Since the first Nougat dev build, I've been running stock unlocked Android. However, I haven't been able to keep my recovery installed, and I've had to reflash it via my computer every time I wanted to be able to flash things via TWRP. In addition, nothing I flash (except when I root the device, for some reason) survives the reboot into system, even if it was a successful flash. Any help is appreciated.
Nexus 6
Stock Android 7.0 Nougat
Unlocked, but not rooted
Sent from my Nexus 6 using Tapatalk
The system will rewrite the recovery partition every time you boot it up. You need to make an edit to system partition to prevent that from happening. Specifically, the script at /system/bin/install-recovery.sh.
Now of course you are *also* having problems getting changes to the system partition to stick. This is due to dm-verity running on that partition. In order to cancel that, you need to modify the initrd image (part of the boot image). Specifically, remove the verity parameter from the fstab for system partition.
doitright said:
Specifically, the script at /system/bin/install-recovery.sh.
Specifically, remove the verity parameter from the fstab for system partition.
Click to expand...
Click to collapse
I've never made an edit to the recovery.sh file but I've always ran a noforce nonverify boot img and TWRP always stuck for me. I read that when you allow TWRP to modify system that it automatically edits this file which I do. Is this way it's sticking? I never had any problems and it seems a lot of "TWRP not sticking" threads are popping up.
Sent from my Nexus 6 using XDA-Developers mobile app
doitright said:
The system will rewrite the recovery partition every time you boot it up. You need to make an edit to system partition to prevent that from happening. Specifically, the script at /system/bin/install-recovery.sh.
Now of course you are *also* having problems getting changes to the system partition to stick. This is due to dm-verity running on that partition. In order to cancel that, you need to modify the initrd image (part of the boot image). Specifically, remove the verity parameter from the fstab for system partition.
Click to expand...
Click to collapse
Could you explain how to do all of that? I have no idea what to edit or where those things are.
Sent from my Nexus 6 using Tapatalk
I'm almost entirely new to messing around with stock firmware on a locked bootloader, its been unlocked for 2 years. I relocked it, TA keys are fine, I had TWRP, I was able to write to the system partition, I had external storage write permissions, and all of those things have dissapeared entirely. I was able to use an xposed module for getting external storage permission back.
-I can't install TWRP again because the installer on a locked bootloader requires the system to be remounted rw or already have access to a recovery.
-The xposed solution to the exteral sd isn't ideal, and again I need TWRP or to do it manually by mounting the system rw.
-FlashFire doesn't work regardless of what variation of options I give it.
-I pulled the kernel image out of the pre-rooted zip I initially used but it won't fastboot. It says USB debugging isn't enabled when I try it using flashtool, though it is on when the system is up. I was hoping that the rewrite permissions or possibly even TWRP would be available if I reflashed the kernel image. This won't work.
The reason for being on Lollipop is that for whatever reason, push notifications still really suck for me on Marshmallow, enough so that it isn't a workable option.
Having either TWRP or being able to remount the system rw would, from the look of it, lead to being able to fix the thing entirely.
The only workable solution I have right now is to flash stock Marshmallow, install TWRP which is rather easy on current MM, then reinstall the pre-made zip I already had for Lollipop. This is a huge pain given that I just put a lot of time into my setup and even just the settings I'm using in Xposed would in itself be difficult to restore as its quite a lot. Everything is backed up via Titanium.
Essentially, "Is there a workable solution to my problem that doesn't involve flashing MM, putting TWRP back, reflashing LP, then setting up what I know I need to all over again followed by the inevitable supprise down the line of still needing to re-do some of my apps that didn't quite go well? The goal is to get TWRP back, and this seems like it isn't going to happen if I can't write to the system.
??
Also, If I just pull /data entirely via adb, my laptop already uses ext4 for the filesystem, but it there a way in this scenario where I could absolutely ensure that I could do it, and then put it back while not screwing up file permissions assuming I did the whole falsh MM, install TWRP, flash LP thing?
My phone (3T) has an unlocked bootloader, is encrypted, not rooted, and running stock OOS 5.0.
I flashed TWRP and discovered that stock OOS restores the stock recovery in boot.
I saw the Oreo dm-verity thread by xenet, had a look at the zip file, noticed that it just modified fstab to prevent force encrypt, so I flashed it to see what happens.
And nothing happens. After the system had booted, fstab is unchanged from the original stock copy.
So I'm wondering whether this file is also restored when booting up on stock.
I get aggressive and go back to TWRP and delete /system/etc and /system/bin and modify build.prop.
Surely now the phone won't boot!
Wrong! It boots up and everything is back to normal in /system.
I go back to TWRP and have a look at /system and it shows me one without the etc and bin folders and has the modified build.prop.
What's going on? How can I see one version of /system in TWRP but a different version (ie, stock) when the phone has booted?
By the way I've been an Android user for many years and have rooted and flashed custom ROMs on a variety of phones and I've never seen anything like what's happening on my 3T. I'm sure that dm-verity is somehow involved in this.
Happened to me on my earlier OOS 5.0 attempts...
But i suspected Magisk is involved in my case.
I downloaded Magisk Module "System Terminal Debloater,"
remove some apps like Duo, Chrome, and Google Play Movies.
Some restarts, they magically re-appear again on Apps Drawer...
Haven't touch them yet again after....
nicknacknuke said:
Happened to me on my earlier OOS 5.0 attempts...
But i suspected Magisk is involved in my case.
I downloaded Magisk Module "System Terminal Debloater,"
remove some apps like Duo, Chrome, and Google Play Movies.
Some restarts, they magically re-appear again on Apps Drawer...
Haven't touch them yet again after....
Click to expand...
Click to collapse
Thanks.
I should have mentioned that I'm also not rooted. So stock OOS 5.0.
Sent from my OnePlus 3T using XDA Labs
When you boot TWRP for the first time, it should ask you if you want to put the /system in read/write mode or if you want to leave it unchanged, did you choose the right option?
Jackhass said:
When you boot TWRP for the first time, it should ask you if you want to put the /system in read/write mode or if you want to leave it unchanged, did you choose the right option?
Click to expand...
Click to collapse
No, I don't get that message because my phone is encrypted with a password. So the first thing I see in TWRP is the request for the password and then I'm presented with the menus.
However, in the Mounted menu, system isn't mounted and I have the option of mounting it in read-only mode.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
No, I don't get that message because my phone is encrypted with a password. So the first thing I see in TWRP is the request for the password and then I'm presented with the menus.
However, in the Mounted menu, system isn't mounted and I have the option of mounting it in read-only mode.
Click to expand...
Click to collapse
After first time flashing TWRP a folder gets created on your internal storage, with a hidden file called .twrps, go delete it and reboot recovery to trigger the message "allowing system modifications" on TWRP's first boot...
It's not about encryption, it's just that TWRP remember the decision you made due to the file I pointed out...
Sent from my OnePlus 3T using XDA Labs
Sam Nakamura said:
After first time flashing TWRP a folder gets created on your internal storage, with a hidden file called .twrps, go delete it and reboot recovery to trigger the message "allowing system modifications" on TWRP's first boot...
It's not about encryption, it's just that TWRP remember the decision you made due to the file I pointed out...
Click to expand...
Click to collapse
Somehow the attachment strikes on previous post
Edit: still not working, check your TWRP Folder on storage to find the file
Sent from my OnePlus 3T using XDA Labs
Sam Nakamura said:
Somehow the attachment strikes on previous post
Edit: still not working, check your TWRP Folder on storage to find the file
Click to expand...
Click to collapse
Thanks, you are correct. I'd forgotten that that TWRP remembers. Deleting .twrps does bring up the RO prompt after decrypting storage.
Jackhass said:
When you boot TWRP for the first time, it should ask you if you want to put the /system in read/write mode or if you want to leave it unchanged, did you choose the right option?
Click to expand...
Click to collapse
I had allowed changes to the system otherwise I couldn't have made changes to it, which includes the ability to restore the system partition.
But I'm still unclear why if I make changes to the system partition and boot with the stock kernel, then after the boot none of the changes are present in the system partition, but if I boot back into TWRP then the changes are all there.
I recall someone in another OOS 5 thread saying that the stock kernal replaces TWRP with stock recovery if you don't flash root (magisk/superSU). Is it possible that the kernel re-flashes system on boot? Another possibility is that TWRP thinks it's making changes to system but it's not actually? Not quite sure, I've never heard of anything like this before either, just throwing other ideas out there.
I've never read anything about the OP3T or any oneplus phones for that matter having A/B system partitions like the pixels. *shrug*
@nhshah7, something's like what you suggest must be going on to account for what I'm seeing. I'm hoping that someone can confirm my observations and provide a definite answer.
@BillGoss
My thread has been updated relating to all your queries...
Thank you...
https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Xennet said:
@BillGoss
My thread has been updated relating to all your queries...
Thank you...
https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Click to expand...
Click to collapse
Actually it doesn't explain how TWRP can make changes to system yet the phone boots up on an unmodified system if using the stock kernel. And then, when you boot back into TWRP and look at system, the changes are still there.
Where does the unmodified system come from?
Where does the modified system live?
Why doesn't modifying system result in a failed boot due to dm-verity, while restoring a backup of system does result in a failed boot?
So many questions with no answers.
BillGoss said:
....So many questions with no answers.
Click to expand...
Click to collapse
Not sure if this is applicable in your case but the following possibilities may be worth considering for you:
1. Are you sure that the system image is actually getting modified? If the system partition is not mounted before flashing the zip and the zip being flashed does not mount the system partition in read / write, then no changes to system partitions will actually be written.
2. If dm-verity is enabled, then restoring system could result in an error as this is different from restoring a system-image (nandroid copy of the whole partition and not just the files in the system partition). DM-verity can be triggered if the files are all the same but the dm-verity signature computed by hashing the system partition has changed.
3. For boot partitions, strange behaviour can occur if remnants of the previous boot.img are still in the partition (...e.g. if the previous boot.img was of larger size and a new boot.img of a smaller is flashed, then there will be some bytes after the new boot.img that are from the previous boot.img). To verify this, format the boot partition from fastboot and see if you notice anything different with the new boot.img.
4. In Oreo / 8.0, dm-verity flags are stored in dtb (device tree blobs) inside the kernel and not in the fstab file. Only data encryption can be changed from the fstab file and dm-verity needs to be changed from changing the dtb (...Magisk beta v1456 and SuperSu 2.82 SR4 do this, I think).
rk2612 said:
Not sure if this is applicable in your case but the following possibilities may be worth considering for you:
1. Are you sure that the system image is actually getting modified? If the system partition is not mounted before flashing the zip and the zip being flashed does not mount the system partition in read / write, then no changes to system partitions will actually be written.
2. If dm-verity is enabled, then restoring system could result in an error as this is different from restoring a system-image (nandroid copy of the whole partition and not just the files in the system partition). DM-verity can be triggered if the files are all the same but the dm-verity signature computed by hashing the system partition has changed.
3. For boot partitions, strange behaviour can occur if remnants of the previous boot.img are still in the partition (...e.g. if the previous boot.img was of larger size and a new boot.img of a smaller is flashed, then there will be some bytes after the new boot.img that are from the previous boot.img). To verify this, format the boot partition from fastboot and see if you notice anything different with the new boot.img.
4. In Oreo / 8.0, dm-verity flags are stored in dtb (device tree blobs) inside the kernel and not in the fstab file. Only data encryption can be changed from the fstab file and dm-verity needs to be changed from changing the dtb (...Magisk beta v1456 and SuperSu 2.82 SR4 do this, I think).
Click to expand...
Click to collapse
I'll come back to 1.
2. That makes sense and accounts for why a restore of the system partition with the stock boot image causes me to get dumped back in fastboot mode. If I flash the stock system zip file then the system boots properly.
3. I've not had any issues with strange boot behaviour. I'm always starting with stock or flashing kernels that modify the stock boot image, like Blu Spark.
4. I gathered this from my reading of various threads. If I want to make changes to the system partition and get them to stick and not fail dm-verity then I have to flash a custom kernel. I've proven this in my testing. (A rooting solution would also work, but I've not done this).
Back to 1:
Here's what I've done:
Starting with pure stock image (flash OOS 5.0).
Boot into fastboot and flash TWRP.
Boot into recovery.
Mount system as rw. (In ro mode the next step fails)
Delete the bin, etc, and lib folders in system using the TWRP file manager. (Screenshot a)
Reboot system.
... First interesting fact ...
System boots ok, deleted folders are present in file manager. (Screenshot b)
Boot into fastboot and flash TWRP. (Booting with stock restores stock recovery)
Mount system.
... Second interesting fact ...
TWRP file manager shows that deleted folders are missing. (Screenshot c)
Flash custom kernel or patched boot image
Reboot system
... Third interesting fact ...
System fails to boot. Hangs on splash screen.
So TWRP made the changes (otherwise how could they be visible between reboots, including a replacement of recovery) and I only did them once.
Yet they don't actually take effect until I replace the stock boot image.
So, where are the changes hiding? What did TWRP actually change?
Screenshots (note that TWRP has the wrong timezone set so the time shown is wrong):
BillGoss said:
....
Back to 1:
Here's what I've done:
Starting with pure stock image (flash OOS 5.0).
Boot into fastboot and flash TWRP.
Boot into recovery.
Mount system as rw. (In ro mode the next step fails)
Delete the bin, etc, and lib folders in system using the TWRP file manager. (Screenshot a)
Reboot system.
... First interesting fact ...
System boots ok, deleted folders are present in file manager. (Screenshot b)
Boot into fastboot and flash TWRP. (Booting with stock restores stock recovery)
Mount system.
... Second interesting fact ...
TWRP file manager shows that deleted folders are missing. (Screenshot c)
Flash custom kernel or patched boot image
Reboot system
... Third interesting fact ...
System fails to boot. Hangs on splash screen.
So TWRP made the changes (otherwise how could they be visible between reboots, including a replacement of recovery) and I only did them once.
Yet they don't actually take effect until I replace the stock boot image.
So, where are the changes hiding? What did TWRP actually change?
Screenshots (note that TWRP has the wrong timezone set so the time shown is wrong):
Click to expand...
Click to collapse
Some more thoughts for you to consider:
1. Have you tried this with the official TWRP recovery version 3.2.0-0?
2. Is there anything inside the folders that you see using the file manager after a regular boot? Folders of same name may exist in the boot ramdisk and these are merged with system folders after boot.
3. Try wiping cache between reboots and see if that changes any of your observations.
rk2612 said:
Some more thoughts for you to consider:
1. Have you tried this with the official TWRP recovery version 3.2.0-0?
2. Is there anything inside the folders that you see using the file manager after a regular boot? Folders of same name may exist in the boot ramdisk and these are merged with system folders after boot.
3. Try wiping cache between reboots and see if that changes any of your observations.
Click to expand...
Click to collapse
Good questions. They got me thinking more about how this could possibly work.
I had a look at the cache and there's definitely no copy of the system hiding there.
I also unpacked the ramdisk in the boot image and it had nothing in system. Furthermore, the boot position is only 64 MB, no where near enough to hold the system.
Then I installed Magisk so that I could browse around the phone's partitions and take copies.
I learnt two things from this:
1. If there's a second copy of the system there are only three partitions large enough to hold it (/proc/partitions shows the sizes in 1 kB blocks). The system is about 1 GB. There is space in the system partition (sde20) for 3 GB. There's also space in the data partition (sca15). And there's space in the major partition holding the modems (sdf).
I could eliminate the data partition by formatting it but restoring the internal storage (sdcard) is such a a pain.
So I'll just accept that there is space for a copy, but I'm unlikely to find out exactly where.
2. When I had Magisk installed installed and the system boot, I added a folder and file to /system/priv-app using a file manager (so not using TWRP). I then booted into recovery, flashed the stock boot image, and rebooted. I was expecting it to fail dm-verity (modified system) but it didn't. After booting up there's no evidence of the folder I added to priv-app.
And if I restore the Magisk boot image then the additions show up again.
I'm actually very impressed with how the stock system (kernel, recovery, system) protects itself from modification. Very cool!
I have a Moto x4 running android 8.1 Oreo with November security patches and magisk v18. Stock recovery and rom. I tried installing a couple magisk modules and the phone won't boot with magisk patched boot image installed. I have restored the stock boot image backup and the phone will run without magisk. I have erased magisk manager's cache, and even uninstalled magisk manager, but the modules are still installed and if i use fastboot boot patched_boot.img it won't boot. My system is encrypted and when I boot the TWRP bootable, I am unable to flash or delete anything outside of the user data or my SD card. I cannot install any zip including magisk manager for recovery or magisk core mode only module. I have tried everything I know to do and then some. Any input or assistance would be greatly appreciated. I would like to avoid resetting my data if possible.
Basically, I think I need to delete magisk.img from my system, but I cannot find it anywhere in my system partition using twrp's file browser. Also, I no longer have root access so I cannot adb root and adb shell into it.
Magisk image is in /data/adb. If you have access to /cache, create a file there named ".disable_magisk" (without quotation marks and with the leading dot). That'll enable Core Only Mode.
https://www.didgeridoohan.com/magis...agisk_functionality_bootloop_loss_of_root_etc
Didgeridoohan said:
Magisk image is in /data/adb. If you have access to /cache, create a file there named ".disable_magisk" (without quotation marks and with the leading dot). That'll enable Core Only Mode.
https://www.didgeridoohan.com/magis...agisk_functionality_bootloop_loss_of_root_etc
Click to expand...
Click to collapse
unfortunately, both the /data/adb and /cache are encrypted and inaccessible without root.
That is great to know for the future though, thanks
I got it to work. I needed to use the newest twrp bootable image in order to decrypt the data in recovery. Once this was done, I was able to erase magisk.img with no issues at all. Thanks for all the help.
Hello.
My english ist bad. Sorry.
I use / test first time Magisk and first time devices with guid partitin table.
I modifying the system partition. if Everything works, i want to save changes permanent in the partition.
1.Where are the changes to the system partition saved bye magisk?
I ask, because i read, magisk not changes the system partition if i install apps?
the system partiton is not changed. that's how I understand this.
2. If I want to change the system partition real / permanent, how can I do that?
I want to install some system app after install magisk and and if no bootloops and all works, i want to save it in "real system partition".
3. If i change files on system partion in recovery modus (TWRP), are this real changes or magisk save partion too?
I hope you unterstand my bad english.
Thanks Toshy
Editing in TWRP is real system modification, Magisk isn't initiated then. If you've got a Magisk mask (you've got a module that is mounting files to /system, systemlessly) causing modifications to disappear after a reboot you can also try editing the real /system while booted, in /sbin/.magisk/mirror.
Thank.
for my devices i not found working root methods. only "magisk" works.
if my sytempartitions changes works, i want to make this changes permant.
When I deinstall magisk, the system partition is restored to its original state.
How can I prevent this?
in twrp i can see the files in the system partition. but i cant save / backup the system and restore later, because i restore a parte of magisk to.
What can i do, do deinstall magisk withou restore systempartion or make changes permanent?
Is there an "addon" / module or a config change to make this?
Greetings Toshy