SKOCHE
commented
8 months ago
Open SKOCHE opened 8 months ago
SKOCHE
commented
8 months ago
lopestom
commented
8 months ago @lopestom I can't run the encryption. Here are the unpacked files from stock firmware. system. vendor. https://drive.google.com/file/d/1i2fiKt3wSVM4Wi0WmeqwSwjlNREuQLgJ/view?usp=drive_link Error log https://drive.google.com/file/d/1sjqfhPCMJIE9-e9bxBMQaOFFpgLcomjU/view?usp=drive_link
If you look at the stock files. there is a lot missing in twrp
Need permission GDrive link.
lopestom
commented
8 months ago 
error: found duplicate sysprop assignments:
ro.product.board=te305_dk_dk050_6789_t0_ru
ro.product.board=mgvi_64_armv82
error: found duplicate sysprop assignments:
ro.board.platform=mt6789
ro.board.platform=commonI'm changing that to new attempt.
Don't change or modify any line!
Every error so write # symbol.
Changes Done!
SKOCHE
commented
8 months ago I understood. Fine.
SKOCHE
commented
8 months ago TWRP_temp2 startup log https://drive.google.com/file/d/1sjqfhPCMJIE9-e9bxBMQaOFFpgLcomjU/view?usp=drive_link
SKOCHE
commented
8 months ago TWRP_temp startup log https://drive.google.com/file/d/1bhc_efUH5MwsVImIc44arnaW_ts-N8HM/view?usp=sharing
lopestom
commented
8 months ago ```ruby 02-16 14:38:18.220 E/[T700001] tkcoredrv( 0): node not found 02-16 14:38:18.220 W/[T700001] tkcoredrv( 0): unknown tee log irq 02-16 14:38:18.220 I/ ( 0): [T700001] TKCore misc: Register the misc device "tkcoredrv" (id=0,minor=121) 02-16 14:38:18.220 I/ ( 0): [T300172] [ 0.000000]: <0>(0)INF KERN:init_teecore:65: teecore: init ctors 02-16 14:38:18.220 I/ ( 0): [T300172] [ 0.000000]: <0>(0)INF KERN:init_teecore:69: teecore: init time source 02-16 14:38:18.220 I/ ( 0): [T300172] [ 0.000000]: <0>(0)INF KERN:time_source_init:74: Frequency mult = 1 divisor = 13 02-16 14:38:18.220 I/ ( 0): [T300172] [ 4.941320]: <0>(0)INF KERN:init_teecore:73: teecore: init calls 02-16 14:38:18.220 I/ ( 0): [T300172] [ 4.943891]: <0>(0)INF KERN:spi_init:938: Setup SPI1 @0000000011010000 02-16 14:38:18.220 I/ ( 0): [T300172] [ 4.943904]: <0>(0)INF KERN:init_teecore:76: teecore: done 02-16 14:38:18.220 I/ ( 0): [T300172] [ 4.943909]: <0>(0)INF KERN:init_primary_helper:255: Initializing TrustKernel TEE-OS (v0.10.17-gp-10-gc8239af6-arm64-<...> 02-16 14:38:20.489 E/SELinux ( 270): avc: denied { find } for pid=272 uid=0 name=android.hardware.security.sharedsecret.ISharedSecret/default scontext=u:r:recovery:s0 tcontext=u:object_r:hal_sharedsecret_service:s0 tclass=service_manager permissive=1 02-16 14:38:20.490 E/SELinux ( 270): avc: denied { find } for pid=272 uid=0 name=android.hardware.security.keymint.IKeyMintDevice/default scontext=u:r:recovery:s0 tcontext=u:object_r:hal_keymint_service:s0 tclass=service_manager permissive=1 02-16 14:38:18.752 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[1, 1], lane[1, 1], pwr[SLOWAUTO_MODE, SLOWAUTO_MODE], rate = 0 02-16 14:38:18.781 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[3, 3], lane[2, 2], pwr[FAST MODE, FAST MODE], rate = 2 02-16 14:38:18.781 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_find_max_sup_active_icc_level: Regulator capability was not set, actvIccLevel=0 02-16 14:38:19.899 E/[T700001] init( 0): [libfs_avb]Device path not found: /dev/block/by-name/vbmeta_a 02-16 14:38:19.899 W/[T700001] init( 0): [libfs_mgr]Warning: unknown flag: resize 02-16 14:38:19.902 E/[T700001] init( 0): [libfs_avb]Invalid hash size: 02-16 14:38:19.902 E/[T700001] init( 0): [libfs_avb]Failed to verify vbmeta digest 02-16 14:38:19.902 I/[T700001] init( 0): [libfs_avb]Returning avb_handle with status: Success 02-16 14:38:19.952 W/[T600001] init( 0): [libfs_mgr]Warning: unknown flag: resize 02-16 14:38:19.953 W/[T600001] init( 0): DM_DEV_STATUS failed for system_ext_a: No such device or address 02-16 14:38:19.953 E/[T600001] init( 0): Could not update logical partition 02-16 14:38:19.953 W/[T600001] init( 0): DM_DEV_STATUS failed for product_a: No such device or address 02-16 14:38:19.953 E/[T600001] init( 0): Could not update logical partition 02-16 14:38:20.204 E/[T700001] init( 0): Init cannot set 'ro.boot.hardware' to 'mt6789': Read-only property was already set 02-16 14:38:20.204 E/[T700001] init( 0): Init cannot set 'ro.boot.serialno' to 'N6000RU00000667': Read-only property was already set 02-16 14:38:20.450 I/[T600001] init( 0): processing action (post-fs) from (/trustkernel.rc:1) 02-16 14:38:20.450 I/[T600001] BOOTPROF( 0): 3082.321545:tkcore: prepare system ta path 02-16 14:38:20.450 E/[T600001] selinux( 0): SELinux: Could not get canonical path for /mnt/vendor/persist/t6 restorecon: No such file or directory. 02-16 14:38:20.450 E/[T600001] selinux( 0): 02-16 14:38:20.450 E/[T600001] selinux( 0): SELinux: Could not get canonical path for /mnt/vendor/protect_f/tee restorecon: No such file or directory. 02-16 14:38:20.454 E/[T600001] init( 0): Could not start service 'wait_for_keymaster' as part of class 'default': Cannot find '/system/bin/wait_for_keymaster': No such file or directory 02-16 14:38:20.565 E/ ( 0): [T200276] ufshcd-mtk 11270000.ufshci: ufs_mtk_ioctl: User buffer is NULL! 02-16 14:38:20.828 E/ ( 0): [T600276] F2FS-fs (sdc60): Can't find valid F2FS filesystem in 1th superblock 02-16 14:38:20.847 I/init ( 1): processing action (ro.crypto.state=encrypted && ro.crypto.type=file) from (/trustkernel.rc:44) 02-16 14:38:20.848 I/init ( 1): processing action (vendor.trustkernel.fs.state=prepare) from (/trustkernel.rc:16) 02-16 14:38:20.848 I/BOOTPROF( 1): 3480.256007:tkcore: prepare basic 02-16 14:38:20.850 E/selinux ( 1): SELinux: Could not get canonical path for /data/vendor/t6 restorecon: No such file or directory. 02-16 14:38:20.850 E/selinux ( 1): 02-16 14:38:20.850 I/BOOTPROF( 1): 3482.462469:tkcore: prepare sfs 02-16 14:38:20.850 E/selinux ( 1): SELinux: Could not get canonical path for /data/vendor/t6/fs restorecon: No such file or directory. 02-16 14:38:20.850 E/selinux ( 1): 02-16 14:38:20.851 I/BOOTPROF( 1): 3482.933161:tkcore: prepare service provider ta path 02-16 14:38:20.851 E/selinux ( 1): SELinux: Could not get canonical path for /data/vendor/t6/app restorecon: No such file or directory. 02-16 14:38:21.825 E/SELinux ( 270): avc: denied { find } for pid=276 uid=0 name=android.system.keystore2.IKeystoreService/default scontext=u:r:recovery:s0 tcontext=u:object_r:keystore_service:s0 tclass=service_manager permissive=1 02-16 14:38:21.852 E/init ( 1): Control message: Could not find 'aidl/android.system.keystore2.IKeystoreService/default' for ctl.interface_start from pid: 270 (/system/bin/servicemanager) ```
```ruby 02-17 22:40:24.478 E/SELinux ( 269): avc: denied { find } for pid=271 uid=0 name=android.hardware.security.sharedsecret.ISharedSecret/default scontext=u:r:recovery:s0 tcontext=u:object_r:hal_sharedsecret_service:s0 tclass=service_manager permissive=1 02-17 22:40:24.478 E/SELinux ( 269): avc: denied { find } for pid=271 uid=0 name=android.hardware.security.keymint.IKeyMintDevice/default scontext=u:r:recovery:s0 tcontext=u:object_r:hal_keymint_service:s0 tclass=service_manager permissive=1 02-17 22:40:22.748 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[1, 1], lane[1, 1], pwr[SLOWAUTO_MODE, SLOWAUTO_MODE], rate = 0 02-17 22:40:22.778 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[3, 3], lane[2, 2], pwr[FAST MODE, FAST MODE], rate = 2 02-17 22:40:22.778 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_find_max_sup_active_icc_level: Regulator capability was not set, actvIccLevel=0 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_wb_config: Write Booster Configured 02-17 22:40:22.778 I/ ( 0): [T600238] scsi 0:0:0:49488: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49488 slave configured 02-17 22:40:22.778 I/ ( 0): [T600238] scsi 0:0:0:49476: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49476 slave configured 02-17 22:40:22.779 I/ ( 0): [T600238] scsi 0:0:0:49456: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49456 slave configured 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: LUNs ready 02-17 22:40:22.779 I/ ( 0): [T300007] ufshcd-mtk 11270000.ufshci: rpmb rw_size: 64 02-17 22:40:22.779 I/ ( 0): [T600238] scsi 0:0:0:0: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 0 slave configured 02-17 22:40:22.780 W/ ( 0): [C300000] sd 0:0:0:0: Power-on or device reset occurred 02-17 22:40:22.780 I/ ( 0): [T600238] scsi 0:0:0:1: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.780 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 1 slave configured 02-17 22:40:22.780 W/ ( 0): [C300000] sd 0:0:0:1: Power-on or device reset occurred 02-17 22:40:22.780 I/ ( 0): [T400007] sd 0:0:0:0: [sda] 1024 4096-byte logical blocks: (4.19 MB/4.00 MiB) 02-17 22:40:22.780 I/ ( 0): [T600238] scsi 0:0:0:2: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.780 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 2 slave configured ### Decrypt 02-17 22:40:24.219 E/[T600001] init( 0): /vendor/etc/init/android.hardware.gatekeeper@1.0-service.rc: 2: Interface 'android.hardware.gatekeeper@1.0::IGatekeeper/default' redefined in vendor.gatekeeper-1-0 but is already defined by vendor.gatekeeper-1-0 02-17 22:40:24.219 E/[T600001] init( 0): /vendor/etc/init/android.hardware.gatekeeper@1.0-service.rc: 1: ignored duplicate definition of service 'vendor.gatekeeper-1-0' 02-17 22:40:24.219 I/[T600001] init( 0): Parsing file /vendor/etc/init/android.hardware.security.keymint-service.trustkernel.rc... 02-17 22:40:24.219 E/[T600001] init( 0): /vendor/etc/init/android.hardware.security.keymint-service.trustkernel.rc: 1: ignored duplicate definition of service 'vendor.keymint-trustkernel' 02-17 22:40:24.219 E/[T600001] init( 0): /vendor/etc/init/trustkernel.rc: 66: ignored duplicate definition of service 'teed' 02-17 22:40:24.219 E/[T600001] init( 0): /vendor/etc/init/trustkernel.rc: 73: ignored duplicate definition of service 'tee_check_keybox' 02-17 22:40:29.487 E/keystore2( 271): keystore2_main: panicked at 'Failed to create service android.system.keystore2.IKeystoreService/default because of In KeystoreService::new_native_binder: Trying to construct mandatory security level TEE. 02-17 22:40:29.487 E/keystore2( 271): 02-17 22:40:29.487 E/keystore2( 271): Caused by: 02-17 22:40:29.487 E/keystore2( 271): 0: In KeystoreSecurityLevel::new_native_binder. 02-17 22:40:29.487 E/keystore2( 271): 1: In get_keymint_device. 02-17 22:40:29.487 E/keystore2( 271): 2: In connect_keymint: Trying to connect to genuine KeyMint service. 02-17 22:40:29.487 E/keystore2( 271): 3: Binder transaction error NAME_NOT_FOUND.', system/security/keystore2/src/keystore2_main.rs:82:9 ### 02-17 22:40:29.697 E/HidlServiceManagement( 311): Could not find instance 'default' in library android.hardware.health@2.0-impl-default.so. Keeping library open. 02-17 22:40:29.699 E/SELinux ( 268): avc: denied { add } for interface=android.hardware.boot::IBootControl sid=u:r:recovery:s0 pid=310 scontext=u:r:recovery:s0 tcontext=u:object_r:hal_bootctl_hwservice:s0 tclass=hwservice_manager permissive=1 02-17 22:40:29.700 E/SELinux ( 268): avc: denied { add } for interface=android.hardware.health::IHealth sid=u:r:recovery:s0 pid=311 scontext=u:r:recovery:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1 02-17 22:40:29.708 E/SELinux ( 268): avc: denied { find } for interface=android.hardware.gatekeeper::IGatekeeper sid=u:r:recovery:s0 pid=314 scontext=u:r:recovery:s0 tcontext=u:object_r:hal_gatekeeper_hwservice:s0 tclass=hwservice_manager permissive=1 02-17 22:40:29.713 E/SELinux ( 268): avc: denied { add } for interface=android.hardware.gatekeeper::IGatekeeper sid=u:r:recovery:s0 pid=314 scontext=u:r:recovery:s0 tcontext=u:object_r:hal_gatekeeper_hwservice:s0 tclass=hwservice_manager permissive=1 02-17 22:40:29.733 E/KphProxy( 315): 182: KPH command failed with 0xffff000f 02-17 22:40:29.733 E/KphProxy( 315): 987: verify ta-6 key cmd failed with 0xffff000f 02-17 22:40:29.733 E/KphProxy( 315): 182: KPH command failed with 0xffff000f 02-17 22:40:29.734 E/KphProxy( 315): 997: verify ta-e97c270e-a5c4-4c58-bcd3384a2fa2539e key cmd failed with 0xffff000f 02-17 22:40:29.747 D/tkcore-teec( 304): failed to open the ta /data/vendor/t6/app/9ef77781-7bd5-4e39-965f20f6f211f400.ta TA-file 02-17 22:40:29.753 E/keymint ( 313): TrustKernelKeyMintImplementation.cpp:232: Invoke command failed with 0xffff000f, orig 0x00000004 02-17 22:40:29.753 E/SELinux ( 269): avc: denied { add } for pid=313 uid=1000 name=android.hardware.security.keymint.IKeyMintDevice/default scontext=u:r:recovery:s0 tcontext=u:object_r:hal_keymint_service:s0 tclass=service_manager permissive=1 02-17 22:40:29.771 E/keymint ( 313): TrustKernelKeyMintImplementation.cpp:232: Invoke command failed with 0xffff000f, orig 0x00000004 02-17 22:40:29.771 E/keymint ( 313): TrustKernelKeyMintImplementation.cpp:232: Invoke command failed with 0xffff000f, orig 0x00000004 02-17 22:40:29.771 E/SELinux ( 269): avc: denied { add } for pid=297 uid=0 name=android.security.legacykeystore scontext=u:r:recovery:s0 tcontext=u:object_r:legacykeystore_service:s0 tclass=service_manager permissive=1 02-17 22:40:30.049 E/ ( 0): [T700305] F2FS-fs (sdc60): Can't find valid F2FS filesystem in 1th superblock 02-17 22:40:30.049 I/ ( 0): [T700305] F2FS-fs (sdc60): Magic Mismatch, valid(0xf2f52010) - read(0xf84ab724) 02-17 22:40:30.049 E/ ( 0): [T700305] F2FS-fs (sdc60): Can't find valid F2FS filesystem in 2th superblock 02-17 22:40:30.063 E/ ( 0): [T700305] ufshcd-mtk 11270000.ufshci: ufs_mtk_ioctl: User buffer is NULL! 02-17 22:40:30.768 E/keymint ( 313): TrustKernelKeyMintImplementation.cpp:232: Invoke command failed with 0xffff000f, orig 0x00000004 02-17 22:40:30.768 E/keymint ( 313): TrustKernelKeyMintImplementation.cpp:232: Invoke command failed with 0xffff000f, orig 0x00000004 02-17 22:40:31.056 E/SELinux ( 297): avc: denied { manage_blob } for scontext=u:r:recovery:s0 tcontext=u:object_r:vold_key:s0 tclass=keystore2_key permissive=1 02-17 22:40:31.056 E/SELinux ( 297): avc: denied { use } for scontext=u:r:recovery:s0 tcontext=u:object_r:vold_key:s0 tclass=keystore2_key permissive=1 02-17 22:40:31.056 E/keystore2( 297): 0: In upgrade_keyblob_if_required_with: Called closure failed. 02-17 22:40:31.056 E/keystore2( 297): 1: Error::Km(ErrorCode(-49)) 02-17 22:40:49.847 I/Cryptfs ( 361): cryptfs_check_passwd 02-17 22:40:49.847 E/Cryptfs ( 361): cryptfs_check_passwd not valid for file encryption 02-17 22:40:49.848 E/libc++abi( 361): terminating ``` ### Decrypt process ```ruby 02-17 22:40:22.748 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[1, 1], lane[1, 1], pwr[SLOWAUTO_MODE, SLOWAUTO_MODE], rate = 0 02-17 22:40:22.778 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_print_pwr_info:[RX, TX]: gear=[3, 3], lane[2, 2], pwr[FAST MODE, FAST MODE], rate = 2 02-17 22:40:22.778 E/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_find_max_sup_active_icc_level: Regulator capability was not set, actvIccLevel=0 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: ufshcd_wb_config: Write Booster Configured 02-17 22:40:22.778 I/ ( 0): [T600238] scsi 0:0:0:49488: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49488 slave configured 02-17 22:40:22.778 I/ ( 0): [T600238] scsi 0:0:0:49476: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.778 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49476 slave configured 02-17 22:40:22.779 I/ ( 0): [T600238] scsi 0:0:0:49456: Well-known LUN SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 49456 slave configured 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: LUNs ready 02-17 22:40:22.779 I/ ( 0): [T300007] ufshcd-mtk 11270000.ufshci: rpmb rw_size: 64 02-17 22:40:22.779 I/ ( 0): [T600238] scsi 0:0:0:0: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.779 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 0 slave configured 02-17 22:40:22.780 W/ ( 0): [C300000] sd 0:0:0:0: Power-on or device reset occurred 02-17 22:40:22.780 I/ ( 0): [T600238] scsi 0:0:0:1: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.780 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 1 slave configured 02-17 22:40:22.780 W/ ( 0): [C300000] sd 0:0:0:1: Power-on or device reset occurred 02-17 22:40:22.780 I/ ( 0): [T400007] sd 0:0:0:0: [sda] 1024 4096-byte logical blocks: (4.19 MB/4.00 MiB) 02-17 22:40:22.780 I/ ( 0): [T600238] scsi 0:0:0:2: Direct-Access SKhynix H9QT1G6DN6X132 A003 PQ: 0 ANSI: 6 02-17 22:40:22.780 I/ ( 0): [T600238] ufshcd-mtk 11270000.ufshci: lu 2 slave configured ```
It's strange that nothing appears regarding the V2 files.
There are errors that are normal and others that show blockages in permissions. Also weird about keymint, but maybe it's related to keystore2 which might be something new for A13. Don't confuse A12's keystore2.
At the same time, it may be the trustkernel type of encryption that may have errors and you already know the answer to that.
I'll try changing the decryption script a little and let's see what happens. After that, I really won't know how to help.
lopestom
commented
8 months ago temp; temp2 already changed something.temp3 with new decryption script.Test. After that if no lucky, I really won't know how to help.
SKOCHE
commented
8 months ago
- The branch
temp;temp2already changed something.- Created the branch
temp3with new decryption script.Test. After that if no lucky, I really won't know how to help.
Hi. based on this, they created a lot of twrp.However, with a different encryption. https://github.com/akifakif32/twrp-device_transsion_mt6789-common https://github.com/transsion-mt6789-recovery/twrp-device_transsion_mt6789-common
SKOCHE
commented
8 months ago lopestom
commented
8 months ago https://github.com/akifakif32/twrp-device_transsion_mt6789-common https://github.com/transsion-mt6789-recovery/twrp-device_transsion_mt6789-common
The problem is with TWRP source code not compile correct A13. Look about this: https://github.com/akifakif32/twrp-device_transsion_mt6789-common/blob/06a65bf35193364dbdcb60efaa36b96d41615685/common.mk#L19 Try compiling with that and maybe you can see any error??
Hi. based on this, they created a lot of twrp.However, with a different encryption.
Already made temp3 branch with that but for trustkernel.
SKOCHE
commented
8 months ago @lopestom Why don't we use it here ? service vendor.keymint-trustkernel /vendor/bin/hw/android.hardware.security.keymint-service.trustkernel user root group root disabled seclabel u:r:recovery:s0
interface android.hardware.keymaster@4.0::IKeymasterDevice default ?@lopestom
And in manifest.xml No
system.prop
ro.vendor.mtk_trustkernel_tee_support=1 ro.hardware.kmsetkey=trustkernel ro.hardware.gatekeeper=trustkernel ro.vendor.mtk_trustkernel_tee_support=1 ro.tee_support=1 ro.mtk_trustkernel_tee_support=1 ?
twrp.flags
/system_image emmc /dev/block/bootdevice/by-name/system flags=backup;flashimg /vendor_image emmc /dev/block/bootdevice/by-name/vendor flags=backup;flashimg /system_ext_image emmc /dev/block/bootdevice/by-name/system_ext flags=display="System_EXT Image";backup;flashimg /product_image emmc /dev/block/bootdevice/by-name/product flags=display="Product Image";backup;flashimg /vendor_dlkm_image emmc /dev/block/bootdevice/by-name/vendor_dlkm flags=display="VendorDLKM Image";backup;flashimg ?
SKOCHE
commented
8 months ago @lopestom
lopestom
commented
8 months ago interface android.hardware.keymaster@4.0::IKeymasterDevice default ?From now on, any and all changes will be up to you. Tests and attempts must be thought out and carried out in parts. If you change anything so make it:
service vendor.keymint-trustkernel /vendor/bin/hw/android.hardware.security.keymint-service.trustkernel class early_hal interface android.hardware.keymaster@4.0::IKeymasterDevice default interface android.hardware.keymaster@4.1::IKeymasterDevice default user nobody seclabel u:r:recovery:s0But remember that it still may not work because it depends on information and dependencies. So don't forget to add some extra parts: https://github.com/transsion-mt6789-recovery/twrp-device_transsion_mt6789-common/blob/c95dc3557e74ca1e6b95f95c0a02097037323659/BoardConfigCommon.mk#L129 https://github.com/transsion-mt6789-recovery/twrp-device_transsion_mt6789-common/blob/c95dc3557e74ca1e6b95f95c0a02097037323659/system.prop#L17
@lopestom And in manifest.xml No
trustonic mode can be related to apps, fingerprint or any security part other than screen lock encryption. There are many parts of security and it depends on what each company wants to use, how to use it and what to use it with.
If you want to confirm about encryption, open the file vendor/etc/init/hw/factory_init.rc and find the encryption mode. But when you realize that there are more files about trustkernel you understand that you are on the right path.
system.prop
ro.vendor.mtk_trustkernel_tee_support=1 ro.hardware.kmsetkey=trustkernel ro.hardware.gatekeeper=trustkernel ro.vendor.mtk_trustkernel_tee_support=1 ro.tee_support=1 ro.mtk_trustkernel_tee_support=1 ?
If you find any information in vendor_boot_ramdisk\prop.default; system\build.prop and vendor\build.prop and want to add it, so it depends on whether it will be interesting.
twrp.flags
# Flashable logical partitions /vendor_dlkm_image emmc /dev/block/bootdevice/by-name/vendor_dlkm flags=display="VendorDLKM Image";backup;flashimg ?
Honestly, I don't see the point in having this partition as a backup option. On devices with A13, there is already a firmware vendor_dlkm.img file for this. https://gist.github.com/lopestom/c4a2648958db5c3db03d32033a3583cd#12-unpacking-img-files https://gist.github.com/lopestom/c4a2648958db5c3db03d32033a3583cd#235-recoveryrootvendor https://gist.github.com/lopestom/685cdd9c71476e9daf95ca612066e23f#updating-some-information-for-android-13 https://gist.github.com/lopestom/ce250f5de64a2764ee85092a2c01939e#vendor_dlkmimg
So is it interesting to have this partition for backup? The choice is up to each author, so make your own.
SKOCHE
commented
8 months ago @lopestom lib_android_keymaster_keymint_utils.so There's no mention android.hardware.security.keymint-V2-ndk.so
lopestom
commented
8 months ago @lopestom lib_android_keymaster_keymint_utils.so There's no mention android.hardware.security.keymint-V2-ndk.so
keymaster and keymint are security related. If any file depends on this other file, then you should know. That's why I wrote about it in the message: https://github.com/SKOCHE/twrp_blackview_N6000/issues/1#issuecomment-1949096911
I also wrote about this in this other message: https://github.com/SKOCHE/twrp_blackview_N6000/issues/1#issuecomment-1950288140
You can add any file until you find the solution. The bad thing is adding a lot of files and getting nothing. But if you don't try, you'll never know what happens!
SKOCHE
commented
8 months ago But if you don't try, you'll never know what happens!
Thanks I'll check it out.
SKOCHE
commented
8 months ago @lopestom 02-19 20:31:40.755 D/tee_check_keybox( 324): tee_check_keybox service enter 02-19 20:31:40.756 D/tkcore-teec( 276): failed to open the ta /data/vendor/t6/app/b46325e6-5c90-8252-2eada8e32e5180d6.ta TA-file 02-19 20:31:40.758 E/KphProxy( 324): 182: KPH command failed with 0xffff000f 02-19 20:31:40.758 E/KphProxy( 324): 987: verify ta-6 key cmd failed with 0xffff000f 02-19 20:31:40.759 E/KphProxy( 324): 182: KPH command failed with 0xffff000f 02-19 20:31:40.759 E/KphProxy( 324): 997: verify ta-e97c270e-a5c4-4c58-bcd3384a2fa2539e key cmd failed with 0xffff000f 02-19 20:31:40.759 E/KphProxy( 324): 1019: cert is not activated. 02-19 20:31:40.759 E/KphProxy( 324): 182: KPH command failed with 0xffff000f 02-19 20:31:40.759 E/KphProxy( 324): 856: verify ta-1 key cmd failed with 0xffff000f 02-19 20:31:40.759 E/KphProxy( 324): 182: KPH command failed with 0xffff000f 02-19 20:31:40.760 E/KphProxy( 324): 997: verify ta-a23d6235-2700-5bfd-a7584a1a91429efb key cmd failed with 0xffff000f 02-19 20:31:40.760 E/KphProxy( 324): 182: KPH command failed with 0xffff000f 02-19 20:31:40.760 E/KphProxy( 324): 997: verify ta-b46325e6-5c90-8252-2eada8e32e5180d6 key cmd failed with 0xffff000f 02-19 20:31:40.760 D/tee_check_keybox( 324): tee_check_keybox service quit 02-19 20:31:40.788 W/ ( 0): [T600281] tpd_gpio_output pin = 0, level = 1 02-19 20:31:40.789 I/[T500001] init( 0): Service 'tee_check_keybox' (pid 324) exited with status 255 oneshot service took 0.014000 seconds in background 02-19 20:31:40.789 I/[T500001] init( 0): Sending signal 9 to service 'tee_check_keybox' (pid 324) process group... 02-19 20:31:40.789 I/[T500001] libprocessgroup( 0): Successfully killed process cgroup uid 1000 pid 324 in 0ms 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.325755]: <6>(1)ERR KERN:tee_rpmb_get_dev_info:969: send rpmb command failed with 0xffff0009 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.325768]: <6>(1)ERR KERN:tee_rpmb_init:1141: Failed to retrieve rpmb device info with 0xffff0009 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.325773]: <6>(1)ERR KERN:userinit:287: Setup RPMB failed with 0xffff0009 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.325780]: <6>(1)INF KERN:truststore_init:302: DEFAULT TRUSTSTORE Setup ... Done 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.328493]: <3>(1)ERR KERN:secure_fs_reserved_get_obj:2363: Failed to create obj 0 with 0xffff0000 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.329492]: <1>(1)ERR KERN:secure_fs_reserved_get_obj:2363: Failed to create obj 0 with 0xffff0000 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.329509]: <1>(1)ERR KERN:license_init:2195: Device [Blackview N6000 common] not verified 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.329516]: <1>(1)INF KERN:license_init:2205: VERIFY_STATE: 2 TRIAL_STATE: 0 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.590583]: <5>(1)DBG KERN:tee_ta_load:1129: Loaded TA 02662e8e-e126-11e5-b86d9a79f06e9478 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.612506]: <1>(1)DBG KERN:tee_ta_load:1129: Loaded TA b46325e6-5c90-8252-2eada8e32e5180d6 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.612684]: <1>(1)ERR KeyPH:init_storage_type:57: Unknown TRUSTSTORE type: 4. Fallback to normal. 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.612761]: <1>(1)ERR KERN:can_invoke_command:1919: TrustKernel OS running on un-verified devices 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.613290]: <1>(1)DBG KERN:tee_ta_init_session_with_context:1692: ... Re-open TA b46325e6-5c90-8252-2eada8e32e518<...> 02-19 20:31:40.790 I/ ( 0): [T400172] 0d6 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.613356]: <1>(1)ERR KERN:can_invoke_command:1919: TrustKernel OS running on un-verified devices 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.613929]: <1>(1)DBG KERN:tee_ta_init_session_with_context:1692: ... Re-open TA b46325e6-5c90-8252-2eada8e32e518<...> 02-19 20:31:40.790 I/ ( 0): [T400172] 0d6 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.613983]: <1>(1)ERR KERN:can_invoke_command:1919: TrustKernel OS running on un-verified devices 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.614261]: <1>(1)DBG KERN:tee_ta_init_session_with_context:1692: ... Re-open TA b46325e6-5c90-8252-2eada8e32e518<...> 02-19 20:31:40.790 I/ ( 0): [T400172] 0d6 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.614318]: <1>(1)ERR KERN:can_invoke_command:1919: TrustKernel OS running on un-verified devices 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.614690]: <1>(1)DBG KERN:tee_ta_init_session_with_context:1692: ... Re-open TA b46325e6-5c90-8252-2eada8e32e518<...> 02-19 20:31:40.790 I/ ( 0): [T400172] 0d6 02-19 20:31:40.790 I/ ( 0): [T400172] [ 9.614746]: <1>(1)ERR KERN:can_invoke_command:1919: TrustKernel OS running on un-verified devices 02-19 20:31:40.770 D/tkcore-teec( 276): failed to open the ta /data/vendor/t6/app/9ef77781-7bd5-4e39-965f20f6f211f400.ta TA-file 02-19 20:31:40.771 D/tkcore-teec( 276): Failed to open /data/vendor/t6/tkcore.log with No such file or directory(2). Try creating one... 02-19 20:31:40.771 D/tkcore-teec( 276): Failed to create /data/vendor/t6/tkcore.log with No such file or directory(2). 02-19 20:31:40.774 I/keymint ( 322): TrustKernelKeyMintImplementation.cpp:2465: Open session successfully
SKOCHE
commented
8 months ago @lopestom 02-19 20:31:40.734 I/GatekeeperHAL( 323): Init device 02-19 20:31:40.758 I/libprocessgroup( 1): Successfully killed process cgroup uid 0 pid 321 in 5ms 02-19 20:31:40.759 I/init ( 1): Service 'adbd' (pid 321) received signal 9 02-19 20:31:40.759 I/init ( 1): processing action (vendor.trustkernel.fs.state=prepare) from (/vendor/etc/init/trustkernel.rc:16) 02-19 20:31:40.760 I/init ( 1): Command 'write /proc/bootprof tkcore: prepare basic' action=vendor.trustkernel.fs.state=prepare (/vendor/etc/init/trustkernel.rc:17) took 0ms and failed: Unable to write to file '/proc/bootprof': open() failed: Permission denied 02-19 20:31:40.734 D/tkcore-teec( 276): failed to open the ta /data/vendor/t6/app/02662e8e-e126-11e5-b86d9a79f06e9478.ta TA-file
lopestom
commented
8 months ago Changed permission in the trustkernel.rc to root. Maybe good maybe not.
I don't know if @ADeadTrousers can help here, but he will see this message.
ADeadTrousers
commented
8 months ago hi.
First of all I'd say your are missing one vital service: android.hardware.keymaster@4.0::IKeymasterDevice None of your services is implementing it. So I'd suggest you dig deep into your stock vendor partition for a rc file that includes that line.
Second: Have you made sure that the service "vendor.keymint-trustkernel" is in fact running, keeps running and is not just stopping after too many errors? Also "teed" isn't needed as this a service for a different vendor. Yours you need to focus on is "keymint"
Third: tee_check_keybox isn't needed at all. So remove the service and the logfiles would be much smaller.
ADeadTrousers
commented
8 months ago Second: Have you made sure that the service "vendor.keymint-trustkernel" is in fact running, keeps running and is not just stopping after too many errors? Also "teed" isn't needed as this a service for a different vendor. Yours you need to focus on is "keymint"
Okay I got a little bit carried away. It's "teed" you need to focus on. I just now checked your vendor files. Got a little bit confused by all the other stuff here.
SKOCHE
commented
8 months ago @lopestom there is no launch hanging on splash 41TWRP+log https://drive.google.com/file/d/1slcsiVJ7hfuOmGlQkyaV3SkllYLT8wnW/view?usp=sharing
lopestom
commented
8 months ago @lopestom there is no launch hanging on splash 41TWRP+log https://drive.google.com/file/d/1slcsiVJ7hfuOmGlQkyaV3SkllYLT8wnW/view?usp=sharing
Now if you can write/mention @ADeadTrousers is better because he have much more experience with trustkernel mode than me.
SKOCHE
commented
8 months ago @ADeadTrousers Hi. you can look at the log and tell me what else is missing in the tree.
https://drive.google.com/file/d/1slcsiVJ7hfuOmGlQkyaV3SkllYLT8wnW/view https://github.com/SKOCHE/twrp_blackview_N6000 temp3
SKOCHE
commented
8 months ago @lopestom Hi. can you use this log to tell which library to look for the missing ? 02-22 12:27:38.464 I/[T400001] init( 0): starting service 'keystore2'... 02-22 12:27:38.466 E/[T500329] init( 0): failed to write pid to files: couldn't write 329 to /dev/cpuset/foreground/tasks: No such file or directory 02-22 12:27:38.452 F/linker ( 329): CANNOT LINK EXECUTABLE "/system/bin/keystore2": cannot locate symbol "_ZNK7android6Parcel18enforceNoDataAvailEv" referenced by "/system/lib64/libkeystore-attestation-application-id.so"... 02-22 12:27:38.480 I/[T400001] init( 0): Service 'keystore2' (pid 329) exited with status 1 02-22 12:27:38.480 I/[T400001] init( 0): Sending signal 9 to service 'keystore2' (pid 329) process group... 02-22 12:27:38.480 I/[T400001] libprocessgroup( 0): Successfully killed process cgroup uid 0 pid 329 in 0ms 02-22 12:27:38.483 I/[T400001] init( 0): starting service 'recovery'... 02-22 12:27:38.483 I/[T400001] init( 0): Created socket '/dev/socket/recovery', mode 422, user 1000, group 1000 02-22 12:27:38.481 F/linker ( 330): CANNOT LINK EXECUTABLE "/system/bin/recovery": cannot locate symbol "_ZNK7android6Parcel18enforceNoDataAvailEv" referenced by "/system/lib64/libgatekeeper_aidl.so"...
ADeadTrousers
commented
8 months ago CANNOT LINK EXECUTABLE is bad. Your libraries are missing certain functions. This means it's either the wrong library or the wrong version of the library (eg. newer/older version of a function with different parameters). This often happens when you mix different releases like for example a binary built for A12 with a A13 built environment like you are trying to accomplish.
As for other missing parts I cannot say much. Every version of Android seem to tackle this a different way. For my A11 setup I need to have three services up and running: "teed" (trustkernel), "keymaster" and "gatekeeper". I can't find the keymaster in your vendor partition so I'm assuming that's not needed anymore for A12. As for "keymaster-attestation" that's something different. For my setup it doesn't do a thing so I disabled/removed it. The same goes for "tee_check_keybox".
How is the encryption working (roughly summarized from my experience with A11): 1) The trustkernel service (or another similar one) creates a secure environment for other applications to run in. So it needs to be up and running. It is dependent on special drivers inside the kernel. So for mediatek as there is no source code you can't switch it with another service. 2) keymaster ist called from the recovery via the "vintf/manifest.xml" registration. It will return the correct decryption key from "/mnt/vendor/persist/t6" which is on "/dev/block/by-name/persist" or a similar partition. 3) gatekeeper is called from the recovery via the "vintf/manifest.xml" registration. Using the key from keymaster to actually do the decryption.
The best thing you could do is to find another phone project here on github with a similar chipset which already have successfully got decryption to work. Look at their files especially what is in the "system" and/or "vendor" folders or what they are coping over from the stock rom.
And a little bit of advice in the end: Don't mix up binaries of different android releases. Fixing CANNOT LINK EXECUTABLE isn't so easy to do and most of the time can't be fixed at all. Here is one example how to do it: https://github.com/ADeadTrousers/android_device_Unihertz_Atom_LXL/blob/master/patch/frameworks_av/0004-Add-missing-symbol-for-mediatek-vtservice.patch But this one was rather easy as the function mediatek expected was one optional parameter short. For your problem you need to extract the symbols from the libraries involved and try to find a suitable replacement. The "naming" of these symbols follows a certain patttern from the actual C/C++ function naming including the type of the parameters. So for "_ZNK7android6Parcel18enforceNoDataAvailEv" there must a function like "android ... Parcel ... enforceNoDataAvailEv" or similar and you need to map to the correct function hopefully only missing an optional parameter.
@lopestom I can't run the encryption. Here are the unpacked files from stock firmware. system. vendor. https://drive.google.com/file/d/1i2fiKt3wSVM4Wi0WmeqwSwjlNREuQLgJ/view?usp=drive_link Error log https://drive.google.com/file/d/1sjqfhPCMJIE9-e9bxBMQaOFFpgLcomjU/view?usp=drive_link
If you look at the stock files. there is a lot missing in twrp