checks for specific partitions.

Preparation is Key: Prerequisites and Backups

Before embarking on this journey, ensure you have all the necessary tools and safeguards in place. Skipping any of these steps can lead to a soft-bricked device, requiring a full reflash.

Essential Prerequisites:

  • Unlocked Bootloader: Your device’s bootloader must be officially unlocked. This is typically done through a manufacturer’s tool (e.g., Xiaomi’s Mi Unlock, OnePlus unlock tool) and usually wipes your device data.
  • ADB and Fastboot Tools: Ensure you have the latest Android Debug Bridge (ADB) and Fastboot tools installed and configured on your computer. You can download them as part of the Android SDK Platform-Tools package.
  • Custom Recovery (e.g., TWRP): While not strictly used for flashing the kernel in this method, having a custom recovery is invaluable for creating full backups and restoring your device if something goes wrong.
  • Device Drivers: Correct USB drivers for your specific Android device must be installed on your computer.
  • Custom Kernel boot.img: Obtain the custom kernel specifically compiled for your device and LineageOS version. This will usually be a file named boot.img or similar.

Crucial Backups: Don’t Skip This!

The most important step before any modification is to create comprehensive backups. This includes not just your personal data, but also critical partitions like your current boot.img and vbmeta.img. These are your lifelines in case of a boot loop or system instability.

How to Backup:

  1. Boot into Fastboot Mode: Connect your device to your computer and open a terminal/command prompt. Then type:adb reboot bootloader
  2. Backup boot.img: Use Fastboot to read your current boot partition. The exact command might vary slightly by device, but generally:fastboot getvar all

    Look for lines indicating partition names and sizes. Alternatively, if your device supports it, you can pull directly:

    adb pull /dev/block/by-name/boot boot_stock_backup.img

    If pulling from recovery, you might find options to backup specific partitions.

  3. Backup vbmeta.img: Similar to boot.img, you’ll need a backup of your current vbmeta partition. This is often present in stock firmware images. If you can’t pull it directly, download your device’s stock firmware and extract vbmeta.img from it. This file is critical for disabling verification effectively. Save it as vbmeta_stock_backup.img.
  4. Nandroid Backup (via TWRP): If you have TWRP, perform a full Nandroid backup to an external SD card or your computer. This will save your entire system, data, boot, and other partitions.

The Bypassing Procedure: Step-by-Step Guide

Now that you’re prepared, let’s proceed with flashing your custom kernel and disabling AVB/dm-verity.

Step 1: Download Your Custom Kernel

Ensure you have downloaded the boot.img file of the custom kernel compatible with your device and LineageOS version. Place this file in the same directory as your ADB and Fastboot tools for easy access. Rename it to something simple like custom_kernel.img.

Step 2: Enter Fastboot Mode

With your device connected to your computer via USB, open a command prompt or terminal and type:

adb reboot bootloader

Your device should now display the Fastboot screen.

Step 3: Flash the Custom Kernel

First, we flash your custom boot.img. The command depends on whether your device uses A/B partitions (seamless updates) or a single partition scheme. Most newer LineageOS devices use A/B slots.

For A/B Partition Devices:

Identify your active slot (e.g., fastboot getvar current-slot) and then flash to both, or just the current active slot. It’s often safer to flash to both or rely on the system to mirror it.

fastboot flash boot_a custom_kernel.imgfastboot flash boot_b custom_kernel.img

For Non-A/B Partition Devices:

fastboot flash boot custom_kernel.img

Wait for the flashing process to complete.

Step 4: Disable Android Verified Boot (AVB) and dm-verity

This is the most critical step for bypassing security. We will flash the vbmeta partition with special flags that instruct the bootloader to ignore verity checks.

Locate your backed-up stock vbmeta.img (e.g., vbmeta_stock_backup.img) in your Fastboot directory. Execute the following command:

fastboot --disable-verity --disable-verification flash vbmeta vbmeta_stock_backup.img
  • --disable-verity: This flag disables the dm-verity integrity checks, allowing modifications to partitions like system and vendor without triggering verification errors.
  • --disable-verification: This flag explicitly tells the bootloader to skip the cryptographic signature verification of the boot image and other critical partitions.

By flashing your stock vbmeta.img with these flags, you are essentially telling your bootloader: “This vbmeta partition is intentionally set to ignore security checks for the other partitions, so please don’t flag them as tampered, even though I’ve changed the kernel.” This allows your custom kernel to boot without integrity errors.

Step 5: Reboot Your Device

Once the vbmeta flashing is complete, you can reboot your device:

fastboot reboot

The first boot after flashing a new kernel can take longer than usual. Be patient.

Post-Flashing and Troubleshooting

Verifying the Installation

Once your device boots up, you can verify your custom kernel is active. Download a kernel information app from the Play Store (e.g., Kernel Adiutor, CPU-Z) and check the reported kernel version.

Troubleshooting Boot Loops

If your device gets stuck in a boot loop after flashing, don’t panic. This is why backups are essential.

  1. Enter Fastboot Mode: Force your device back into Fastboot mode (usually by holding Power + Volume Down during startup).
  2. Restore Stock boot.img: Flash your backed-up stock boot.img:fastboot flash boot boot_stock_backup.img
  3. Re-enable AVB/dm-verity (Optional but Recommended): If you want to revert to full security, flash the original, unmodified vbmeta.img (without the --disable flags):fastboot flash vbmeta vbmeta_stock_backup.img

    Alternatively, if you suspect the issue was with the `vbmeta` flags, you can try flashing just the stock `vbmeta.img` without any flags, or try another custom kernel.

  4. Reboot:fastboot reboot

Your device should now boot back into your LineageOS system with its original kernel. From there, you can re-evaluate your custom kernel file or troubleshooting steps.

Conclusion

Bypassing Android Verified Boot and dm-verity is a necessary step for anyone looking to flash custom kernels on their LineageOS device. While these security features are vital for stock Android, understanding how to responsibly disable them for development and customization purposes empowers users. Always remember the golden rule of Android modding: backups, backups, backups! With careful preparation and adherence to these steps, you can successfully enhance your LineageOS experience with a custom kernel.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Verified Boot #Custom Kernel #dm-verity #Fastboot #LineageOS

Related Technical Guides

Expert Guide: Downgrading Android 14/13 to Older Versions Without Losing Data (Where Possible)

May 30, 2026

Mastering AnyKernel3: Preparing Your Android Device for Custom Kernel Flashing

May 29, 2026

The Definitive Guide: Install LineageOS 21 on Google Pixel 8 (Step-by-Step Tutorial)

May 30, 2026