I was able to enable UART on my Pixel 2 XL and set up an adapter as described. I get plenty of UART output both in bootloader mode and when the phone is booting up. But there does not seem to be any 'console' or 'prompt'; it seems the text I send over the serial connection is not acknowledged by the phone. I don't see any "Press any key to interrupt boot" (etc.) prompt in the UART log, as this is what some other android phones use to break into a UART shell/console.

Is UART merely a log, or should I be able to get a console with commands?

(The guide mentions that it is possible to obtain root via the UART console; I can't see how this would be done without a console interface.)

I tried two different USB-to-serial adapters, one running at 3.3V and one at 1.8V (the phone's UART TX is 1.8V so it should be expecting RX at 1.8V) with no luck.

Hi there. I'm actually unsure how to use the debugging cable beyond obtaining the kernel debugging logs, I haven't attempted to use the console before. I just got the tip from someone else and added that warning in there on their insistence.

Okay, thanks for the info. I'll try to look into it some more when I have a moment. I'm hoping that there might be a way to trigger a low-level console during boot, because many smartphones have this as a hidden feature and make it accessible via the kind of "developer cable" / "serial cable" described in this guide. These consoles are fun to play around with and could possibly even help with filesystem repair / data recovery in the event that the android OS gets bricked during an update or root attempt.

Most likely, the most reliable way to find if such a console exists will be to dump a bunch of partitions (or extract them from a full system update,) extract individual binaries as needed, and put it through strings or a decompile to see if there's any code that would correspond to an interactive shell.

For reference, here's a look at Samsung's equivalent--the "S-Boot prompt"
http://hexdetective.blogspot.com/2017/02/exploiting-android-s-boot-getting.html

On qualcomm devices, what you want is probably EDL / Firehose

Good primer here, and the other follow-up parts:

• https://alephsecurity.com/2018/01/22/qualcomm-edl-1/

Note that itself it won't provide a console. But it provides tools to do things.

Here's an OSS tool to do things:

• https://github.com/bkerler/edl/

Though, this all requires signed programs/programmers, which technically shouldn't really be available out in the open as they blow some parts of the security strategies on those phones away.

And as such, it seems Google has kept theirs pretty well guarded. AFAIK none of their Pixel devices have the programmers available.

Thanks for the suggestion!
I'm actually somewhat familiar with firehose programmers and I read the Aleph piece a few months ago. As you mentioned, the requirement of signed programmers is a big limitation, and yes, I haven't been able to find any programmers for Pixel devices either. So for the Pixels, at least, it seems to be a dead end for now.

I've read that one line of Qualcomm's processors for smartphones (I forget the number, but it was mid-range and a few years old, definitely not what the Pixels have) apparently had some bootrom exploit that could be leveraged into making it accept any unsigned programmer in EDL mode. There are some data recovery / acquisition services that sell hardware and software tools capable of performing this specific exploit for a steep price, among other features (IIRC, the cheapest access was around a thousand dollars) and the details of the exploit unfortunately aren't publicly shared.