Related
Figured you TOPA folk needed your own thread... At least to track TOPA-specific issues!
FRX07.1 is here!!
This is a maintenance release - basically taking the newest components to make a completely up-to-date (as of Sept. 1).
Quite a lot has changed since FRX06 - the install process hasn't really, but be sure to read the changelog in the next post and the caveats in post #3!
<<<This is a link to the... FAQ Click it!!>>>
I have created a complete bundle of FroYo with a stable kernel from GIT (August 19 / 1348), and rootfs from GIT (Sept. 2).
Please, feel free to DONATE to the XDAndroid project!
Every little bit helps!
Directions:
1. Download the full bundle (zip). (Updated September 1 2011)
If instead you just want the system.ext2 (zip) (Updated July 15 2011) file by itself... Don't download this if you're not sure! Grab the full bundle!
2. Extract it. You’ll see a folder, FRX07.1, copy its contents to the root of your SD card. If you want to run Android from a folder instead of all the files on the root of the card, follow the steps below.
3. Go into the STARTUPS folder. Grab the appropriate startup.txt for your device (if you don't know what device you have, you should read the FAQ), and move it to the root of the card (or where you run haret.exe from. If you want to change the location of the build, put a rel_path= statement in the cmdline section of the startup.txt. Mine is located two folders deep on the SD, so my rel_path=Androids/TP2Ref)
4. Screen calibration - you have three choices:
Re-use an old ts-calibration file if you have it and you know it's good.
Download the ts-calibration.zip file and extract it to where you put the rest of the files (root of SD or in a folder - make sure it all stays together!)
Manually calibrate - boot with no ts-calibration file and watch the boot process - you'll be asked to hit 5 points to calibrate the screen. If you have issues calibrating, try an older kernel (1225 works well) Once you have the calibration file hold on to it (make 15 copies if it's a good one ), reboot & go back to the newest kernel!
6. Run haret.exe.. Profit!
Let it settle out on the first boot. Many have reported they had to reboot basically because it was so slow - if you let it sit for about 10 mins so the media scanner can go thru everything, etc. it will be much more pleasurable experience. If you want adb in and watch the processes via top, you'll see why the phone seems so slow - there's lots of background processes cranking because this is the first boot .
Troubleshooting:
Please read the... FAQ
If you have any issues with the kernel, feel free to change it:
There are some devices that are having issues with the newest kernels. Please see the kernel autobuild service to get archived kernels. Once you download a replacement kernel, go to where you run haret.exe from - remove your old zImage/modules-xxxxx.tar.gz. Take the new zImage/modules-xxxxx.tar.gz and replace the old ones, same folder - where you run haret.exe from. Make sure the ‘zImage’ is named just that. Do not rename the modules file, do not extract it - should be in .tar.gz format.
See Incremental Updates for more information on updating the kernel and other components.
Random issues can often be solved by forcing the system to create a new data.img. If you're worried about losing data (all user data is stored in the data.img!!), Titanium Backup works quite well. If you wish, you can rename the data.img to something else, and let the system create a new one - just to see if it resolves your problem.
Similarly, if you wish try formatting your SD card - I prefer to use the HP Tool - do a full format, FAT32.
Even though this build is considered fairly stable, you are more than likely going to run into issues. The next post will address issues particular to this build - PLEASE READ THESE before asking questions! Feel free to post questions in this thread, I will do my best to address them. Big thanks to stinebd for releasing the system image, and of course the other developers for their hard work on making these kernels available.
stinebd's Changelog:
stinebd said:
Here’s a new release for you, folks. This is a major release with a ton of changes, new features, and fixes. Our friend hyc/highlandsun did most of the heavy lifting for this release. Highlights include a rewritten RIL with support for world phones and greatly improved CDMA support; fixes for the media codecs; fixes for MMS on Sprint; increased security with the Superuser app.
A list of changes is included below. The FRX07 system image is available for download now, and will require the use of a new rootfs image, also available now. Additionally, we have a new bundle containing everything needed to enjoy a full FRX07 system.
Note: Due to the incredibly long list of changes, this is a somewhat condensed, terse changelog describing only the overall scope of the changes.
FRX07:
frameworks/base:
Major frameworks changes for CDMA/GSM dual-mode worldphone support. (hyc)
Fixes for data connection handling to improve startup time. (hyc)
Fixes for wifi handling to avoid issues on hanged drivers. (hyc)
Stagefreight (media codecs) fixes. (hyc/viruscrazy)
Fixes for Sprint’s wonky MMS markup structure. (hyc)
Fix MediaScanner not finding audio files (including ringtones) in system.ext2
hardware/libhardware_legacy:
Minor GPS driver fixes. (Alex[sp3dev])
Rename wifi interfaces to wlan0 on all devices (hyc)
hardware/xdandroid-ril: Major RIL refactoring for improved performance on all devices, and added CDMA/GSM dual-mode worldphone support. (hyc)
packages/apps/Gallery3D: Switched back to Gallery3D as the gallery app (closes bug #111)
packages/apps/Mms: Fixes for Sprint’s wonky MMS markup structure. (hyc)
packages/apps/Phone: Fixes for CDMA/GSM dual-mode worldphone support. (hyc)
packages/apps/Superuser: Added the Superuser package for authorizing su privileges. This, along with our signed builds, provides greatly increased security for the end user (mostly against malicious apps from the Market).
system/extras/su: Added as a dependency for the Superuser package
vendor/qcom/android-open: Include missing stagefright codec symbols. (hyc/viruscrazy)
To coincide with the FRX07 system image, the following rootfs changes have been made:
init.froyo.rc modifications...
Adjust wpa_supplicant service for the new abstraction provided by libhardware_legacy, as well as interface rename
Abstract the hciattach service to provide bluetooth support on both chipsets
Rename wifi interface to wlan0 on all devices
apns-conf.xml updated
keymaps completely reorganized, and RHOD end-call key has been remapped to be the Home key in Android.
default.prop: set ro.secure=1 to lock down the adb shell - su can be used with the Superuser app to authorize root access in adb if needed.
Click to expand...
Click to collapse
Layman's Changelog
(As in, the changelog I wrote )
FRX07.1 Changelog:
RHOD - all buttons on the front no longer wake the device. Only the power button wakes the device now.
Updated to the newest RIL
hyc's modified libs for video now baked in - *most* HQ YouTube videos (and other HQ videos) should finally work!
RHOD & TOPA - Userland (Android) now controls the LED by default now. If you need to debug sleep, you will have to change the behavior manually. See Detule's post on this topic.
Facebook sync should now work, out-of-box.
FRX07 Changelog:
Updated RIL (thanks hyc!) - this covers many different bugs that were in the old RIL - I'm only going to cover the major ones...
CDMA now works correctly (for the most part). force_cdma (and north_am_dialing) is now deprecated (not needed/ignored!)
You can boot with a SIM in on a CDMA device and choose your GSM or CDMA on the fly under Settings.
Location based on towers now works on CDMA.
1xRTT now displays correctly, but I never seem to get EVDO Rev.a... I always get 0. This is represented by a 3g icon, as this is what the Android framework provides.
Full MMS support! Please see this page for configuration instructions. Will need help fleshing out the list of carriers folks!
Spotty service, switching towers, etc should no longer cause the dreaded SoD (Sleep of Death) condition!
(Basic audio) 3.5mm support for RHOD400/500
Droidwall works out of the box now
Keyboard backlight now fades in/out
Gallery3D back in! Picasa Web Sync comes with it
A couple new apps added to AndroidApps folder:
rpierce99's app GetLogs
Titanium Backup
Caveats:
BT - works! But audio doesn't route. See this thread if you're feeling adventurous and want to play with/don't mind using some unstable/incomplete code...
After booting, TOPA seems to have a crippling issue where if the first call is inbound, the phone reboots. So I guess after booting make an outbound call and everything is fine? Someone please confirm...
That audio routing thread is in the RHOD section, and I've only tested it on a RHOD - but AFAIK it should work on other devices. Let me know.
Whew, here you go TOPA folk!
I figured you guys needed a thread for this, if only to track issues that are TOPA-specific. Let me know what I need to add in the caveat section for TOPA! Also let me know if ts-calibration file is good or not .
Also, if you guys already have FRX07 running/working... there's nothing new here. Mainly using this thread as a place for newbie's to go and you experienced folk to help me track issues again for new users!
I have a small problem,when I run haret it comes to animated logo and then my phone go to rebote?
Every time when is starting FRX07 the mobile reboot and start's windows?. Where is the problem?...
kujrv1 said:
Every time when is starting FRX07 the mobile reboot and start's windows?. Where is the problem?...
Click to expand...
Click to collapse
Yes,that's right...
And solution...?
Use the latest kernel and rootfs, not the ones bundled with frx07.
kujrv1 said:
And solution...?
Click to expand...
Click to collapse
kujrv1 said:
Every time when is starting FRX07 the mobile reboot and start's windows?. Where is the problem?...
Click to expand...
Click to collapse
hb5 said:
I have a small problem,when I run haret it comes to animated logo and then my phone go to rebote?
Click to expand...
Click to collapse
Sorry guys grab the latest kernel. I just put that in the caveat list, thanks.
I put the last kernel and i have the same issue. Reboot on Animated logo
I too have the reboot issue on animated start screen. Latest kernel used.
Any suggestions??
last three kernels didn't work on my topa100
it runs haret and then reboot the device
Will you guy's please make an effort and read other posts on this topic instead of clogging up the forum.
Everything you need to know has been posted already, multiple times.
Zaknahhas said:
last three kernels didn't work on my topa100
it runs haret and then reboot the device
Click to expand...
Click to collapse
gtti148 said:
I too have the reboot issue on animated start screen. Latest kernel used.
Any suggestions??
Click to expand...
Click to collapse
kujrv1 said:
I put the last kernel and i have the same issue. Reboot on Animated logo
Click to expand...
Click to collapse
Wait...
zooster said:
Use the latest kernel and rootfs, not the ones bundled with frx07.
Click to expand...
Click to collapse
Seems to make me think it's working on the newest rootfs and kernel - is this not true?
arrrghhh said:
Seems to make me think it's working on the newest rootfs and kernel - is this not true?
Click to expand...
Click to collapse
I've been switching my TOPA to FRX07 + .27 + rootfs (all selfbuilt) yesterday, and it boots up fine since the latest kernel fix.
So anything reported not working with latest autobuild kernel implies user error for me if it resets during bootanimation.
arrrghhh, thanks for taking care of the topa threads! So I can concentrate on not getting anything done for .35
Michael
arrrghhh said:
Wait...
Seems to make me think it's working on the newest rootfs and kernel - is this not true?
Click to expand...
Click to collapse
Topaz can boot with last kernel, with htc-msm-linux @ 20110718_223029 it doesn't.
zooster said:
Topaz can boot with last kernel, with htc-msm-linux @ 20110718_223029 it doesn't.
Click to expand...
Click to collapse
20110718_223029 is the latest kernel tho... are you saying emwe is lying? .
emwe - perhaps you should be like us heathens and try to run the pre-compiled binaries? I know, blasphemy...
Hi to all, is 2 day frx7 work in my topaz all work bt, wifi, 3g, lokscreen, rotate screen (no good) photo, opera, sms, gps an battery when is 10% work 6 hour, is speed. i like use android. thanks
I DID NOT MAKE THIS ROM!!!!!! - A developer by the name of TheKit made this rom, so do not give me any credit for this rom, give it all to them.
I am simply linking it because I love this phone, I love Sailfish OS on it, and I think a lot of people would enjoy Sailfish OS on it as well and just don't know it is available.
Q: "What is Sailfish OS and why should I use it?"
A: Sailfish OS is a great OS for many reasons. Having used multiple android roms I can attest to the fact that:
1. It has MUCH better battery life (however it has a weird battery read bug, see issues below)
2. It is MUCH faster and generally more stable when it comes to the things that work (your calls won't drop, your system won't lock up due to lack of ram, etc.)
3. It has a great gesture driven UI that is a joy to use and very gorgeous to look at. No more of this all white bull**** Google has been forcing down our throats since 2014
Q: "How good is the battery life?
A: After a day of playing cave story at work and reading discord and listening to music, I am at about 30-40% end of day (I start at 8:30AM, stop at 4:00PM)
Okay now that the Q/A segment is over, lets get to the real meat
ISSUES
1. Battery Read is wonky, it only goes in 10% increments until it reaches 20%, then it starts going in 5% increments
2. If you use the 2.1.3.7 build keyboard backlight is broken, but it works fine on the 2.1.0.11 build
3. Bluetooth is wonky, I was able to play audio through speakers in the 2.1.3.7 build...
4. FM Radio is broken too
5. As the maemo-talk thread says, CDMA is untested, and like on Photon Q, most likely does not work. GSM works great though! :good:
6. The old 2.1.0.11 build has a slew of issues compared to the new 2.1.3.7 build. These include data not working out of box, wifi requiring a reboot to work, and auto rotation not working in a majority of apps by default. Consult this thread and the maemo talk thread for more help, and if you want rotation anywhere, install patchmanager 2.0 and auto rotate anywhere from warehouse for sailfish os.
Alien Dalvik install tutorial
I did not make this and do not know who did. the developer claims someone threw a brick at them with an sd card attached. The sdcard contained links to these files in the form of a text file names "monkeyAIDS.txt"
https://drive.google.com/file/d/1mS6di1jYfVeDoFBjcANS6SmfkhGyEKoa/view - AD Jolla C (different from the Turing phone rpm, this is built for 3.1.x kernels)
http://sfos.scanf.su/maserati/alien-patched.tar.gz
So extract both files to your ~/ (home) directory and type in the following:
devel-su
[insert root password you set in settings]
zypper in [alien dalvik rpm]
rsync -a /home/nemo/alien/ /opt/alien/
ln -s /vendor /opt/alien/system/vendor
reboot
OPTIONAL: fix for the default 320PPI value
devel-su
[insert root password]
vim /opt/alien/system/build.prop
change ro.sf.lcd.density to the value of your choosing (Droid 4 is 256)
Keyboard Backlight Fix, works on 2.1.0.11, don't know about 2.1.3.7 -- Thank you @moodroid for this legendary patch!
On <2.1.3.7, I got the keyboard backlight to work by creating an /etc/mce/20backlight.ini with:
[KeyPad]
BrightnessDirectory=/sys/class/leds/keyboard-backlight
Then do 'pkcon install mce' and 'systemctl restart mce'.
Download Links
Here is the thread with the Download Link to the 2.1.0.11 build
https://talk.maemo.org/showthread.php?t=99031&page=9
If you don't mind a lack of keyboard backlight and want a more up to date build, grab the new and fabulous leaked 2.1.3.7 Build:
https://drive.google.com/file/d/1k3MOCrMvbFb114Omf0MzSvnQ7wBkTiWH/view?usp=sharing
Basically if you are fed up with how ****ty the latest Lineage OS builds are and just want to try something new, give this a try. Why not? What have you got to lose. All in all great work by TheKit and I am very happy with the port as it is and I think you will be too.
Hi,
On <2.1.3.7, I got the keyboard backlight to work by creating an /etc/mce/20backlight.ini with:
[KeyPad]
BrightnessDirectory=/sys/class/leds/keyboard-backlight
Then doing 'pkcon install mce' and 'systemctl restart mce'.
Hope you get the OK to share your AD success!
Thanks
moodroid said:
Hi,
On 2.1.3.7, I got the keyboard backlight to work by creating an /etc/mce/20backlight.ini with:
[KeyPad]
BrightnessDirectory=/sys/class/leds/keyboard-backlight
Then doing 'pkcon install mce' and 'systemctl restart mce'.
Hope you get the OK to share your AD success!
Thanks
Click to expand...
Click to collapse
dude you are a legend!
I would add that to the OP but you are first comment so anyone viewing the op will see this. I will definitely tell TheKit about this (then again, he gave you the 2.1.3.7 build so you can just tell them yourself)
Greetings,
I've been playing around with SailfishOS on my Droid 4 in the past few days, and I have a few questions about the whole thing. TheKit publicly shared a 2.1.3.7 build for the Droid 4 on his thread at Maemo, is that the one you are talking about or is it a different build? As someone mentioned this specific build seems to have issues with wifi, and I have the same problem. I can't post links, but the download link to the build I mentioned is on page 12.
The 2.1.0.11 build seems to work fairly well, however I wasn't able to install Alien Dalvik. After the installation the "Android Support" button does show up in the settings app, however nothing happens when I click the start button. I also attempted installing an apk both via the GUI (by clicking on it in the downloads) and via the command line by using "apkd-install", but it doesn't seem to work. Full log of the installation process attached.
I talked with TheKit, and the 2.1.3.7 build I mentioned (the one at page 12) is indeed outdated. He just updated the OP at Maemo and added the latest 2.1.3.7 build, which I just flashed and it's working great. Also installed Alien Dalvik following the instructions in the OP and it seems to be working fine as well! However I wasn't successful with the backlight fix method yet.
For anyone wondering how I flashed the latest build I went CM11 --> SailfishOS 2.1.0.11 --> SailfishOS 2.1.3.7 (rel2).
NIKKOS said:
I talked with TheKit, and the 2.1.3.7 build I mentioned (the one at page 12) is indeed outdated. He just updated the OP at Maemo and added the latest 2.1.3.7 build, which I just flashed and it's working great. Also installed Alien Dalvik following the instructions in the OP and it seems to be working fine as well! However I wasn't successful with the backlight fix method yet.
For anyone wondering how I flashed the latest build I went CM11 --> SailfishOS 2.1.0.11 --> SailfishOS 2.1.3.7 (rel2).
Click to expand...
Click to collapse
Hi Nikkos,
Sorry - that was me that posted the backlight fix, and I agree that it doesn't work on 2.1.3.7-rel2. It'd worked on every other version I tried, and I've now edited my post above. Glad everything is working.
Sorry again
moodroid said:
Hi Nikkos,
Sorry - that was me that posted the backlight fix, and I agree that it doesn't work on 2.1.3.7-rel2. It'd worked on every other version I tried, and I've now edited my post above. Glad everything is working.
Sorry again
Click to expand...
Click to collapse
No worries.
If anyone is wondering how to change the SailfishOS UI scale (I find the default one to be way too big) here's how I did it via the terminal:
Code:
devel-su
rm /etc/dconf/db/vendor.d/locks/silica-configs.txt
dconf write /desktop/sailfish/silica/theme_pixel_ratio value
I believe the default value should be around 1.1; you can also reset the value to stock with:
Code:
dconf reset /desktop/sailfish/silica/theme_pixel_ratio
or read the value with:
Code:
dconf read /desktop/sailfish/silica/theme_pixel_ratio
Not exactly droid 4 related, but thought I'd share.
Okay, I got the backlight to turn on!
Type the following in the terminal:
Code:
devel-su
echo 255 >/sys/class/leds/keyboard-backlight/brightness
It seems to properly react to some triggers like standby after being turned on but not to others like sliding the keyboard in and out (which means it will always stay on if the screen is on, regardless if it's been slided in or out). My assumption is that the keyboard sliding trigger got broken in some way, as I believe that's the way the backlight is being turned on. The events which trigger the backlight seem to be stored in the file /sys/class/leds/keyboard-backlight/trigger, so I assume that would be a good starting point to attempt fixing this.
The keyboard backlight intensity can also be changed, just change the 255 to a different value (it goes from 0 to 255).
Note: this change is not permanent, it will need to be applied again at reboot. Writing a script which executes the above commands at boot should be trivial though, and I will include instructions when I get it done myself.
EDIT:
Here's how to make the change permanent. Following these instructions you will create a Systemd service which will turn the backlight on when active and off when inactive; it will automatically run at boot and it can also be controlled like any other Systemd service (i.e. using systemctl via the terminal)
Type the following commands through the terminal:
Code:
devel-su
cd /etc/systemd/system
touch keyboard-backlight.service
chmod 744 keyboard-backlight.service
You will now need to edit the keyboard-backlight.service file with a text editor (either vim or nano will do, vim comes preinstalled, nano does not). Depending on your preferred text editor, type the following:
Code:
vim keyboard-backlight.service
or
Code:
nano keyboard-backlight.service
Now write the following to the file and save it:
Code:
[Unit]
Description=XT894 keyboard backlight service
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo 255 >/sys/class/leds/keyboard-backlight/brightness"
ExecStop=/bin/sh -c "echo 0 >/sys/class/leds/keyboard-backlight/brightness"
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Now type the following to enable the service:
Code:
systemctl enable keyboard-backlight.service
That's it. You can now control the service by using the following:
Code:
systemctl start keyboard-backlight //This will turn the backlight on
systemctl stop keyboard-backlight //This will turn the backlight off
systemctl status keyboard-backlight //This will display the service status
Can anyone share the google drive file from the first post? Is there an alternative link available? Or could you PM me a google drive link? Thanks!
Can anyone suggest the best/correct ROM-slot size for TWRP?
Is it still like for CM/LOS:
800MB for system
10MB for cache
and rest for data as one likes?
It has been bugging me for quite some time that the Lenovo Yoga Tab 3 Plus has a portrait (phone) 10" screen mounted in a landscape body, and TWRP didn't have the necessary code to adjust its graphics rendering so as to compensate for this, so I just decided to patch it myself.
With these unofficial recoveries (officials can be found here and here), you get the following improvements:
Graphics are rendered in the landscape orientation
Compiled from LineageOS 15.1 sources plus LineageTWRP => much easier to maintain
(For development) Pstore/ramoops active, can retrieve the Android kernel's log on reboot or panic
Mouse pointer in the middle of the screen is gone
Factory reset commands from Android are no longer broken
Removed their prompt to install the TWRP app in Android when you try to reboot
Also be aware that flashing unofficial cm14 zips is not supported with these TWRP images!
If any of the items above bug you as well, these TWRP builds may be for you. At the moment they are optional (not required - you may use other TWRP recoveries just as well) if you are a user of LineageOS 15.1 for YTX703F/YTX703L. However, in the future we will be making steps to replace the official TWRP recoveries with these ones over here.
Known issues
None so far.
Downloads
TWRP 3.2.3: [YTX703F (Wifi)] | [YTX703L (LTE)]
Installation instructions
If your device is new to the custom ROM flashing process, you need to unlock its bootloader:
Code:
fastboot oem unlock-go
If you are not fully decided and just want to try out these TWRP images, you can just hot-boot them into RAM, without writing them permanently to flash storage:
Code:
fastboot boot twrp-3.2.3-UNOFFICIAL-YTX703L.img
If you don't like it, it's not persistent (rebooting again will get you the old recovery back)
If you're sold on the new recovery image, here's how to permanently flash it:
Code:
adb reboot bootloader # Do this only if you're not in fastboot mode right now (with the orange Lenovo image)
fastboot flash recovery twrp-3.2.3-UNOFFICIAL-YTX703L.img
fastboot continue # Will boot into Android
Build instructions
Add the following to .repo/local_manifests/roomservice.xml in a lineage-15.1 tree:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<remote fetch="https://github.com/omnirom" name="omnirom" review="gerrit.omnirom.org" revision="android-8.1" />
<project groups="pdk" name="android_bootable_recovery" path="bootable/recovery-twrp" remote="omnirom" />
</manifest>
Run the following:
Code:
$ repo sync bootable/recovery-twrp
$ source build/envsetup.sh
$ repopick -P bootable/recovery-twrp -g https://gerrit.omnirom.org 31454
$ repopick -P bootable/recovery-twrp -g https://gerrit.omnirom.org 31630
$ repopick -P bootable/recovery-twrp -g https://gerrit.omnirom.org 28622
$ lunch lineage_YTX703L-eng
$ WITH_TWRP=true mka recoveryimage
$ adb reboot bootloader
$ fastboot boot out/target/product/YTX703L/recovery.img
vladimiroltean said:
It has been bugging me for quite some time that the Lenovo Yoga Tab 3 Plus has a portrait (phone) 10" screen mounted in a landscape body, and TWRP didn't have the necessary code to adjust its graphics rendering so as to compensate for this, so I just decided to patch it myself.
With these unofficial recoveries (officials can be found here and here), you get the following improvements:
Graphics are rendered in the landscape orientation
Compiled from LineageOS 15.1 sources plus LineageTWRP => much easier to maintain
(For development) Pstore/ramoops active, can retrieve the Android kernel's log on reboot or panic
Mouse pointer in the middle of the screen is gone
Factory reset commands from Android are no longer broken
Removed their prompt to install the TWRP app in Android when you try to reboot
Also be aware that flashing unofficial cm14 zips is not supported with these TWRP images!
If any of the items above bug you as well, these TWRP builds may be for you. At the moment they are optional (not required - you may use other TWRP recoveries just as well) if you are a user of LineageOS 15.1 for YTX703F/YTX703L. However, in the future we will be making steps to replace the official TWRP recoveries with these ones over here.
Known issues
None so far.
Downloads
TWRP 3.2.3: [YTX703F (Wifi)] | [YTX703L (LTE)]
Installation instructions
If your device is new to the custom ROM flashing process, you need to unlock its bootloader:
If you are not fully decided and just want to try out these TWRP images, you can just hot-boot them into RAM, without writing them permanently to flash storage:
If you don't like it, it's not persistent (rebooting again will get you the old recovery back)
If you're sold on the new recovery image, here's how to permanently flash it:
Click to expand...
Click to collapse
Can I also install this new recovery image using the twrp app instead adb?
Or can i try the new Image to execute the Codes directly in the tablet with the terminal emulator App instead connecting to the PC?
tombraga said:
Can I also install this new recovery image using the twrp app instead adb?
Click to expand...
Click to collapse
I've never used that, as I consider it bloatware. If it allows you to flash a local disk image (and not only ones downloaded from twrp.me) into the recovery partition, then I suppose you can. But then again, that'd require giving it root permissions, and I don't think I'd trust it that much just because I'm lazy.
vladimiroltean said:
I've never used that, as I consider it bloatware. If it allows you to flash a local disk image (and not only ones downloaded from twrp.me) into the recovery partition, then I suppose you can. But then again, that'd require giving it root permissions, and I don't think I'd trust it that much just because I'm lazy.
Click to expand...
Click to collapse
Thanks for Information, one more question:
Can i try the new Image to execute the Codes directly in the tablet with the terminal emulator App instead connecting to the PC?
I got some problem right now with my pc and cannot use it with my tablet
tombraga said:
Thanks for Information, one more question:
Can i try the new Image to execute the Codes directly in the tablet with the terminal emulator App instead connecting to the PC?
I got some problem right now with my pc and cannot use it with my tablet
Click to expand...
Click to collapse
You can try to do this:
Code:
su
dd if=/sdcard/Download/twrp-3.2.3-UNOFFICIAL-YTX703L.img of=/dev/block/bootdevice/by-name/recovery
sync
But keep in mind that interactive "su" sessions are kinda broken (tab completion, Ctrl-c and other stuff), this patch fixes that but its's not merged yet. So your mileage might vary. If you just cut and paste the commands (make sure they match your device though!) it should work.
vladimiroltean said:
You can try to do this:
But keep in mind that interactive "su" sessions are kinda broken (tab completion, Ctrl-c and other stuff), this patch fixes that but its's not merged yet. So your mileage might vary. If you just cut and paste the commands (make sure they match your device though!) it should work.
Click to expand...
Click to collapse
Thanks, but this is too hot for, better I wait and fix my pc first, thanks
At least perhaps a stupid question: can i flash your new twrp img directly from my actual official 3.2.0-0 twrp choosing install image and then your img.file?
tombraga said:
Thanks, but this is too hot for, better I wait and fix my pc first, thanks
At least perhaps a stupid question: can i flash your new twrp img directly from my actual official 3.2.0-0 twrp choosing install image and then your img.file?
Click to expand...
Click to collapse
There are countless ways you can do it, but like you said, it's not a good idea to reflash your recovery if you're don't have a plan B if anything goes wrong.
vladimiroltean said:
There are countless ways you can do it, but like you said, it's not a good idea to reflash your recovery if you're don't have a plan B if anything goes wrong.
Click to expand...
Click to collapse
i could fix my laptop now i made it with adb as you teached and explained, worked wityout any problems
I like very much the new TWRP, waiting so long for this landscape mode and without questions to install TWRP app.
Now i uninstall the TWRP app and have a very nice TWRP recovery which is fine for my Lenovo tablet, thank you so much.
Problem: no i cannot uninstall more the TWRP app, even tried with titanium pro, but could not find the system app was the message...
should i freez the twrp app now with titanium pro?
When your twrp will go official???? I hope soon.
---------- Post added at 05:21 PM ---------- Previous post was at 05:06 PM ----------
tombraga said:
i could fix my laptop now i made it with adb as you teached and explained, worked wityout any problems
I like very much the new TWRP, waiting so long for this landscape mode and without questions to install TWRP app.
Now i uninstall the TWRP app and have a very nice TWRP recovery which is fine for my Lenovo tablet, thank you so much.
Problem: no i cannot uninstall more the TWRP app, even tried with titanium pro, but could not find the system app was the message...
should i freez the twrp app now with titanium pro?
When your twrp will go official???? I hope soon.
Click to expand...
Click to collapse
made even a first backup right now with the new TWRP, without any problem and very fast. great!
tombraga said:
Problem: no i cannot uninstall more the TWRP app, even tried with titanium pro, but could not find the system app was the message...
should i freez the twrp app now with titanium pro?
Click to expand...
Click to collapse
If it really bothers you, I would wipe the system partition and install everything else all over again (LineageOS, the exact same Gapps package, etc).
tombraga said:
When your twrp will go official???? I hope soon.
Click to expand...
Click to collapse
Probably not very soon, hence the reason why I decided to release it unofficially for a while. I contacted the TWRP project maintainers and they said they're caught at the moment with other stuff (merging with Android P codebase) and they can't review my display rotation patch until that activity is finished. So we're probably talking about the timeframe when the first official TWRP and LineageOS builds based on Android P are going to get released.
vladimiroltean said:
If it really bothers you, I would wipe the system partition and install everything else all over again (LineageOS, the exact same Gapps package, etc).
Probably not very soon, hence the reason why I decided to release it unofficially for a while. I contacted the TWRP project maintainers and they said they're caught at the moment with other stuff (merging with Android P codebase) and they can't review my display rotation patch until that activity is finished. So we're probably talking about the timeframe when the first official TWRP and LineageOS builds based on Android P are going to get released.
Click to expand...
Click to collapse
It's ok, I can live with it.
I see two things in new version
1) graphical bug inside list of files (overlapping)
2) cannot access NTFS formatted sd-card (while older version working fine)
janforman said:
I see two things in new version
1) graphical bug inside list of files (overlapping)
2) cannot access NTFS formatted sd-card (while older version working fine)
Click to expand...
Click to collapse
1. Screenshot? (I think it's vol-up + power)
2. That might be my oversight on my part. NTFS is indeed not enabled in the kernel because Android uses the ntfs-3g FUSE implementation. I think that's not available in TWRP though.
vladimiroltean said:
1. Screenshot? (I think it's vol-up + power)
2. That might be my oversight on my part. NTFS is indeed not enabled in the kernel because Android uses the ntfs-3g FUSE implementation. I think that's not available in TWRP though.
Click to expand...
Click to collapse
I flashed older TWRP version and NTFS is working well. I'm using it for flashing and backup. In new version sdcard is not mounted and in "mount" option greyed out (i cannot select it).
I had an issue flashing a custom boot animation zip and font zip, they appeared to flash fine in recovery but the boot animation and font was not changed. I flashed the latest official TWRP and these zips flashed and took effect fine. No issues with ROM zip, gapps or magisk though
scoobyjenkins said:
I had an issue flashing a custom boot animation zip and font zip, they appeared to flash fine in recovery but the boot animation and font was not changed. I flashed the latest official TWRP and these zips flashed and took effect fine. No issues with ROM zip, gapps or magisk though
Click to expand...
Click to collapse
Can you give a link to the boot animation and font you flashed.
I know you are the graphics expert around here so will be nice if you can point us to some compatible boot animations for our device.
I really don't want to sound unappreciative but the Lineage 'stock' boot animation seriously needs a facelift
Finefeather said:
Can you give a link to the boot animation and font you flashed.
I know you are the graphics expert around here so will be nice if you can point us to some compatible boot animations for our device.
I really don't want to sound unappreciative but the Lineage 'stock' boot animation seriously needs a facelift
Click to expand...
Click to collapse
The animation is nothing to do with Lineage, but if you like Raphael of TMNT, feel free to try this: https://drive.google.com/open?id=0B260dxr9nvchTG0xR2pYelhuNHc
I have noticed that with an animation that fills more of the screen than the lineage logo, there seems to be a black overlay taking up about a 3rd of the screen at the right, which obscures my animation a little but only for a couple of seconds.
As I say, I can flash this with official TWRP but it doesn't seem to take with this one
This version of TWRP is unfortunately not compatible with GApps+Aroma. (The standard version works fine.)
Rueddi_ger said:
@vladimiroltean
How do I compile this TWRP? I found the twrp.mk in our devicetree/recovery directory. I pasted all flags to the end of BoardConfigCommon and the BoarConfig of the F/L version. It compiles well, but doesn't recognize those flags, I think. When I boot the img The touchscreen is completely inverted and is weird. Apart from that it isn't in landscape mode, but in portrait ( even thought the flags include TW_THEME := landscape_hdpi) Can you give me an idea where the problem is?
You can find my device tree here: Github
Click to expand...
Click to collapse
Added instructions in the top post.
Rueddi_ger said:
Actually I forgot to mention that I do not want to build TWRP exactly, but OrangeFox (which is based on TWRP). The problem is I cannot use the lineageOS tree, I think, because OrangeFox requires to be initialized with the minimal Omni manifest (see here: https://gitlab.com/OrangeFox/Manifest ). Do you have an idea what I can do?
Click to expand...
Click to collapse
What have you tried to do and what were the errors you were faced with?
Rueddi_ger said:
Apart from that it didn't seem to recognize any TWRP flags as the theme is not landscape, although I put those flags like everywhere
Click to expand...
Click to collapse
Hate to break it to you, but rotating the recovery framebuffer is an operation that is quite a bit more involved than setting "TW_THEME := landscape" (assuming that's what you were trying to say).
Did you even bother to look at the patches linked in the top post? What about this one:
Code:
From 2a8821faf98f8c26a88e9bbe8a8a6d31015b938b Mon Sep 17 00:00:00 2001
From: Vladimir Oltean <[email protected]>
Date: Tue, 3 Jul 2018 00:04:03 +0300
Subject: [PATCH] TW_HWROTATION: add flag to handle hardware-rotated display
panels
* The existence of TW_HWROTATION that implements this feature at the
level of calls to libpixelflinger API closely mirrors the existence of
ro.sf.hwrotation for surfaceflinger in LineageOS.
* A brute-force approach was previously attempted via the
BOARD_HAS_FLIPPED_SCREEN makefile flag. That code iterated over the
active display surface in a double-buffered setup, and performed a
"smart" memcpy from the UI drawing surface (gr_draw) onto the display
surface. The problem was that, without heavy loop optimizations, that
code could have never scaled for 90 and 270 degree rotation.
I tried and you could literally see the for loop with the naked eye
while the display surface was updating.
* That code is now gone, but support for BOARD_HAS_FLIPPED_SCREEN := true
is still there (now means TW_HWROTATION := 180).
* This patch relies on the assumption that it is impossibly difficult
and non-portable to rotate whole framebuffer display surfaces, in a
way that is not dependent upon the graphics backend (adf, fbdev, drm,
overlay etc). Therefore, it identifies the rendering primitives that
the TWRP graphics stack exposes to the GUI application above, and
implements hwrotation inside each of those calls instead:
- gr_line(), gr_fill() - 2D geometric shapes (lines, rectangles)
- gr_blit() - graphical image resources
- gr_ttf_textExWH() - font rendering
- gr_fb_width(), gr_fb_height() - framebuffer resolution
* The gist is to keep the backend and framebuffer (dimensions, row size
etc) unchanged (because making changes there is asking for trouble),
but present an altogether different reality to the calling API,
according to the compile-time constant TW_HWROTATION.
* All (x, y) API coordinates and shapes are transformed before being
actually rendered as (x_disp, y_disp) display coordinates.
* With TW_HWROTATION := 90 or 270 you can turn a landscape device into
a portrait one, because the GUI is fooled by the reversed dimensions
reported by gr_fb_width() and gr_fb_height() and renders the UI as
for a different device.
* For blit and text rendering operations, figuring out the transformed
coordinates in display space is not enough, as the surfaces that are
to be rendered have to be rotated themselves. This is handled by
allocating an intermediary rotated surface on each rendering
operation (not ideal), so the code with the intermediary surface
is compiled out for the TW_HWROTATION := 0 case.
* This is still not as bad as rotating the whole framebuffer though, and
on a msm8976 device the performance hit is not even noticeable (for
software rendering).
* Currently there is no attempt to make a connection between the
TW_HWROTATION and the { RECOVERY_TOUCHSCREEN_SWAP_XY,
RECOVERY_TOUCHSCREEN_FLIP_X, RECOVERY_TOUCHSCREEN_FLIP_Y } settings.
Change-Id: Ic8966ad5360c8a499649fdb16e242286640fd992
Signed-off-by: Vladimir Oltean <[email protected]>
What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 17.1 suitable for using to re-lock the bootloader on a OnePlus 6/6t
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 17.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 18.04 installation, if you are using Windows or another Linux distro, the commands may be different.
Supported devices:
Current both the OnePlus 6 (enchilada) and 6t (fajita) have been tested, but newer phones should work as well.
For simplicities sake, all further references will only be to the 6t (fajita).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 17.1 (recommended 8 cores, 24g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 17.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki for details on how to complete these tasks
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/fajita
mkdir ~/android/fajita/oos
mkdir ~/android/fajita/images
mkdir ~/android/fajita/images_raw
mkdir ~/android/fajita/patches
mkdir ~/android/fajita/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message .
Step 2: Download the latest OxygenOS from OnePlus
Go to https://www.oneplus.com/support/softwareupgrade and download the latest OOS update, store it in ~/android/fajita/oos
Step 3: Extract the vendor.img from OOS
Run the following commands to extract the vendor.img from OOS:
Code:
cd ~/android/fajita/oos
unzip [oos file name you downloaded] payload.bin
cd ../images_raw
python ~/android/lineageos/lineage/scripts/update-payload-extractor/extract.py --partitions vendor --output_dir . ../oos/payload.bin
You should now have a ~1g file named vendor.img in the images_raw directory.
Step 4: Update fajita's BoardConfig.mk
You will need to add a few parameters to the end of ~/android/lineageos/device/oneplus/fajita/BoardConfig.mk, they are:
Code:
BOARD_PREBUILT_VENDORIMAGE := /home/<userid>/android/fajita/images_raw/vendor.img
AB_OTA_PARTITIONS += vendor
BOARD_AVB_ALGORITHM := SHA256_RSA2048
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~"" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
Step 5: Update sdm845-common's BoardConfigCommon.mk (optional)
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place. However, you may not want to if you intend to make other changes to the system/boot/vendor partitions (like Magisk, etc.) after you have re-locked the bootloader.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/devices/sdm845-common
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/' BoardConfigCommon.mk
Step 6: Patch the AOSP/LineageOS releasetools
Two releasetools included with LineageOS need to be patched as they otherwise will not properly process a pre-built vendor.img.
The required patches can be found here:
https://raw.githubusercontent.com/W.../source/add_img_to_target_files.py-17.1.patch
https://raw.githubusercontent.com/W...r/source/sign_target_files_apks.py-17.1.patch
Download both and store in ~/android/fajita/patches.
Now apply them with the following commands:
Code:
cd ~/android/lineageos/build/tools/releasetools
patch add_image_to_target_files.py ~/android/fajita/patches/add_image_to_target_files.py-17.1.patch
patch sign_target_files_apks.py ~/android/fajita/patches/sign_target_files_apks.py-17.1.patch
Step 7: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
croot
breakfast fajita
mka target-files-package otatools
Step 8: Prepare vendor.img
As part of the build process above, your raw vendor.img will been copied to the $OUT directory and a new hashtree (what AVB uses to verify the image) will have been added to it.
You need to use this new version in the signing process but due to how the build system works, this is not done by default.
So, let's put it where it is needed:
Code:
cp $OUT/obj/PACKAGING/target_files_intermediates/lineage_fajita-target_files-eng.*/IMAGES/vendor.img ~/android/fajita/images
Step 9: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs --prebuilts_path ~/android/fajita/images $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Note the new "--prebuilts_path" option, which points to where your new vendor.img file is located.
Step 10: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 11: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/fajita/pkmd/pkmd.bin
Step 12: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer.
Reboot your phone in to recovery mode
In LineageOS Recovery select "Apply update"
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
When the sideload is complete, reboot in to LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously.
Step 13: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/fajita/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot oem lock
On your phone, confirm you want to re-lock and it will reboot
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 14: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 15: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
In the above example the releasekey from your LineageOS install has been used to sign AVB, but AVB supports other key strengths up to SHA512_RSA8192. You could create a key just for signing AVB that used different options than the default keys generated to sign LineageOS.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the make files and releasetools may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the files to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo partitions stored in vbmeta. Official LineageOS builds do not include the vendor.img in them (for fajita at least, other phones may), instead simply using the existing partition on the phone.
That means that there is no vendor.img information in vbmeta for the official builds, which means AVB will fail to verify it during boot and give the red corruption message and halt the boot process after you have re-locked the bootloader.
And since you cannot add to vbmeta without the LineageOS private key, which only the LineageOS signing server has, you cannot add it.
This means you must do a full build with new signing keys to make it work.
Theoretically you could pick apart a LineageOS release, rehash the system/vendor/boot/dtbo and then recreate vbmeta and the payload.bin file, but that brings a host of other issues. For example, since such a "build" would look like a full LinageOS release, if you ever accidentally let the updater run it would brick (soft) that slot and you'd have swap back to your other slot to boot again. In an extreme case, if you managed to corrupt the second slot somehow you'd have to wipe your entire and recover from the brick with one of the available tools to do so.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message an then the stardard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what do those two patches to the release tools do?
AOSP/LineageOS's add_image_to_target_files.py detects if a vendor.img file already exists, and if so, simply includes it in the build process. The patch adds one extra step, so that AVB is being enabled for the build, it will replace the existing hashtree on vendor.img using the same salt and other options as will be used on system/boot/dtbo. This ensure that when vbmeta is generated, it has the right information from vendor.img.
The script is called from the make system as part of the "mka target-files-package otatools" and the appropriate parameters from the make system, like "BOARD_PREBUILT_VENDORIMAGE", are used to create arguments to the script to build the standard image files as well as include the prebuilt vendor.img.
This script is used both during the initial build as well as the signing process, but this change is only targeted at the build time implementation. During signing, the script uses whatever hashtrees are in place and does not regenerate them.
AOSP/LineageOS's sign_target_files_apks.py is responsible for signing the APKs that have been built as part of "mka target-files-package otatools", unfortunately it is not part of the "make" system, so settings like "BOARD_PREBUILT_VENDORIMAGE" do not impact the script. This means that sign_target_files_apks.py does not have any knowledge that it should be including a pre-built vendor.img, even though it is in the $OUT directory waiting to be used.
The patch adds a new parameter to the script (--prebuilts_path), so that during the signing process, any image files found in the provided path, will be included in the process. So make sure that only vendor.img is in the provided directory. This is a directory instead of a single file as future uses may be to include things like firmware, other partition types, etc. in to the signing process.
Thank you's
Obviously to all of the members of the LineageOS team!
LuK1337 for supporting fajita
optimumpro for the OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299) which inspired this one
Quark.23 for helping with the process and testing on enchilada
Nice , Will this enable widewine L1?
jsidney96 said:
Nice , Will this enable widewine L1?
Click to expand...
Click to collapse
I don't believe there is a connection between the two.
WhitbyGreg said:
I don't believe there is a connection between the two.
Click to expand...
Click to collapse
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
cowgaR said:
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
Click to expand...
Click to collapse
Yeah.. It brings it to L1
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
---------- Post added at 06:16 PM ---------- Previous post was at 05:48 PM ----------
Curious question here,
WhitbyGreg said:
*** will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices***
Click to expand...
Click to collapse
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
arvindgr said:
Yeah.. It brings it to L1
Click to expand...
Click to collapse
Good to know.
arvindgr said:
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
Click to expand...
Click to collapse
That would be nice but more importantly, more phones need to support re-locking.
arvindgr said:
Curious question here,
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
Click to expand...
Click to collapse
Reasonably important, after all, if you never get firmware updates you'll have outdated security patching for the firmware. Some official LOS builds require newer versions of the firmware as they are released and won't install without it.
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification. A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Geofferey said:
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification.
Click to expand...
Click to collapse
So you can confirm you have relocked the bootloader on the 7T with AVB enabled?
Geofferey said:
A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
Click to expand...
Click to collapse
Yes, those are my patches that I've submitted to LOS, I also have two other patches submitted to allow for other prebuilt images (aka firmware images) to be included in the build process.
Geofferey said:
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Click to expand...
Click to collapse
I'll take a look and see if I need to update any of my submissions, thanks.
I will have to update those commits with you as author. I messed that up and set person who picked yours as author. I am sorry. BTW thank you for those patches they were a lifesaver and inspired me.
Yes, I can confirm re-lock with AVB enabled on 7T works and also with hash verification. If I flash an image not signed by the build process with hash verification enabled I go red. Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Geofferey said:
Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Click to expand...
Click to collapse
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
quark23 said:
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
Click to expand...
Click to collapse
No, it does not defeat the purpose... Hashtree verification will still happen since root can be included in the build as opposed to flashing after the fact. In a way it's actually even more advised. The way I think, having root may lead to a means of being exploited but true AVB closes the door to any persistent rootkits that may try to modify partitions at block level. If ANYTHING modifies the verified partitions phone will refuse to boot and I will be protected. Doing exactly what AVB is supposed to do, verify the phone is in it's intended state. I also think of phone as a computer, you have root access on Linux, Windows and even Mac for Christ sake, why shouldn't it be the same for phones? The ONLY reason we don't by default is so manufacturers and carriers can stay in control. I've been rooting and modifying phones for years without AVB and yet to have a known breech of my data besides the Google apps constantly collecting on me. This just adds another level of security that I used to sacrifice in order to have root access.
Here is my PoC to include Magisk in builds so dm-verity can be kept enabled. Just two commits. If someone could make this better that would be really cool.
https://github.com/Geofferey/omni_android_build/commit/d60958780e6b26d7cb0cec5939b82df3df74a68f
https://github.com/Geofferey/android_vendor_magisk
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't br able to get rid of it by rebooting.
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
quark23 said:
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
Click to expand...
Click to collapse
So you built your ROM from source with root included, had TWRP go through signing and was able to modify system and other partitions without receiving a device corrupt message? I highly doubt AVB is even implemented appropriately if you were able to do so. If it is implemented it sounds like the old version, tho I remember if I violated FS too much it wouldn't be able to fix and failed to boot. Having a locked bootloader because AVB is enabled does not mean dm-verity is enabled. Also, it should be nearly impossible to just write things like files to /system or w.e. if you are on a device that ships with 10.
quark23 said:
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Click to expand...
Click to collapse
I know it does, but I am not doing such small things as modifying a host file. The kinds of things I include in my personal ROMs require such a high level of access to the point where I can not write SE polices that will allow me to pass CTS and spit out user builds without serious modifications to the build env.
quark23 said:
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't b able to get rid of it by rebooting.
Click to expand...
Click to collapse
The act of flashing Magisk is what breaks AVB, if you include it in the ROM at build time like I am doing then it doesn't need to be flashed. It makes modifications to the system by binding data from the wipeable data partition to /system/. If something utilizes that to install a backdoor or tunnel it goes bye-bye when I wipe. If something utilizes it to flash anything or modify system device no boot.
quark23 said:
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
Click to expand...
Click to collapse
You're kidding right? Android solely exist as a mean for Google to collect data. That was the whole idea behind Android. Buy & develop an OS that any manufacturer can put on their device, let them certify for Google Play Services and collect the data that powers their ad platform. They certainly didn't opensource their baby for free. If you allow ports 80 and 443 out with inbound related allowed, that's all they need.
quark23 said:
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
Click to expand...
Click to collapse
I'd just rather the manufactures and Google would implement a root solution that plays nice with Androids security instead of making us resort to violating it. It's funny to me that we find it acceptable for these fools to maintain control of something you purchased with your hard earned dollars because they think we are too stupid to have it. Like I stated root and admin privileges are fully available to us on nearly any PC but phones for some reason are an exception.
_________________________________________________
I could rant and debate about this forever... Fact of matter is, you don't have to disable every Android security feature to have root.
I didn't build with magisk, I just flashed after building.
But you can try and modify anything on /system or /vendor from twrp, without magisk, without locking the bootloader, and see what happens. Avb discards the modification, but doesn't warn you. Curious of your findings regarding this. If you then flash magisk, you ofc break the hashtree and avb and the mods remain persistent.
I understand that you are building with magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services? Got any dns logs or mitm wireshark packets to show? What service exactly is collecting what kind of data? Google's dns servers can be replaced before building, Greg has some scripts for that. Captive portal can also be replaced or turned off. Apart from that, and any apps you add yourself, what kind of data is being collected as I want to check it out myself. I've monitored my phone and it's pretty silent. Whatever goes out is from additional apps I use. But I don't see anything from LOS. Really curious about this.
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
I'm really hapoy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
quark23 said:
I understand that you are building with Magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Click to expand...
Click to collapse
Ah, there lies the real question. I am including in my personal builds a Debian Linux chroot that gets extracted to /data/ so I can run Linux services, etc. I have customized the chroot with Openvpn so that it connects to my server and essentially allows me back into device wherever it may lay. Basically I am adding in the stuff of nightmares that all this security is supposed to prevent. That is why I want dm-verity, because I know I am leaving my self partially open by doing so. I have a decent understanding of dm-verity and have confirmed that it does and will protect me against the scenarios I imagine. BTW it operates completely differently in locked state vs. unlocked.
quark23 said:
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services?
Click to expand...
Click to collapse
Well, if you're the type of person who doesn't require Google Play Services, nothing of course. I was merely stating that Google had open sourced Android in hopes that manufacturers would adopt the OS and qualify their devices for Google PS so that it could be used as a data collection platform. You won't easily see all the information Google collects in a Wireshark log because it is encrypted of course. LOS better be silent as hell without it or I'd contact that dev with a strongly worded message lmfao.
quark23 said:
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
Click to expand...
Click to collapse
Oh I DO NOT think it should just be enabled by default. If I had my way it would be enabled in dev ops requiring authentication and protected via a different password than the one you use to unlock the device once setup. You'd also require those "root" privileges to OEM unlock once enabled. While those features were enabled you'd be warned on boot as well but without locking you out of apps etc because that kind of sensitive data should be handled by TEE and TZ. In a real Linux operating system that hasn't been fundamentally raped to offer a false sense of security in the name of protecting carriers and manufactures you can modify SE linux policies etc, not while live but without compiling from source. A lot of us forget most these security features exist more to protect their interest and attempt to hide what's going on behind the scenes. I've actually heard of some pretty shady stories where manufacturers in China place ad-tappers that run in background on devices running GooglePS to be sold in US, so it definitely doesn't protect you if the person building your phone is shade.
quark23 said:
I'm really hapy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
Click to expand...
Click to collapse
Me too mate. . AOSP has taught me a lot about development and coding in general. Sadly outdated blobs are a usually a by-product of using pre-builts from manufacturers that don't update as often. Pixel would be way to go if that's a concern. I honestly just think a lot of the security is abused to suit their needs. I am just trying to turn it around to work for me where it can.
If you repo sync you should run the vendor files script as there's a couple of new files added. The Muppets github has been updated with them as well. If you don't your build will fail at first power on.
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
nictabor said:
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
Click to expand...
Click to collapse
Correct, though if you setup your own update server you can still use the inbuilt updater app if you want.
I just happened across this thread searching for a proper way to generate the custom avb key. I thought i had found it at one time on aosp documentation but i lost/forgot where it was.
Anyways, I have a quick q about this. Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
I am pretty sure I won't be able to but wanted to ask here for you guys' experiences.
Also, @WhitbyGreg you should be able to i believe. just setup the url properly and host it somewhere with direct download links. (This also requires setup of json for the updater to monitor for updates)
klabit87 said:
Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
Click to expand...
Click to collapse
Correct (at least as far as I know), once the bootloader is relocked any modification of the system partition (like adding the play services) would trigger an AVB failure.
Hi all:
Here is a LineageOS 19.0 ALPHA ROM for Z5 compact (suzuran).
Download 2022-03-12
This is a 7z archive with the zip'ed ROM and the md5 file in it. Please unpack this archive, copy the included two files somewhere to your device, reboot into TWRP and flash this zip file. Enable md5sum checking.
Kernel sources
Tree sources
Features:
OS Version: 12 (S)
Kernel: Linux 3.10
Kernel 3.10.108
New: Android security patch level: 5 February 2022
Using Sony blob's from stock version 32.4.A.1.54
Important informations:
You should be familiar with general installation of custom ROMs.
Required for installation: TWRP 3.2.1 (pick the version from 2018-02-23!!!)
OR use my self built TWRP-version 3.6.0!
This ROM needs a clean install, old /data may cause problems!
This ROM is NOT pre-rooted. For rooting you can use Magisk.
Working:
Audio
Bluetooth
Fingerprint
FM-Radio (maybe it needs a few restarts before it's working)
German App AusweisApp2 (needs extended length NFC data; default in LineageOS 19.0)
LiveDisplay
Location services (see screenshot)
NFC
Notifications
Notification LED
Offline charging
Phone calls
Reboot into recovery and bootloader
Sensors
SMS
Sounds
WiFi
Please tell me...
Please keep in mind: This is an early ALPHA version and in permanent development status.
These things are NOT working (or badly working):
Camera
Encryption
Payment
Streaming (mirroring)
Maybe some more things are not working.
Use this ROM at your own risk! It comes without any warranty! I'm not responsible for any damage! If you don't agree with that, don't try to flash this ROM in any way.
Benefits:
Added F-Droid and UnifiedNLP! If you don't want this, simply de-install it.
I've set maximum speaker volume to a higher value.
I've increased microphone gain.
I've changed the microfone gain to avoid echo in phone calls.
Changelog
Troubleshooting:
If you're running into an error, please search in this thread if this error is already posted, before you post it again!
If not, I need a LOG to see what went wrong. Without a LOG I can't help you!
A LOG can be fetched by connecting the device with an USB cable to your PC and then by typing these commands line by line:
Code:
adb root
adb shell logcat -b all -d > logcat
Send my this LOG file via PM.
If you think this could be a SELinux related issue, please try to set the device to permissive mode first.
If the issue is gone, I need the policy file too (plus LOG). Fetch it by typing this line in a terminal:
Code:
adb pull /sys/fs/selinux/policy
If you stuck in a bootloop you can fetch a LOG with this trick:
Press the power button and the volume up button together until the device shuts down.
HOLD the power button.
Release the volume up button and press the volume down button immediately after releasing the volmue up button.
The device should start into TWRP recovery.
Tap on "Advanced", then on "Terminal" and enter these commands line by line:
Code:
cd sys/fs/pstore
cp * /sdcard
Send me the copied file(s), if any, via PM.
One last request:
Please, do not ask about problems for which my ROM is not responsible.
From now on I will only react to problems that I can reproduce and that are caused by my ROM.
I'm sorry for that, but I'm developing this ROM in my spare time and I still have a normal life.
The SIM card recognition works now; please stay tuned.
Currently I'm fighting with a crash loop while trying to enter SIM PIN.
Seems this is going to be a longer fight...
Berni-0815 said:
Currently I'm fighting with a crash loop while trying to enter SIM PIN.
Seems this is going to be a longer fight...
Click to expand...
Click to collapse
Hello Berni
For a short time, I tried rom with a spare device.
I also installed NikGapps.
First, it doesn't recognize the sim.
I tried rebooting several times, but it doesn't recognize it.
Also, I can't move the app icon.
The safety net was fine with Magisk.
Please do its best.
I haven't uploaded my latest changes because they are too unstable!
norabitox said:
I can't move the app icon
Click to expand...
Click to collapse
That's not a bug, that's a feature!
Long-press on an empty part of the screen and tab on "Home settings" and switch the first switch ("Lock layout") to the "on" position.
The logic behind this feature is reverse, so don't wonder.
Berni-0815 said:
That's not a bug, that's a feature!
Click to expand...
Click to collapse
Is that so
Thank you
New version out; see 1st post.
Now working:
Phone calls
SMS
WiFi
FM-Radio (maybe it needs a few restarts before it's working)
LiveDisplay
Offline charging
Notification LED
I could flash your android 12 version. recovery is changed to stock recovery, I reflashed twrp.
Welcome Screen was flickered, after 2 reboots I could create my profile on my z5 compact.
I had a lot of crashed on homescreen.
Call and sms are working.
Weird! I don't have any crashes! Could you please grab and send LOGs?
good work, does gapps work?
Thanks will try out this rom after awhile
Please don't forget: This is a very early ALPHA version! Don't expect any miracle!
And if possible, grab LOGs and search them for fatal errors (" F " <- a blank, a capital letter F and a blank) and for messages like "dlopen failed: cannot locate symbol".
I'm using "grep" for that:
Git:
grep " F " logcat > logcat.fatal
grep "dlopen failed: cannot locate symbol" logcat > logcat.symbol
...or like that...
Hi! Could you port this rom on sony Z5 premium?
I'm only building for suzuran (Z5 compact E5803, E5823)!
Please ask @Joel16 for further assistance.
He's the maintainer for Z5 premium.
Berni-0815 said:
I'm only building for suzuran (Z5 compact E5803, E5823)!
Please ask @Joel16 for further assistance.
He's the maintainer for Z5 premium.
Click to expand...
Click to collapse
Ok THX!
arpias said:
Ok THX!
Click to expand...
Click to collapse
Just an FYI until it gets into more of a 'beta' phase I won't be building android 19 for Z5P.
Joel16 said:
Just an FYI until it gets into more of a 'beta' phase I won't be building android 19 for Z5P.
Click to expand...
Click to collapse
Ok Joel, i'll wait for it, THX in advance!
New version out; see 1st post.
Android security patch level: 5 January 2022
Stability improvements: Removed IMS and VoLTE stuff due to too much weird errors.
New version out; see 1st post.
Sensors now working