Related
I AM VERY SORRY, I THINK I AM IN THE WRONG FORUM!
Hi Guys, has anyone rooted the latest Asus Zenfone 4 Lollipop? The new OTA can be downloaded from here
http://www.asus.com/ph/supportonly/ASUS ZenFone 4/HelpDesk_Download/
Thanks in advance.
BTW. more details
Version WW_7.3.3 (Android L)
ASUS ZenFone4(T00I) software Image: V7.3.3 (Android L) for WW only*
Note1: Please make sure update software version V6.6.3 first before update to software version V7.3.3
Note2: Download the OTA file and put the file to the device root directory directly.
Please note! The listed apps below will be removed once the
Android 5.0 Lollipop upgrade is complete.
1. Battery Widget
2. Google Text-To-Speech
3. Movie Studio
Please notice that below new apps will be added in this system upgrade.
1. TripAdvisor
2. Gameloft
3. CleanMaster
4. Zinio
5. ASUS Auto-start Service Manager:
Prevent unwanted apps from automatically starting up and using RAM
Stop services immediately and prevent Android from restarting these apps again
6. ASUS Support
Add Assistance in ASUS Help
Support bug reporting mechanism?
Enable Push notification service
Add unread count badge
Add new item reminders for articles
Support Google Analytics mechanism
Please notice that some feature changes in this system upgrade.
1. Lockscreen: remove standalone wallpaper & weather info
2. Dialer/Contacts: reduce tab count from 5 to 3; remove group tab name/photo
3. InCall screen: remove inCall animation & cover
4. Quick settings/Recent app layout change
Steps of Update:
1.Check software version of your device**
2.Download device software and Update SOP (From “Manual” Item)
3.Only apply to same SKU update, Example: WW->WW, CN->CN, TW->TW.
4.Software update cannot transfer the software SKU and downgrade the software version.
5.Wrong SKU may cause update failure, please update the same SKU version only.
*How to know the device model?
Path: Settings->About-> Model number
Example: ASUS_T00I
**How to know the device software version?
Path: Settings->About-> software information->Build number
***System upgrade may cause part of data missing, please buckup your important data before system upgrading.
Root not working
Root not working, error during update install.
Subhajitdas298 said:
Root not working, error during update install.
Click to expand...
Click to collapse
Sorry dude... I do not have root myself just yet. Let's wait for other to share root..
Asus Zenfone 4 lollipop can be easily rooted using temporary cwm session for intel device method. T2 method works fine. I have tried this and it works fine.
http://forum.xda-developers.com/android/development/intel-android-devices-root-temp-cwm-t2975096
I am totally new to Andriod app coding. I have downloaded Andriod Studio base and I tried to create a custom Virtual Device for my XiaoMi Pad 2.
I have set all specifications according to XiaoMi Pad2. However, when I tried to select the corresponding system image version, which is version 5.1 on the XiaoMi Pad 2, I was shown the message <Failed to Load> under the section 'Action', as well as <N/A> under the section 'API' and 'Target'.
As I am new to this forum too, I am unable to post screenshots of my problem.
I hope I can get some solutions here
What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 17.1 suitable for using to re-lock the bootloader on a OnePlus 6/6t
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 17.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 18.04 installation, if you are using Windows or another Linux distro, the commands may be different.
Supported devices:
Current both the OnePlus 6 (enchilada) and 6t (fajita) have been tested, but newer phones should work as well.
For simplicities sake, all further references will only be to the 6t (fajita).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 17.1 (recommended 8 cores, 24g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 17.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki for details on how to complete these tasks
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/fajita
mkdir ~/android/fajita/oos
mkdir ~/android/fajita/images
mkdir ~/android/fajita/images_raw
mkdir ~/android/fajita/patches
mkdir ~/android/fajita/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message .
Step 2: Download the latest OxygenOS from OnePlus
Go to https://www.oneplus.com/support/softwareupgrade and download the latest OOS update, store it in ~/android/fajita/oos
Step 3: Extract the vendor.img from OOS
Run the following commands to extract the vendor.img from OOS:
Code:
cd ~/android/fajita/oos
unzip [oos file name you downloaded] payload.bin
cd ../images_raw
python ~/android/lineageos/lineage/scripts/update-payload-extractor/extract.py --partitions vendor --output_dir . ../oos/payload.bin
You should now have a ~1g file named vendor.img in the images_raw directory.
Step 4: Update fajita's BoardConfig.mk
You will need to add a few parameters to the end of ~/android/lineageos/device/oneplus/fajita/BoardConfig.mk, they are:
Code:
BOARD_PREBUILT_VENDORIMAGE := /home/<userid>/android/fajita/images_raw/vendor.img
AB_OTA_PARTITIONS += vendor
BOARD_AVB_ALGORITHM := SHA256_RSA2048
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~"" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
Step 5: Update sdm845-common's BoardConfigCommon.mk (optional)
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place. However, you may not want to if you intend to make other changes to the system/boot/vendor partitions (like Magisk, etc.) after you have re-locked the bootloader.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/devices/sdm845-common
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/' BoardConfigCommon.mk
Step 6: Patch the AOSP/LineageOS releasetools
Two releasetools included with LineageOS need to be patched as they otherwise will not properly process a pre-built vendor.img.
The required patches can be found here:
https://raw.githubusercontent.com/W.../source/add_img_to_target_files.py-17.1.patch
https://raw.githubusercontent.com/W...r/source/sign_target_files_apks.py-17.1.patch
Download both and store in ~/android/fajita/patches.
Now apply them with the following commands:
Code:
cd ~/android/lineageos/build/tools/releasetools
patch add_image_to_target_files.py ~/android/fajita/patches/add_image_to_target_files.py-17.1.patch
patch sign_target_files_apks.py ~/android/fajita/patches/sign_target_files_apks.py-17.1.patch
Step 7: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
croot
breakfast fajita
mka target-files-package otatools
Step 8: Prepare vendor.img
As part of the build process above, your raw vendor.img will been copied to the $OUT directory and a new hashtree (what AVB uses to verify the image) will have been added to it.
You need to use this new version in the signing process but due to how the build system works, this is not done by default.
So, let's put it where it is needed:
Code:
cp $OUT/obj/PACKAGING/target_files_intermediates/lineage_fajita-target_files-eng.*/IMAGES/vendor.img ~/android/fajita/images
Step 9: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs --prebuilts_path ~/android/fajita/images $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Note the new "--prebuilts_path" option, which points to where your new vendor.img file is located.
Step 10: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 11: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/fajita/pkmd/pkmd.bin
Step 12: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer.
Reboot your phone in to recovery mode
In LineageOS Recovery select "Apply update"
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
When the sideload is complete, reboot in to LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously.
Step 13: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/fajita/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot oem lock
On your phone, confirm you want to re-lock and it will reboot
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 14: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 15: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
In the above example the releasekey from your LineageOS install has been used to sign AVB, but AVB supports other key strengths up to SHA512_RSA8192. You could create a key just for signing AVB that used different options than the default keys generated to sign LineageOS.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the make files and releasetools may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the files to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo partitions stored in vbmeta. Official LineageOS builds do not include the vendor.img in them (for fajita at least, other phones may), instead simply using the existing partition on the phone.
That means that there is no vendor.img information in vbmeta for the official builds, which means AVB will fail to verify it during boot and give the red corruption message and halt the boot process after you have re-locked the bootloader.
And since you cannot add to vbmeta without the LineageOS private key, which only the LineageOS signing server has, you cannot add it.
This means you must do a full build with new signing keys to make it work.
Theoretically you could pick apart a LineageOS release, rehash the system/vendor/boot/dtbo and then recreate vbmeta and the payload.bin file, but that brings a host of other issues. For example, since such a "build" would look like a full LinageOS release, if you ever accidentally let the updater run it would brick (soft) that slot and you'd have swap back to your other slot to boot again. In an extreme case, if you managed to corrupt the second slot somehow you'd have to wipe your entire and recover from the brick with one of the available tools to do so.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message an then the stardard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what do those two patches to the release tools do?
AOSP/LineageOS's add_image_to_target_files.py detects if a vendor.img file already exists, and if so, simply includes it in the build process. The patch adds one extra step, so that AVB is being enabled for the build, it will replace the existing hashtree on vendor.img using the same salt and other options as will be used on system/boot/dtbo. This ensure that when vbmeta is generated, it has the right information from vendor.img.
The script is called from the make system as part of the "mka target-files-package otatools" and the appropriate parameters from the make system, like "BOARD_PREBUILT_VENDORIMAGE", are used to create arguments to the script to build the standard image files as well as include the prebuilt vendor.img.
This script is used both during the initial build as well as the signing process, but this change is only targeted at the build time implementation. During signing, the script uses whatever hashtrees are in place and does not regenerate them.
AOSP/LineageOS's sign_target_files_apks.py is responsible for signing the APKs that have been built as part of "mka target-files-package otatools", unfortunately it is not part of the "make" system, so settings like "BOARD_PREBUILT_VENDORIMAGE" do not impact the script. This means that sign_target_files_apks.py does not have any knowledge that it should be including a pre-built vendor.img, even though it is in the $OUT directory waiting to be used.
The patch adds a new parameter to the script (--prebuilts_path), so that during the signing process, any image files found in the provided path, will be included in the process. So make sure that only vendor.img is in the provided directory. This is a directory instead of a single file as future uses may be to include things like firmware, other partition types, etc. in to the signing process.
Thank you's
Obviously to all of the members of the LineageOS team!
LuK1337 for supporting fajita
optimumpro for the OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299) which inspired this one
Quark.23 for helping with the process and testing on enchilada
Nice , Will this enable widewine L1?
jsidney96 said:
Nice , Will this enable widewine L1?
Click to expand...
Click to collapse
I don't believe there is a connection between the two.
WhitbyGreg said:
I don't believe there is a connection between the two.
Click to expand...
Click to collapse
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
cowgaR said:
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
Click to expand...
Click to collapse
Yeah.. It brings it to L1
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
---------- Post added at 06:16 PM ---------- Previous post was at 05:48 PM ----------
Curious question here,
WhitbyGreg said:
*** will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices***
Click to expand...
Click to collapse
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
arvindgr said:
Yeah.. It brings it to L1
Click to expand...
Click to collapse
Good to know.
arvindgr said:
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
Click to expand...
Click to collapse
That would be nice but more importantly, more phones need to support re-locking.
arvindgr said:
Curious question here,
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
Click to expand...
Click to collapse
Reasonably important, after all, if you never get firmware updates you'll have outdated security patching for the firmware. Some official LOS builds require newer versions of the firmware as they are released and won't install without it.
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification. A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Geofferey said:
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification.
Click to expand...
Click to collapse
So you can confirm you have relocked the bootloader on the 7T with AVB enabled?
Geofferey said:
A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
Click to expand...
Click to collapse
Yes, those are my patches that I've submitted to LOS, I also have two other patches submitted to allow for other prebuilt images (aka firmware images) to be included in the build process.
Geofferey said:
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Click to expand...
Click to collapse
I'll take a look and see if I need to update any of my submissions, thanks.
I will have to update those commits with you as author. I messed that up and set person who picked yours as author. I am sorry. BTW thank you for those patches they were a lifesaver and inspired me.
Yes, I can confirm re-lock with AVB enabled on 7T works and also with hash verification. If I flash an image not signed by the build process with hash verification enabled I go red. Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Geofferey said:
Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Click to expand...
Click to collapse
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
quark23 said:
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
Click to expand...
Click to collapse
No, it does not defeat the purpose... Hashtree verification will still happen since root can be included in the build as opposed to flashing after the fact. In a way it's actually even more advised. The way I think, having root may lead to a means of being exploited but true AVB closes the door to any persistent rootkits that may try to modify partitions at block level. If ANYTHING modifies the verified partitions phone will refuse to boot and I will be protected. Doing exactly what AVB is supposed to do, verify the phone is in it's intended state. I also think of phone as a computer, you have root access on Linux, Windows and even Mac for Christ sake, why shouldn't it be the same for phones? The ONLY reason we don't by default is so manufacturers and carriers can stay in control. I've been rooting and modifying phones for years without AVB and yet to have a known breech of my data besides the Google apps constantly collecting on me. This just adds another level of security that I used to sacrifice in order to have root access.
Here is my PoC to include Magisk in builds so dm-verity can be kept enabled. Just two commits. If someone could make this better that would be really cool.
https://github.com/Geofferey/omni_android_build/commit/d60958780e6b26d7cb0cec5939b82df3df74a68f
https://github.com/Geofferey/android_vendor_magisk
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't br able to get rid of it by rebooting.
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
quark23 said:
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
Click to expand...
Click to collapse
So you built your ROM from source with root included, had TWRP go through signing and was able to modify system and other partitions without receiving a device corrupt message? I highly doubt AVB is even implemented appropriately if you were able to do so. If it is implemented it sounds like the old version, tho I remember if I violated FS too much it wouldn't be able to fix and failed to boot. Having a locked bootloader because AVB is enabled does not mean dm-verity is enabled. Also, it should be nearly impossible to just write things like files to /system or w.e. if you are on a device that ships with 10.
quark23 said:
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Click to expand...
Click to collapse
I know it does, but I am not doing such small things as modifying a host file. The kinds of things I include in my personal ROMs require such a high level of access to the point where I can not write SE polices that will allow me to pass CTS and spit out user builds without serious modifications to the build env.
quark23 said:
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't b able to get rid of it by rebooting.
Click to expand...
Click to collapse
The act of flashing Magisk is what breaks AVB, if you include it in the ROM at build time like I am doing then it doesn't need to be flashed. It makes modifications to the system by binding data from the wipeable data partition to /system/. If something utilizes that to install a backdoor or tunnel it goes bye-bye when I wipe. If something utilizes it to flash anything or modify system device no boot.
quark23 said:
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
Click to expand...
Click to collapse
You're kidding right? Android solely exist as a mean for Google to collect data. That was the whole idea behind Android. Buy & develop an OS that any manufacturer can put on their device, let them certify for Google Play Services and collect the data that powers their ad platform. They certainly didn't opensource their baby for free. If you allow ports 80 and 443 out with inbound related allowed, that's all they need.
quark23 said:
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
Click to expand...
Click to collapse
I'd just rather the manufactures and Google would implement a root solution that plays nice with Androids security instead of making us resort to violating it. It's funny to me that we find it acceptable for these fools to maintain control of something you purchased with your hard earned dollars because they think we are too stupid to have it. Like I stated root and admin privileges are fully available to us on nearly any PC but phones for some reason are an exception.
_________________________________________________
I could rant and debate about this forever... Fact of matter is, you don't have to disable every Android security feature to have root.
I didn't build with magisk, I just flashed after building.
But you can try and modify anything on /system or /vendor from twrp, without magisk, without locking the bootloader, and see what happens. Avb discards the modification, but doesn't warn you. Curious of your findings regarding this. If you then flash magisk, you ofc break the hashtree and avb and the mods remain persistent.
I understand that you are building with magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services? Got any dns logs or mitm wireshark packets to show? What service exactly is collecting what kind of data? Google's dns servers can be replaced before building, Greg has some scripts for that. Captive portal can also be replaced or turned off. Apart from that, and any apps you add yourself, what kind of data is being collected as I want to check it out myself. I've monitored my phone and it's pretty silent. Whatever goes out is from additional apps I use. But I don't see anything from LOS. Really curious about this.
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
I'm really hapoy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
quark23 said:
I understand that you are building with Magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Click to expand...
Click to collapse
Ah, there lies the real question. I am including in my personal builds a Debian Linux chroot that gets extracted to /data/ so I can run Linux services, etc. I have customized the chroot with Openvpn so that it connects to my server and essentially allows me back into device wherever it may lay. Basically I am adding in the stuff of nightmares that all this security is supposed to prevent. That is why I want dm-verity, because I know I am leaving my self partially open by doing so. I have a decent understanding of dm-verity and have confirmed that it does and will protect me against the scenarios I imagine. BTW it operates completely differently in locked state vs. unlocked.
quark23 said:
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services?
Click to expand...
Click to collapse
Well, if you're the type of person who doesn't require Google Play Services, nothing of course. I was merely stating that Google had open sourced Android in hopes that manufacturers would adopt the OS and qualify their devices for Google PS so that it could be used as a data collection platform. You won't easily see all the information Google collects in a Wireshark log because it is encrypted of course. LOS better be silent as hell without it or I'd contact that dev with a strongly worded message lmfao.
quark23 said:
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
Click to expand...
Click to collapse
Oh I DO NOT think it should just be enabled by default. If I had my way it would be enabled in dev ops requiring authentication and protected via a different password than the one you use to unlock the device once setup. You'd also require those "root" privileges to OEM unlock once enabled. While those features were enabled you'd be warned on boot as well but without locking you out of apps etc because that kind of sensitive data should be handled by TEE and TZ. In a real Linux operating system that hasn't been fundamentally raped to offer a false sense of security in the name of protecting carriers and manufactures you can modify SE linux policies etc, not while live but without compiling from source. A lot of us forget most these security features exist more to protect their interest and attempt to hide what's going on behind the scenes. I've actually heard of some pretty shady stories where manufacturers in China place ad-tappers that run in background on devices running GooglePS to be sold in US, so it definitely doesn't protect you if the person building your phone is shade.
quark23 said:
I'm really hapy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
Click to expand...
Click to collapse
Me too mate. . AOSP has taught me a lot about development and coding in general. Sadly outdated blobs are a usually a by-product of using pre-builts from manufacturers that don't update as often. Pixel would be way to go if that's a concern. I honestly just think a lot of the security is abused to suit their needs. I am just trying to turn it around to work for me where it can.
If you repo sync you should run the vendor files script as there's a couple of new files added. The Muppets github has been updated with them as well. If you don't your build will fail at first power on.
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
nictabor said:
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
Click to expand...
Click to collapse
Correct, though if you setup your own update server you can still use the inbuilt updater app if you want.
I just happened across this thread searching for a proper way to generate the custom avb key. I thought i had found it at one time on aosp documentation but i lost/forgot where it was.
Anyways, I have a quick q about this. Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
I am pretty sure I won't be able to but wanted to ask here for you guys' experiences.
Also, @WhitbyGreg you should be able to i believe. just setup the url properly and host it somewhere with direct download links. (This also requires setup of json for the updater to monitor for updates)
klabit87 said:
Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
Click to expand...
Click to collapse
Correct (at least as far as I know), once the bootloader is relocked any modification of the system partition (like adding the play services) would trigger an AVB failure.
This is the support thread of PixelFlasher
(PixelFlasher is an open-source self contained GUI tool to facilitate Pixel phone device flashing/rooting/updating with extra features).
Note: This thread is meant for issues and problems faced in Google Pixel 5 devices, generic issues that are device agnostic should be discussed in the main thread.
For full details on where to download / usage and feature set of the tool, visit the main thread at XDA or the project's Github page.
Troubleshooting:
If you need support or assistance, the best way to get is by generating a support file from within PixelFlasher.
You can hit that big Support button on the main screen, or select it from the Help menu.
The generated support.zip file is sanitized (redacted) to keep your sensitive information (username device id ...) private.
Placeholder
Placeholder
Placeholder
just asking if it will work on 4a5g too due to similarities with Pixel5 or not?
creezalird said:
just asking if it will work on 4a5g too due to similarities with Pixel5 or not?
Click to expand...
Click to collapse
Yes it should, although I don't have one and hence I have not tested it, but the program should work for all Pixel phones, and possibly all Google made phones. There is no difference in the process amongst these phones.
New Release: (See full details here on xda or here at github)
April 03, 2022 v2.0.0.0-pre release.
Major refactoring
Added Advanced (Expert) mode UI.
Basic mode keeps UI simple and hides expert features.
Support for setting active slot.
Reboot options (recovery, system, bootloader)
Moved custom ROM options to expert mode.
Added custom flashing to expert mode, can now flash to live (temporary root), or custom flash any image to any partition.
Moved flashing to both slots, disabling verity / verification to expert mode.
Many other improvements, validations and checks.
Updated documentation.
Update:
Version 2.0.1 which includes a hotfix for issue reported here.
New Release:
April 06, 2022 v2.1.0 release
Setup dedicated profile directory.
Put logs in the profile directory and maintain log history.
Plumbing for Linux support (just the flashing part is left to do).
Plumbing for new workflow.
Bugfix to handle name conflict in ROM filename.
Various minor improvements.
Update documentation.
New release:
April 10, 2022 v2.2.0 release
Linux support.
Remember last window position.
List Magisk modules, when Magisk is detected.
Added fastboot verbose option.
Added more checks and validations.
Added more details when errors are encountered.
Cleaner message box (better formatting).
Notice to the user in case fastboot drivers are not setup properly.
More plumbing work for the new upcoming workflow.
Add notes on how to build the Linux version.
New release:
April 11, 2022 v2.2.2 release
Linux Improvements, warn user if selected SDK is old.
New Release:
April 19, 2022 v2.4.0 release
Magisk modules management, enable / disable modules selectively, this comes in handy to disable suspect modules before an upgrade.
Autoscroll the console.
Code cleanup.
April 17, 2022 v2.3.0 release
Optional automatic check for updates feature.
Added help menu links to:
- Report an issue
- Feature Request
- PixelFlasher Project Page
- PixelFlasher Community (Forum)
- Homeboy76's Guide
- V0latyle's Guide
- Open Configuration Folder
- Check for New Version
Icons for menu items.
Link to download Pixel Firmware.
Link to download Android Platform Tools.
Unlock Bootloader.
Lock Bootloader.
SOS (experimental) - disable Magisk modules to get out of bootloop.
Additional flashing options:
- product
- system
- system_ext
- system_other
- vbmeta_system
- vbmeta_vendor
Added sideload flashing option.
Updated documentation.
Further improved console messages for troubleshooting.
Linux build using Github Actions.
Manual build for Kali Linux.
Bug fix release:
April 20, 2022 v2.4.1 release
Bug Fixes: Error message during flashing, introduced by code reshuffle.
It turns out that some Magisk Modules don't set the id, which was expected to be present, which caused Magisk module management screen not to display.
New Release:
April 30, 2022 v3.0.0 release
New workflow, no more package preparation, select options and flash all dynamic.
boot.img caching and management UI with details about the state of boot.img files.
Faster as there is no more need to zip a package.
Other optimizations and improvements.
Update documentation.
Check the main thread or the Github page for details about the new workflow, hope you find it useful.
New Release
May 02, 2022 v3.1.0 release
Fixed a missing step in the final flashing of boot.img
Decoupled Firmware / ROM processing from selecting the files, now we have a separate button to process, makes it clearer and does not give the impression that selecting the file is hanging.
Added splash screen (v3.0.1), the GUI refresh hiccup is gone.
Made the boot.img management delete function more extensive.
I flashed my phone with the May drop using this version.
badabing2003 said:
New Release
May 02, 2022 v3.1.0 release
Fixed a missing step in the final flashing of boot.img
Decoupled Firmware / ROM processing from selecting the files, now we have a separate button to process, makes it clearer and does not give the impression that selecting the file is hanging.
Added splash screen (v3.0.1), the GUI refresh hiccup is gone.
Made the boot.img management delete function more extensive.
I flashed my phone with the May drop using this version.
Click to expand...
Click to collapse
I would like to make a request for your tool if that's ok could you give the option to open up diag for the Pixel 5?
elong7681 said:
I would like to make a request for your tool if that's ok could you give the option to open up diag for the Pixel 5?
Click to expand...
Click to collapse
what is diag?
what Am I going to open?
badabing2003 said:
what is diag?
what Am I going to open?
Click to expand...
Click to collapse
Diag port for using QPST from Qualcomm
elong7681 said:
Diag port for using QPST from Qualcomm
Click to expand...
Click to collapse
Is this what you want?
Code:
adb shell "su -c 'setprop sys.usb.config diag,adb'"
just type this and see if it works, if it does, very easy to add.
I don't have a Qualcomm device to test with
badabing2003 said:
Is this what you want?
Code:
adb shell "su -c 'setprop sys.usb.config diag,adb'"
just type this and see if it works, if it does, very easy to add.
I don't have a Qualcomm device to test with
Click to expand...
Click to collapse
Code:
adb shell
su
resetprop ro.bootmode usbradio
resetprop ro.build.type userdebug
setprop sys.usb.config diag,diag_mdm,adb
diag_mdlog
cancel (ctrl+c) once it starts to "hang" at failed to open diag socket
change usb config (file transfer, no file transfer)
This is how it is done for the Pixel 5
LineageOS 18.1 UNOFFICIAL for 2015 Samsung Galaxy Tab S2 SM-T810 ONLYModel: SM-T810 (wifi) - gts210wifi - 9.7" screen, Exynos 5433 SoC, no LTE
This is the ONLY model that the ROM will work on.
There is NO ROM for the T715 or T815 in this thread. Questions about T715 or T815 will be completely IGNORED.
You MUST READ posts 1-4 (about 10 minute read) before deciding to install this rom. If you think this is an unreasonable request, then stop reading now and find another rom. Thank you.
DISCLAIMER
I am not responsible for lost data, identity theft, lost money, security vulnerabilities, bricked devices or any other hardware or software malfunctions that comes as a result of flashing this rom.
All involved in bringing this build to you are working voluntarily on it in very limited spare time, and their other life commitments have much higher priority. Don't expect a prompt, or even any, response to questions and bug reports.
Before attempting to install this ROM
1. Ask yourself: would bricking your device be a disaster for you? If yes, don't try this ROM! It can't be guaranteed stable and reliable enough to depend on for daily use.
2. BACKUP YOUR DATA AND EXISTING ROM. Be prepared for a complete restore if anything goes wrong.
3. RESEARCH adb, fastboot, Odin/heimdall, and TWRP and how to use them, if not already familiar with these.
What works
1. bluetooth
2. wifi
3. brightness
4. external audio
5. GPS
6. audio through headphone jack
7. audio over bluetooth
8. selinux enforcing
9. DRM level 3 (SD definition)
10. deep sleep
What doesn't work
1. fingerprint. As I wrote in post 1891 at
https://forum.xda-developers.com/t/...t810-t815-t815y.3879302/page-95#post-85533725
I will not spend anymore time looking at fingerprint. If you need fingerpint to work, stay with stock Samsung rom.
2. DRM level 1 (no HD definition). There's more detail in post 1891 above. I will not be trying to achieve level 1 for HD definition. If you need HD definition for your $treaming media, stay with stock Samsung rom.
3. If you charge the device while it's powered off and then want to power it on, you MUST wait at least 30 seconds AFTER disconnecting the charger cable before pressing the power button otherwise you might run into strange boot problems such as the touch screen not working.
4. Possibly other features that I haven't tested or do not use.
Source Code
See FAQ 1 for links in post #2.
Thanks
1. LineageOS team for source code.
2. @retiredtab, @ananjaser1211, @lpedia, @Yogi555 and @CuckooPenguin for spending nearing 1 month fixing the 2 most biggest bugs in 17.1 that plagued users for nearly 10 months: the wifi instability and random reboots. These are discussed in detail at
https://forum.xda-developers.com/t/...rs-running-any-version-of-android-10.4308193/
https://forum.xda-developers.com/t/...rs-running-any-version-of-android-10.4308203/
3. All past contributors of the exynos5433 code.
4. @rINanDO for his lmkd spam fix in 18.1.
5. beta testers: lpedia, Yogi555 and CuckooPenguin
6. Yogi555 for building the public T810 monthly roms starting April 2022
7. lpedia for suggestions, proof reading and FAQ table format in post #2.
Frequently Asked Questions. You MUST READ this before posting any questions. Thank you.
QuestionAnswerQ1. Can I build this ROM for myself? Where are the source and kernel source files?A1. Yes, you can. The source files are listed below.
Kernel
https://github.com/retiredtab/android_kernel_samsung_universal5433-selinux
Device Tree
https://github.com/retiredtab/android_device_samsung_gts2-common-selinux
https://github.com/retiredtab/android_device_samsung_gts210wifi
Vendor
https://github.com/retiredtab/proprietary_vendor_samsung-selinux
In addition, there is a repo diff file for device-specific tweaks needed to work and a roomservice.xml (local manifest file) file so you can build this rom yourself. The other patch required for tcp/ip is at https://github.com/DerpFest-11/pack...mmit/22fd53a977eeaf4e36be7bf6358ecf2c2737fa5eQ2. Is this ROM suitable as a daily driver?A2. It might be, depending on your requirements. You would need to try it yourself, with your preferred apps, to see if suits your purposes. I've been using it myself since mid August 2021 with no major issues.Q3. What do I do if my app xyz doesn't work?A3. I can't help diagnose problems with random apps I know nothing about. If the app is critically important to you and it doesn't work on this ROM, go back to a ROM where it did work.Q4. Why is this ROM laggy and/or buggy?A4. The device will be noticeably slower if you're using any Gapps package. Consider going gapps-free. A lot of apps will work without Google's services, or there exist alternatives that will. Check out F-Droid, Aurora Store, NewPipe, etc.Q5. What TWRP should I use?A5. You MUST use TWRP 3.5.2_9. Get it from
https://dl.twrp.me/gts210wifi/Q6. Why should I use this ROM?A6. You don't have to! If you don't like it, go back to your old ROM.Q7. Will you offer monthly updates with security patches?A7. We plan to do so. Yogi555 will try to update the ROM with the monthly security patches after LineageOS has released them, free time permitting. Each monthly build will be tested to make sure all the "What works" functionality listed in post #1 still works, before it's made available (which might in some cases delay the release).Q8. I'm a newbie. Can you provide step by step instructions?A8. We simply don't have the time to do this, but there are lots of tutorials, videos, etc online showing how to flash custom ROMs and how to deal with common problems. Newbie questions are also accepted in the XDA General Questions and Answers forum. Having said that, @pflyaz has kindly make a guide in in post #16.Q9. Can I report a bug with respect to the ROM?A9. Yes, but you need to supply the following information. If you don't, I won't look at it.
Provide an adb logcat of the problem, and if possible describe how to reproduce it. Note that I can't help if it involves downloading any app I don't already use that requires payment or creating a userid/password.
To get a logcat, open a terminal window on your PC, connect your device to it via USB, and do this:
Bash:
# clear the logcat first
adb logcat -c
# start logcat trace
adb logcat > problem.txt
# reproduce problem
# wait until problem has occurred,
# then stop trace by hitting ctrl-c then zip the problem.txt file
# before uploading it.
Q10. How long will you build 18.1 for this device?A10. For now, 18.1 will be built for all of 2022. After that, we will make a decision depending on a number of factors.Q11. Do I need to erase everything and format my data before installing this ROM for the first time?A11. Under most circumstances, yes.
If you're coming from stock Samsung Android, or an earlier version of LineageOS, or a different custom ROM, you MUST 'clean flash': boot to TWRP recovery, wipe system, data, dalvik/art cache, and cache partitions, then Format Data, then install this ROM.
If you don't do this you're likely to run into problems, such as getting stuck at the boot animation for more than 5 minutes.
The ONLY exception is that if you are coming from LOS 18.1 with the April 5 2022 security patch or later, you can dirty flash the latest security patch build.Q12. What Gapps should I use?A12. Your choice! There are several well-known Gapps packages, such as NikGapps, BiTGapps, OpenGapps, and MindTheGapps. OpenGapps is being removed as per post #14. Do your own research as to what is the most reliable gapps option for you.
I recommend installing the SMALLEST version of any of these, preferably with just the minimum Google services needed to access the Play Store and run apps that depend on Google services.
You could also consider Google alternatives, such as Aurora Store, which mirrors the Google Play Store apps but doesn't need any Google services itself. Many Play Store apps do not actually depend on Google services.
If you are going to install any Gapps package, follow the installation instructions given for that particular package.Q13. I'm having problems with Gapps. Can you tell me why it's not working?A13. I can't answer any questions about Gapps, because I don't use them. Ask your questions on the XDA thread for the Gapps package you're using.Q14. Why isn't my post answered?A14. There are several possible reasons: the question is answered in the FAQ (in which case it will be ignored completely); or it involves apps or operating systems that I don't use; or it's about Gapps, which I don't use; or I simply have not had time to answer any questions.Q15. What speed up/optimization tips do you suggest?A15. These steps can make a big difference to performance:
Turn off animations. Go to Settings > System > Developer options, scroll down to the Drawing section, and set Window, Transition and Animator scale all to "Animation off".
Don't install Gapps unless you depend on something that only Google is providing. Use Aurora Store to get your preferred Play Store apps - they will all be available on Aurora Store. You can choose to access this anonymously or use a Google account.
Don't run more than two apps at the same time. You can probably listen to music in the background and use a web browser at the same time.
Use a web browser with built-in adblock and privacy features, such as Brave.
Use NewPipe to watch your streaming content. It has built in adblock so you don't have to watch forced ads.
Look for apps that are open source, ad-free and lightweight.
Q16. Does this ROM support Magisk so I can root my device?A16. Magisk works with this ROM as reported by beta testsers, but that could change with any revision and changes by Google. However I don't use it myself and can't help with any related issues. Direct any questions about Magisk to the XDA Magisk forum.Q17. Will this ROM ever become official?A17. Never. Official maintainers have onerous responsibilities, and I know my device trees, code organization and git commits will NOT meet LineageOS standards. I'm not able or willing to take on the responsibilities and commit the extra time to supporting an official build.Q18. What is the difference between this ROM and others?A18. This ROM tries to be pure LineageOS with little or no modification. Other ROMs may come with a different UI, different bundled apps, etc.Q19. Will there be any major 18.1 code modifications in the future?A19. I don't anticipate any major modifications. There may be some slight tweaking to the SEpolicy, small bug fixes and minor code cleanup, but all the hard work - getting the rom up and running, and fixing all the major bugs - has been done. This doesn't mean the code is perfect or well organized, but I won't be making any major changes.Q20. Why did you fork the trees?A20. I wanted my own private branch where I could make changes that would only affect my own personal builds.Q21. Can you build a variant of this device? For example, a LTE or S-pen version?A21. I cannot and will not try to build for a variant device if I don't physically have that device. I have to be able to boot and test it myself, and there's no guarantee that I can get those variant features working. So I will NEVER build T715, T810 and T815.Q22. Can I load this ROM on a variant device like LTE or S-pen version?A22. This ROM is for the device explicitly listed and will only work on that device. Do not try to install it on any other device.
ONLY if you are an advanced user and understand TWRP, adb, odin, heimdall, etc, you could try loading it on a LTE or S-pen variant by modifying the updater-script, but be warned: there are likely to be problems, including a bricked device, bootloops, or the ROM not being able to support the functionality of LTE/S-pen.Q23. Does this ROM have any wifi connection issues?A23. This ROM's wifi has been stable on the specified device ever since lpedia and I determined the root cause of the wifi problems back in July 2021 and re-installed the original S2 network 'blobs' with LOS 17.1.Q24. Is this ROM secure so I can do financial transactions?A24. Although Android monthly security patches do improve general security, this ROM's outdated kernel and old proprietary vendor blobs/drivers will NEVER get updates of any kind, and could have significant security holes.
In addition, although the ROM is SElinux enforcing, there's a good chance that the rules written (about 800+ lines of code) have some errors.
If the device is rooted, this would further weaken the security.
With this information, it's up to you to make an informed decision about whether you trust this ROM to be secure enough for your financial transactions.Q25. Okay, I understand the consequences and willing to take the risks outlined, now where can I find the BETA rom?A25. Downloads are at
https://sourceforge.net/projects/retiredtab/files/SM-T810/18.1/
Monthly release notes
June 9, 2023 release notes
1. Incorporates June 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-06
May 9 release notes
1. Incorporates May 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-05
Apr 18 release notes
1. Incorporates Apr 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-04
Mar 19 release notes
1. Incorporates Mar 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-03
Feb 17 release notes
1. Incorporates Feb 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-02
Jan 11. 2023 release notes
1. Incorporates Jan 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2023-01
Dec 12 release notes
1. Incorporates Dec 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2022-12
Nov 21 release notes
1. Incorporates Nov 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2022-11
Oct 9 release notes
1. Incorporates Oct 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2022-10
Sept 11 release notes
1. Incorporates Sept 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2022-09
2. Fixes non working touchscreen and hardware buttons when powering up with power cable plugged in and device turned off. However, the recommendation is still to unplug your charger, wait 30 seconds before pressing power button when your device is turned off.
https://github.com/retiredtab/andro...mmit/7e0657629efedc7f06f6f6fb57199fca0b4e8ea6
https://github.com/retiredtab/andro...mmit/e17c44d2e282d67b243a1c99ce62127e83052c4f
3. Removed settings menu option for fast charging. S2 tablet devices do not support this.
https://github.com/retiredtab/andro...mmit/6db8e690141a98e5cf9e6952c3572c127c0cf8ea
Aug 10 release notes
1. Incorporates Aug 5 security patches as per https://review.lineageos.org/q/topic:R_asb_2022-08
2. Fixes saving of color profile in live display during a reboot/shutdown.
https://github.com/retiredtab/andro...mmit/01b1ed6ba8c268a19762031415fde1b4e45d4ac3
3. Fixes offline battery charging by writing rules to allow charger to access certain files. This removes the previous workaround. Thanks to @simon-edwards for providing an adb logcat that showed the denials.
https://github.com/retiredtab/andro...mmit/041ae45960170e68410b059f4f709e9c14b79a99
July 13, 2022
1. Added argosd to improve wifi throughput as per https://github.com/retiredtab/andro...mmit/c181aa0c5192e46a5a03d4451e2648481a520c0f
2. Incorporates July 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-07
June 11, 2022
1. Removed vibrator code from gts2-common as wifi only models don't have vibrator motor (only LTE models).
https://github.com/retiredtab/andro...mmit/e54aee73a98e3cef6e74f96c1815cec9c82ff10d
https://github.com/retiredtab/andro...mmit/dd846b06378182398c55b57b2edc2537369bd509
2. Incorporates June 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-06
May 10, 2022
1. Added overlay for led capacitive led buttons as per https://github.com/retiredtab/andro...mmit/83551570e4627a0e353e358787f83aa65484b528
2. Incorporates May 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-05
April 10, 2022
1. YOU MUST read posts 1-4 if you haven't already
2. First public BETA release of selinux enforcing T810 build.
3. Incorporates April 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-04
4. BACKUP your data because YOU MUST wipe dalvik/cache, cache, system, data and internal storage partitions in TWRP and FORMAT DATA after as this is the first release of this build. You cannot dirty flash at all. See FAQ.
Reserved.
Initial public build called lineage-18.1-20220410-UNOFFICIAL-gts210wifi.zip. The sha256sum file is provided as well to ensure integrity of download.
Yogi555 has tested all the functionality as to what works as per post #1 before uploading the build. Having said that, there's still a chance it won't work on your device due to human error, your configuration, your apps, etc. If it won't boot, always start with a complete wipe of everything and format your data. This is known has a clean install. Backup your data before a clean install.
April 10, 2022
1. YOU MUST read posts 1-4 if you haven't already
2. First public BETA release of selinux enforcing T810 build.
3. Incorporates April 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-04
4. BACKUP your data because YOU MUST wipe dalvik/cache, cache, system, data and internal storage partitions in TWRP and FORMAT DATA after as this is the first release of this build. You cannot dirty flash at all. See FAQ Q11.
Tried the beta build and everything seems to be working. I'll observe once it goes into deep sleep and see if WiFi will lose connection (usually 24 hours) on the other 18.1 build. Loaded all my paid apps without issues. Only gripe is the Netflix with DRM L3. Will look into another thread where they spoofed it.
I'll give it a try. Other LOS 18.1 roms wifi not working.
@retiredtab, @ananjaser1211, @lpedia, @Yogi555 and @CuckooPenguin thx very much for your work.
Until yesterday mine was on ripees build from 20211103 which was stable and working but didn't seem to get any further updates than 20211208.
Clean installation went well although I didn't follow "Q5" and used latest TWRP which is 3.6.1_9-0.
Flashed it with Magisk 23. (wanted to make sure that Gapps didn't interfere)
1st boot was fast, setting it all up.
Looking in settings for button backlight duration but didn't find it (using it in the night and want them to light up as short as possible).
Wifi connection there as soon as it wakes up.
So I gave BitGapps a go and flashed ARM64 which worked (isn't specified in "Q12" and as far as I remember only ARM worked on ripees build).
Fiddling around a bit installing paid apps and others.
Everything seems to be fine especially for a beta version.
For others who want to change from ripees version to this one:
On mine it worked to restore "Data" via TWRP (partition got wiped again before) what makes it much easier to switch.
Each app I use seems to be working under the new ROM without problems.
Fun fact: button backlight after restoring is as short as it was set in the prior ROM.
bmwdroid said:
Clean installation went well although I didn't follow "Q5" and used latest TWRP which is 3.6.1_9-0.
Click to expand...
Click to collapse
The reason I write MUST is that not all TWRP from the official TWRP site work properly. For example, when I was initially building the 18.1 tree back in July/Aug 2021, I needed mtp and adbd to work in TWRP T710 for debugging purposes.
Despite the change log claiming both were fixed, not a single version worked wrt mtp and adbd. I knew this way back in Dec 2020 and you may have even seen my post #124 since you were post #122 and #126 in the same thread.
So in order to get 18.1 up and running, I fixed TWRP T710 myself as I explain at
https://forum.xda-developers.com/t/recovery-unofficial-twrp-3-5-2_9-for-samsung-sm-t710.4430335/
So for T710 users, I know my TWRP build is rock solid as I have easily used it more than 150 times when making the 18.1 rom.
Another example. During the summer of 2020, I upgraded the OS on a Samsung S4 phone for my friend. I went to official TWRP website, downloaded the latest and much to my surprise, the touchscreen didn't work at all. I used an older TWRP version and it worked fine.
Bottom line: even though it's on the official TWRP website does not mean it's tested or working properly. In the case of the S4 TWRP with the non working touchscreen, it's obvious there was zero testing done.
That's why we will test ALL our 18.1 builds for the "what works" functionality in post #1 before uploading to the general public.
bmwdroid said:
Looking in settings for button backlight duration but didn't find it (using it in the night and want them to light up as short as possible).
Click to expand...
Click to collapse
By sheer coincidence, I already had the above in my private build on March 27 as I wanted to test it to make sure it works before adding it into github. Yes, I test even 1 line of code change myself no matter how trivial.
The 1 line of code needed is documented at
https://review.lineageos.org/c/LineageOS/android_device_samsung_s3ve3g-common/+/292889
I will put this change into my github so that it gets built with the May 5 security patches.
bmwdroid said:
Wifi connection there as soon as it wakes up.
Click to expand...
Click to collapse
My github repo has always had the S2 wifi blobs after @lpedia and I fixed it on Aug 7, 2021 as per
https://github.com/retiredtab/propr...mmit/3984c2ef6852794a939b8eda689fc477705d5c86
As you can see in my github history, that reversion back to S2 wifi has never changed since Aug 7, 2021.
bmwdroid said:
Fun fact: button backlight after restoring is as short as it was set in the prior ROM.
Click to expand...
Click to collapse
Without looking through the 1000's lines of code or more, the above functionality exists probably in the hardware/samsung repo
https://github.com/LineageOS/android_hardware_samsung/tree/lineage-18.1/hidl/light
and the settings are probably saved in some directory, but the display menu for the button backlights isn't shown until I put in that one commit above. That is, the OS knows to use the saved settings, but without the menu overlay, it doesn't show the menu itself.
retiredtab said:
The reason I write MUST is that not all TWRP from the official TWRP site work properly. For example, when I was initially building the 18.1 tree back in July/Aug 2021, I needed mtp and adbd to work in TWRP T710 for debugging purposes...
Despite the change log claiming both were fixed, not a single version worked wrt mtp and adbd. I knew this way back in Dec 2020 and you may have even seen my post #124 since you were post #122 and #126 in the same thread....
Click to expand...
Click to collapse
Well I gotta admit I didn't check adb and mtp in that TWRP.
I probably saw your post but might not have paid attention as they referred to T710 and as I own T810 I judged them as not relevant for me.
retiredtab said:
...
Bottom line: even though it's on the official TWRP website does not mean it's tested or working properly. ...
Click to expand...
Click to collapse
That's what I've noticed as well for T325.
retiredtab said:
..My github repo has always had the S2 wifi blobs after @lpedia and I fixed it on Aug 7, 2021 as per
https://github.com/retiredtab/propr...mmit/3984c2ef6852794a939b8eda689fc477705d5c86
As you can see in my github history, that reversion back to S2 wifi has never changed since Aug 7, 2021....
Click to expand...
Click to collapse
I just mentioned wifi functionallty for those users of T810 having problems with ripees ROM after version 20211103 and looking for a stable version regarding that feature.
retiredtab said:
......Without looking through the 1000's lines of code or more, the above functionality exists probably in the hardware/samsung repo
https://github.com/LineageOS/android_hardware_samsung/tree/lineage-18.1/hidl/light
and the settings are probably saved in some directory, but the display menu for the button backlights isn't shown until I put in that one commit above. That is, the OS knows to use the saved settings, but without the menu overlay, it doesn't show the menu itself.
Click to expand...
Click to collapse
The settings seem to be in the file /data_mirror/data_de/null/0/org.lineageos.lineagesettings/databases/lineagesettings.db
When opening in DB Browser I found:
In table "secure" the lines
46 "button_backlight_timeout" (value 1000 [probaly for milliseconds as I set it to 1s in ripees ROM]) and
47 "button_brightness" (value 1.0).
In table "system" the line
47 "button_backlight_only_when_pressed" (value 1).
Never worked with .db files myself before but for the knowing it might be interesting if they want to fiddle around a bit.
New build called lineage-18.1-20220510-UNOFFICIAL-gts210wifi.zip
Yogi555 has tested all the functionality as to what works as per post #1 before uploading the build. Having said that, there's still a chance it won't work on your device due to human error, your configuration, your apps, etc. If it won't boot, always start with a complete wipe of everything and format your data. This is known has a clean install. Backup your data before a clean install.
May 10, 2022 release notes
1. YOU MUST read posts 1-4 if you haven't already
2. Added overlay for led capacitive led buttons as per https://github.com/retiredtab/andro...mmit/83551570e4627a0e353e358787f83aa65484b528
3. Incorporates May 5th security patches as per https://review.lineageos.org/q/topic:R_asb_2022-05
4. If you are upgrading from the April 10 build, you may dirty flash the May 10 build. If you are NOT coming from the April 10th, 2022 build, you MUST BACKUP your data because YOU MUST wipe dalvik/cache, cache, system, data and internal storage partitions in TWRP and FORMAT DATA. You cannot dirty flash at all. See FAQ Q11.
@retiredtab just flashed it onto 20220410.
1st try very dirty (not wiping anything) resulting in bootloop.
2nd flash (after wiping system+caches) of ROM, Bitgapps28-arm, Magisk23 made it start.
Magisk had of course to patch boot.img again.
Thx very much.
Due to a post in the T710 regarding gapps, I will be removing opengapps from the FAQ because for several months now (starting around Oct 2021), the opengapps project has been releasing UNTESTED builds that results in bootloops or non working gapps services. Despite numerous requests/posts from the community to slow down the releases and actually TEST THEM BEFORE release, the latest May 3, 2022 shows there is still room for improvement.
This thread in the opengapps forum is just the latest example. Details of UNTESTED builds are also in the same megathread below.
https://forum.xda-developers.com/t/...rsions-devices.3098071/page-367#post-86885091
It's also shown up in other roms like
https://forum.xda-developers.com/t/...7-1-04-30-2022.3937956/page-100#post-86885353
This would be a good time for user to do their own research on which gapps is best for them or use NONE at all. I use Aurora Store myself.
Just a reminder that the builds we release are TESTED and verified to have all the functionality as listed in post #1.
T710 thread post #8, #9 and #10.
https://forum.xda-developers.com/t/...neageos-18-1-for-sm-t710-may-12-2022.4430339/
I wanted to express my sincere thanks to @retiredtab and @Ipedia for your work on the ROMs for the T710 and T810. I have both devices and had previously used the @ripee versions in thread (2) [ROM][UNOFFICIAL][11] LineageOS 18.1 [T710][T715][T715Y][T810][T815][T815Y] | XDA Forums (xda-developers.com). But that 18.1 version had some noticeable bugs and wasn’t being maintained.
Thanks to @bmwdroid ’s April 15 post directing us to this forum, I have been experimenting with this ROM since then on both the T710 and the T810. Based on my pretty heavy usage, I can declare both to be excellent. Most notably, the WiFi is rock solid. The T810 and the T710 (especially) are outstanding hardware, and being able to run Android 11 is a huge boost in the device’s intrinsic value.
I have experienced a couple of random BSOD-equivalent crashes over the past month, but the tablet always immediately restarted. I am going to try and learn how to provide the necessary to the developers so, if it happens again, they can have the necessary evidence. Since I am a decent techie, but not a developer, I decided to write up the complete upgrade procedure I followed so others who come to this forum may benefit. See my next post.
PS: I put this post on both the T710 and the T810 threads since I have both devices.
Tab S2 T710 and T810 Upgrade Procedure Using LineageOS 18.1 ROM by retiredtab
These installation instructions work for both Tab S2 T710 and T810. I have both devices and have tested on both. I am a Windows guy, so these instructions assume a Windows PC. I am a lifelong techie guy and an Android enthusiast. But I am not developer, so these instructions should work for any competent newbie who is a decent techie, but I realize there may be alternative approaches for those who have deeper tech knowledge than me.
Step 1 – Preparation
Update your Tab S2 to the latest stock software.
Install a micro-SD card into your Tab S2.
Enable Developer Options – tap Build Number seven times.
In Developer Options, turn on USB debugging.
Connect your TGab S2 to your PC via USB and download onto the micro-SD card three files:
Retiredtab’s latest Lineage 18.1 ROM from lpedia-sf - Browse /gts28wifi at SourceForge.net (T710) or retiredtab - Browse /SM-T810/18.1 at SourceForge.net (T810)
open_gapps-arm-11.0-pico-20220215.zip from The Open GApps Project
Magisk-v24.3.apk from Release Magisk v24.3 · topjohnwu/Magisk · GitHub
Download to your PC TWRP_3.5.2_9_SM-T710_20210719_Unofficial.tar from retiredtab - Browse /SM-T710/TWRP at SourceForge.net (T710) or twrp-3.5.2_9-0-gts210wifi.img.tar from Download TWRP for gts210wifi (T810)
Download to your PC Odin, from https://technastic.com/wp-content/uploads/2020/02/Odin3_v3.14.4.zip, and extract the zip.
Comments:
I saw retiredtab’s comments about OpenGApps quality. However, this version works well for me. I had previously tried the latest MindTheGapps (which hung) and BiTGapps (which doesn’t include the Google restore functionality that I use.)
Magisk is optional if you want/like root. I do!
Step 2 – Install TWRP Recovery
Power off your Tab S2.
Launch Odin on your PC and press OK.
Power up your Tab S2 into Download mode by holding down Home+VolDown+Power.
Then at the Warning screen hit VolUp.
Connect your Tab S2 via USB to your PC, and you should see Added!! in Odin.
Click AP in Odin and select the downloaded TWRP.
In Odin Options, uncheck Auto Reboot.
Click Log tab again.
Click Start in Odin.
Installed TWRP only takes a couple of seconds.
You will see progress in the Log, and Pass at the top of Odin when done.
Step 3 – First boot into TWRP.
This part is tricky!
Power down your Tab S2 by holding down VolDown+VolUp+Power.
IMMEDIATELY the screen goes blank, hold down Home+VolUp+Power.
Keep holding down until you see the TWRP home page.
If you end up booting into Android rather than TWRP then you will have to repeat steps 2 and 3 again.
Step 4 – Backup your stock ROM
In TWRP, select Backup, Select Storage to choose your micro-SD card, check all the boxes, and then swipe Backup.
Step 5 – Install ROM and GApps.
In TWRP, select Wipe, then Advanced Wipe.
Select all partitions except Micro SD Card.
Swipe to Wipe.
Back, Back again, then Format Data
Type yes, and hit check.
Back, Back, Back, and select Install.
Select your micro-SD storage.
Select the Lineage-18.1 ROM.
Add more Zips, and select open_gapps.
Swipe to confirm Flash.
Installation took about 3 minutes.
Wipe Cache/Dalvik, and Swipe to Wipe
Reboot System
Step 6 – Build your Android 11 Tab S2
First boot into Lineage was less than a minute, and then the Lineage boot animation took less than 2 minutes before “Hello” appeared.
On each build I’ve done I see “Speech services by Google keeps stopping” error once Hello appeared.
I assume this is one of the known OpenGApps bugs.
Clicking Close App makes it go away, and later Google replaces the module anyway.
Set up your Android device per your preference. I have loads of Apps so it takes me a long time. If you are less of a pack-rat, it shouldn’t take long!
At the end of the initialization process, be sure not to choose the Replace Lineage recovery option, otherwise TWRP goes away.
I have found that, by not installing Magisk initially, Google restores all my Apps, including the sensitive ones such as Peacock, Netflix, Disney+, etc. And when I check Google Play/Settings and scroll to the bottom, I see “Device is certified”.
I recommend leaving tablet completely alone until Google has finished its “Copy Apps and Data” from my other tablet. When I get impatient and fiddle around as it’s copying I’ve seen crashes.
Once all copying is done, do your unique Android setup. My go-to Android settings are:
Nova Prime Launcher (actually, gets selected during the copy process, but I load my layout from backup at this time)
Microsoft Swiftkey
Default USB = File Transfer
Window/Transition/Animator Scale all set to Animation Off
Screen timeout 30 minutes, and screen saver Clock
Battery %age next to icon
FX File Explorer
Microsoft Edge as default browser (with AdBlock enabled and Google as search and sync to my PC)
Raindrop, for all my bookmarks
Advanced restart menu (to allow reboot into TWRP).
Step 7 – Make Root
Restart Tab S2 into TWRP.
In TWRP, Install Magisk-v24.3.apk.
Reboot System
In Android install Magisk-v24.3.apk.
Open Magisk and select zygisk in settings.
Restart again.
You now have root. I test by enabling root in FX File Explorer and granting root.
Step 8 – All done!
I do a final and full TWRP backup once the device is solid.
Note:
I found the fingerprint reader sometimes works to unlock the Tab S2. Per other discussions on this thread, looks like I got lucky!
pflyaz said:
Tab S2 T710 and T810 Upgrade Procedure Using LineageOS 18.1 ROM by retiredtab
Click to expand...
Click to collapse
Thanks. I updated FAQ to point to post #16 for newbies.
Hi just a question regarding Q5
A5. You MUST use TWRP 3.5.2_9.
Is there a reason for this! I'm only asking because I have 3.6.0.9-0 installed so just wondered why its a must.
Edit - ignore the message above I didn't see post 9 when reading this on my tablet but do now I am on PC.
Had this running now for the last 5 hours, everything seems to be fine but I'm seeing very slow WiFi speeds. Coming straight from (lineage-18.1-20211103-UNOFFICIAL-gts210wifi) where I was getting a constant speed over 330mb I'm now only getting 110 dropping down to 70 at best.
lojelo said:
Had this running now for the last 5 hours, everything seems to be fine but I'm seeing very slow WiFi speeds. Coming straight from (lineage-18.1-20211103-UNOFFICIAL-gts210wifi) where I was getting a constant speed over 330mb I'm now only getting 110 dropping down to 70 at best.
Click to expand...
Click to collapse
@retiredtab Maybe just a wild guess, but might this commit be related? In my understanding argosd is a daemon that controls the CPU governor so that CPU performance can be adopted to network bandwith requirements. Shouldn't that be activated for Wifi models as well?