Skip to content

Troubleshooting

Jump to bottom
OO edited this page Jun 9, 2026 · 2 revisions

This page collects fixes for known issues. More will be added over time.

Repair a damaged TEE

This guide is for the Legion Tab Y700 5th Gen (TB323FU).

If you flashed a efi build (from a superturtlee/gbl_root_canoe release) to efisp on a locked bootloader, Google stops issuing remote keys to the device. The bootloader-unlock state gets fused into the TrustZone (TZ), so even the usual recovery steps — unlocking and relocking the bootloader, or erasing efisp — leave the TEE still being broken.

In this state, Play Integrity fails all three verdicts (Basic, Device, and Strong). You might dodge the Widevine downgrade with luck, but it won't hold. Here's how to fix it:

  1. If the bootloader is unlocked, relock it. Then download the efi that matches your firmware from the miner7222/gbl_root_canoe releases and flash it to efisp.
  2. You'll know the efi is right if it leaves your data intact. Once you've confirmed that, root the device — see Root a Device.
  3. In your root manager app, grant root to shell. Connect the device to your PC, then launch Windows Terminal as administrator.
  4. Install ADB platform-tools with winget install Google.PlatformTools, then close the Terminal window completely and reopen it so the new adb is picked up from PATH.
  5. Run: 
    adb shell
su -c 'LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox Keybox_file Device_ID true true'
  6. Check Play Integrity and Widevine — everything should be back to normal. The fix sticks unless you flash a wrong efi file again.

Once TEE is fixed, it stays there even after you unroot.

Play Integrity passes only partially

If Play Integrity still doesn't fully pass even with a locked bootloader, the likely causes are:

  1. Country code set to a region where the model was never officially sold. (For example, on the Y700 Gen 5 a country code of RU passes only Basic.)
  2. A beta build is installed. This can start passing once that build is promoted to an official stable release.
  3. An old security patch level. Any one of the Boot, System, or Vendor security patch levels being more than a year old is enough to fail.

Widevine shows L3

Uninstall and reinstall the affected app once. If it's still L3, you'll need root temporarily:

  1. Root your device following Root a Device, then follow this XDA guide: Fix Widevine L1 (unlocked bootloader).
  2. Afterward, clear the affected app's data (or reinstall it) and check again.

Once Widevine is back to L1, it stays there even after you unroot.

Clone this wiki locally