[Samsung Tab A 10.5 (2018) | SM-T590] Bootloop

[dheineman]

Hello,

I have the new Samsung Tab A (2018) and attempted to flash some treble images on it following the steps on xda. Unfortunately it did not work.

Initially i booted the device on the stock firmware, enabled developer settings and switched "OEM Unlock" on. After a forced factory reset and reboot it now shows "bootloader has already been unlocked"

I then rebooted to recovery, reset to factory settings, booted to the bootloader and ran: heimdall flash --SYSTEM <image>

After that the tablet rebooted and got stuck in a bootloop, It just shows the Samsung Tab A, Secured by Knox, Powered by android logo and then reboots.

I was able to get back to recovery and the bootloader and flash the system.img extracted from the stock firmware with the same heimdall command to restore the tablet to working order (recovery with odin also works).

I am not quite sure how to get a log from the system when it is booting (adb -d logcat just keeps saying "waiting for device") so help with this would be appreciated.

p.s. The device is not rooted and does not have custom recovery

Tested images:

• phhtreble_8.1_arm64_aonly_gapps_su.img (v23)
• phhtreble_9.0_arm64_aonly_vanilla_nosu.img (v102)

Device Information:

Model number: SM-T590 (gta2xlwifi) Treble support: Yes, A only

Stock Software Information

Android version: 8.1.0
Samsung Experience version: 9.5
Kernel version:
3.18.71-13907827 (gcc version 4.9.x 20150123 (prerelease) (GCC))
dpi@21HH1D11 #1
Wed Jul 18 23:01:44 KST 2018
Build number: M1AJQ.T590XXU1ARG7
SE for android status:
Enforcing
SEPF_SM-T590_8.1.0_0002
Wed Jul 18 23:14:38 2018
Knox version:
Knox 3.2
Knox API level 26
TIMA 4.1.0
Service provider SW ver.:
SAOMC_SM-T590OXM_PHN_OO_0011
19400676
PHN//
Security software version:
ASKS v1.4 RELEASE 180410ADP v1.0 Release 180525
SMR Jun-2018 Release 1
Android security patch level: June 1, 2018

Additional resources

getprops.txt (serial redacted) boot.img.zip (obtained from the T590XXU1ARG7_T590OXM1ARG7_PHN stock image downloaded from sammobile. other parts, or the entire file is available on request)

[phhusson]

I'm guessing this is the same issue as on Galaxy A/J phones, which do have a TWRP, and I've got a log of it somewhere...

Well until then you can try to disable keymaster (that's almost always the issue...). To do that, list keymaster Hal: ls /vendor/lib64/hw/key* Then to disable them, edit system.img's bin/rw-system.sh, and add before the set -e, mount -o bind /system/phh/null /vendor/lib64/hw/...

Then flash the modified system.img and try to boot

Le mar. 28 août 2018 à 19:55, Dave Heineman notifications@github.com a écrit :

Hello,

I have the new Samsung Tab A (2018) and attempted to flash some treble images on it following the steps on xda https://www.xda-developers.com/flash-generic-system-image-project-treble-device/. Unfortunately it did not work.

Initially i booted the device on the stock firmware, enabled developer settings and switched "OEM Unlock" on. After a forced factory reset and reboot it now shows "bootloader has already been unlocked"

I then rebooted to recovery, reset to factory settings, booted to the bootloader and ran: heimdall flash --SYSTEM

After that the tablet rebooted and got stuck in a bootloop, It just shows the Samsung Tab A, Secured by Knox, Powered by android logo and then reboots.

I was able to get back to recovery and the bootloader and flash the system.img extracted from the stock firmware with the same heimdall command to restore the tablet to working order (recovery with odin also works).

I am not quite sure how to get a log from the system when it is booting (adb -d logcat just keeps saying "waiting for device") so help with this would be appreciated.

p.s. The device is not rooted and does not have custom recovery Tested images:

• phhtreble_8.1_arm64_aonly_gapps_su.img (v23)
• phhtreble_9.0_arm64_aonly_vanilla_nosu.img (v102)

Device Information:

Model number: SM-T590 https://www.devicespecifications.com/en/model/f2864bba (gta2xlwifi) Treble support: Yes, A only Stock Software Information Android version: 8.1.0 Samsung Experience version: 9.5 Kernel version: 3.18.71-13907827 (gcc version 4.9.x 20150123 (prerelease) (GCC)) dpi@21HH1D11 #1 Wed Jul 18 23:01:44 KST 2018 Build number: M1AJQ.T590XXU1ARG7 SE for android status: Enforcing SEPF_SM-T590_8.1.0_0002 Wed Jul 18 23:14:38 2018 Knox version: Knox 3.2 Knox API level 26 TIMA 4.1.0 Service provider SW ver.: SAOMC_SM-T590OXM_PHN_OO_0011 19400676 PHN// Security software version: ASKS v1.4 RELEASE 180410ADP v1.0 Release 180525 SMR Jun-2018 Release 1 Android security patch level: June 1, 2018 Additional resources

getprops.txt https://github.com/phhusson/treble_experimentations/files/2329186/getprops.txt (serial redacted) boot.img.zip https://github.com/phhusson/treble_experimentations/files/2329161/boot.img.zip (obtained from the T590XXU1ARG7_T590OXM1ARG7_PHN stock image downloaded from sammobile. other parts, or the entire file is available on request)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/157, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAOOmkZja8Mv9Do_bliG0f66PnapbWrks5uVYQfgaJpZM4WQGyt .

[dheineman]

@phhusson After attempting to list those hals and not finding the lib64 folder i realized that this tablet is arm and not arm64 😳 thus i retried with the arm images but still not success.

So following your steps and modified the system.img (for both 8.1 & 9.0) but alas no change.

I did notice something during flashing which i had not noticed before (i could have missed it). On the ODIN MODE bootloader screen the following two lines flash by right after flashing and before reboot:

Set Warranty Bit : system SECURE CHECK FAILED : system

Any more ideas?

For reference, the steps i executed to modify the Phh-Treble system images:

adb shell
gta2xlwifi:/ $ ls -la /vendor/lib/hw/key*
-rw-r--r-- 1 root root 16188 2008-12-31 16:00 /vendor/lib/hw/keystore.mdfpp.so
-rw-r--r-- 1 root root 67792 2008-12-31 16:00 /vendor/lib/hw/keystore.msm8953.so

simg2img system.img system.raw.img
sudo mount --rw system.raw.img android
sudo nano android/bin/rw-system.sh

#!/system/bin/sh

+ mount -o bind /system/phh/null /vendor/lib/hw/keystore.mdfpp.so
+ mount -o bind /system/phh/null /vendor/lib/hw/keystore.msm8953.so

set -e
...

sudo umount android
img2simg system.raw.img system_custom.img 4096

[phhusson]

Oops my bad. It's system/phh/empty, not phh/null. Also, can you root stock rom by patching boot.img with magisk manager?

[dheineman]

no problem, i remade the custom images with the correct mount and tried to flash those but no success. So i patched the stock boot.img with magisk and flashed that with the custom system.img.

Whilst neither image would boot, the boot screen now showed a Set Warranty Bit : kernel and adb -d logcat > boot.log started spewing out logs. I have included logs for both images.

phhtreble_8.1_arm_aonly_vanilla_nosu_custom_boot.log phhtreble_9.0_arm_aonly_vanilla_nosu_custom_boot.log

I reflashed stock and now have root access so if you need any more logs or files let me know.

[phhusson]

Can you try the same thing with 64bits image instead of 32bits?

[phhusson]

Erm, I should explain why The logs are saying that the kernel have 64 bits binder, and that userspace is running 32bits binder, which is incompatible. It is possible to have 64 bits binder on a 32 bits kernel, but considering this tablet isn't really so low speced, and the cpu is capable of 64bits, I'm guessing it's 64bits.

Having HAL running 32bits is totally possible

[dheineman]

Thanks for the explanation, based on the specs i also assumed the tablet was 64bit.

I modified the arm64 images i initially tried with the bind mounts and flashed those and although they did not fully boot to android there are some new things of note.

1. The bootloader does not automatically reboot the tablet after flashing the image and heimdall gives the following log message:

...
Uploading SYSTEM
100%
SYSTEM upload successful

Ending session...
ERROR: Failed to receive session end confirmation!
Releasing device interface...

2. On both the 8.1 & 9.0 image the system does not seem to bootloop anymore. It starts, shows the Samsung Tab A screen and then turns to black. The logcat command finishes and i am able to access a adb shell but it seems to be in an incomplete state as i could not open /sdcard.

I tried to download /sys/fs/pstore and/or /proc/last_kmsg (you mentioned them in another issue). But i am hit with a Permission denied and running and adb root also gives a adbd cannot run as root in production builds. As installing adbd Insecure does not seem likely any ideas around that?

Below are the boot logs. phhtreble_8.1_arm64_aonly_gapps_su_custom_boot.log phhtreble_9.0_arm64_aonly_vanilla_nosu_custom_boot.log

p.s. i attempted the 8.1 trice (as i though it failed until i checked adb shell) and the log sizes seemed to vary between 1 and 11 mb.

p.p.s Somewhere along the line i also got the blue An error has occurred while update the device software... screen but i was able to recover from it.

[phhusson]

Okay. It looks like scripts run in my SELinux context are broken. Could you redo the logcat with -b all? (Or was it already the case?) Could be because of magisk, could be because of Samsung.

Can you check the value of the environment LD_CONFIG_FILE? Should be ld.config.26.txt

The current issue is surfaceflinger not finding an opengl implementation. To debug that, run the command "stop" to stop android from trying to run. Then do a strace of it: strace -f -s 300 -o /data/local/tmp/str surfaceflinger And retrieve the str file My guess is that the OpenGL implementation requires additional libs in vndk-sp that are not present in standard vndk-sp. Another way to debug that is to retrieve the gl lib (in vendor/lib64/egl) and check its dependencies with readelf -a |grep NEEDED

Le mer. 29 août 2018 à 23:58, Dave Heineman notifications@github.com a écrit :

Thanks for the explanation, based on the specs i also assumed the tablet was 64bit.

I modified the arm64 images i initially tried with the bind mounts and flashed those and although they did not fully boot to android there are some new things of note.

1. The bootloader does not automatically reboot the tablet after flashing the image and heimdall gives the following log message:

... Uploading SYSTEM 100% SYSTEM upload successful

Ending session... ERROR: Failed to receive session end confirmation! Releasing device interface...

2. On both the 8.1 & 9.0 image the system do not seem to bootloop anymore. It starts, shows the Samsung Tab A screen and then turns to black. The logcat command finishes and i am able to access a adb shell but it seems to be in an incomplete state as i could not open /sdcard.

I tried to download /sys/fs/pstore and/or /proc/last_kmsg (you mentioned them in another issue). But i am hit with a Permission denied running and adb root also gives a adbd cannot run as root in production builds and as installing adbd Insecure does not seem likely any ideas around that?

Below are the boot logs. phhtreble_8.1_arm64_aonly_gapps_su_custom_boot.log https://github.com/phhusson/treble_experimentations/files/2333844/phhtreble_8.1_arm64_aonly_gapps_su_custom_boot.log phhtreble_9.0_arm64_aonly_vanilla_nosu_custom_boot.log https://github.com/phhusson/treble_experimentations/files/2333800/phhtreble_9.0_arm64_aonly_vanilla_nosu_custom_boot.log

p.s. i attempted the 8.1 trice (as i though it failed until i checked adb shell) and the log sizes seemed to vary between 1 and 11 mb.

Somewhere along the line i also got the blue https://i.ytimg.com/vi/Ox_p3cXYlP4/maxresdefault.jpg An error has occurred while update the device software... screen but i was able to recover from it.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/157#issuecomment-417120189, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAOOgsu0Iix-bJWyxIg9PryDTaOjoiDks5uVw6egaJpZM4WQGyt .

[dheineman]

Here are the new logs for the 8.1 image now with ./adb -d logcat -b all

phhtreble_8.1_arm64_aonly_gapps_su_custom.log

The Environment variable contained /system/etc/ld.config.27.txt

And whilst is was unable to execute the stop command (permission denied) i was able to pull the egl files and ran a readelf on them.

phhtreble_gllib_readelf.log

I can do the same for the new 9.0 v103 image tonight if needed.

[phhusson]

Well you need to call su before doing stop or the strace

[dheineman]

I think i tried that but it waited for a little while before also giving me something along the lines of permission denied.

I thought it might be because i can not approve the request for root on the tablet. (previously when i tried that on stock the os prompted me to approve or deny the request). But i can try again tonight.

[phhusson]

Try running "phh-su" instead perhaps. It should fallback to my su instead of magisk, which doesn't ask for permission when coming from adb shell

[dheineman]

I tried running phh-su in adb shell but i does not seem to work. The command just "gets stuck" and never responds.

[phhusson]

Could you try with my latest 8.0 AOSP? https://androidfilehost.com/?w=files&flid=240984 The download is painfully slow, it's the only mirror available sorry...

[dheineman]

Sure no problem, i can download and test it tonight. Do note that the tablet came stock with android 8.1 will downgrading it even be possible?

[phhusson]

Oh, excellent point. I thought this was a native 8.0...

Could you send me a dump of your vendor partition? I'll try and see if I can try to reproduce inside or a sandbox, a chroot or something

[dheineman]

Would the vendor.img.ext4(.lz4) extracted from the stock image be enough or do you want an actual dump from the device? In case of the latter from what i am reading online this would also require su (which is not working).

vendor.img.ext4.lz4 (link valid untill 7 September, 2018)

[phhusson]

Yup that's fine, thanks. Image downloaded.

[phhusson]

OKAY. I'm stupid, I should have checked that. Your device is actually running in 32 bits, even if that's a 64bits binder.

I'll make you an image to test that.

[phhusson]

That's not perfect, but we'll with this: Download and flash https://drive.google.com/open?id=1S8lcuXcynVgfzVCXzcjAiFqhKqyQ38Y0

I'm expecting it will still not boot, but I could be wrong so first test that. Then, you'll need to replace libbinder and libhwbinder in system/lib/vndk-27, with those: https://treble.phh.me/libbinder32_64.so https://treble.phh.me/libhwbinder32_64.so

You can do it before flash like you did before, or simpler: adb root adb remount adb push libbinder32_64.so /system/lib/vndk-27/libbinder.so adb push libhwbinder32_64.so /system/lib/vndk-27/libhwbinder.so

(if this works, I'll integrate binder version binder bitness auto-detection inside the "arm" image)

[dheineman]

A boot with the system.img got stuck on the "Samsung Galaxy Tab A, powered by android" screen but i can get a shell.

After pushing the two .so files it has started bootlooping again but i now occasionally get a android screen before it reboots.

included is a log from a boot with the android screen showing up boot_with_android.log

checking out the log, the reboot seems to be caused by keymaster/cryptfs:

01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:28) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [WRN] (swd_decrypt_ekey:418) enc_ver = 25
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [ERR] (km_verify_user_begin:144) km_authtoken_verify failed: -30
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [ERR] (km_authorize_begin:286) Failed with error: 4294967
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [ERR] (km_operation_init:343) Failed with error: 4294967
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [ERR] (swd_begin:424) Failed with error: 4294967
01-26 09:36:26.694   506   506 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:228) swd_begin() returns -30
01-26 09:36:26.694   506   506 W keymaster_tee: [WRN]Returning with error: -30
01-26 09:36:26.694   506   506 W keymaster2_mdfpp: exit begin function, returned -30
01-26 09:36:26.694   507   683 E vold    : begin failed, code -30
01-26 09:36:26.694   507   683 E vold    : Error starting keymaster signature transaction: -30
01-26 09:36:26.695   507   683 E Cryptfs : Signing failed
01-26 09:36:26.695   507   683 E Cryptfs : scrypt failed
01-26 09:36:26.695   507   683 E Cryptfs : Cannot create encrypted master key
01-26 09:36:26.695   507   683 E Cryptfs : Error enabling encryption after framework is shutdown, no data changed, restarting system
01-26 09:36:26.709     0     0 I [4:           init:    1] init: Reboot start, reason: reboot, rebootTarget:

[phhusson]

Ok, the Android logo means it got working GL, good. Now we can see keymaster errors, so add again the two mount -o bind to rw-system

Le ven. 31 août 2018 à 18:24, Dave Heineman notifications@github.com a écrit :

A boot with the system.img got stuck on the "Samsung Galaxy Tab A, powered by android" screen but i can get a shell.

After pushing the two .so files it has started bootlooping again but i now occasionally get a a android https://helloworldhelp.files.wordpress.com/2018/03/android-boot-logo.jpg?w=700&h=400&crop=1 screen before it reboots.

included is a log from a boot with the android screen showing up boot_with_android.log https://github.com/phhusson/treble_experimentations/files/2340815/boot_with_android.log

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/157#issuecomment-417716741, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAOOpJ0Duk54EK012-sk3fZibcn2hVxks5uWWMngaJpZM4WQGyt .

[dheineman]

Does not seem like it changed anything

boot_with_keymaster.log

steps for reference: I flashed the test image from https://github.com/phhusson/treble_experimentations/issues/157#issuecomment-417681968 with heimdall flash --SYSTEM system.img and let it boot and executed:

adb root
adb remount
adb push libbinder32_64.so /system/lib/vndk-27/libbinder.so
adb push libhwbinder32_64.so /system/lib/vndk-27/libhwbinder.so
adb pull /system/bin/rw-system.sh rw-system.sh

#!/system/bin/sh

+ mount -o bind /system/phh/empty /vendor/lib/hw/keystore.mdfpp.so
+ mount -o bind /system/phh/empty /vendor/lib/hw/keystore.msm8953.so

set -e

adb push rw-system.sh /system/bin/rw-system.sh
adb reboot

[phhusson]

Could you give a try without magisk? rw-system.sh is not being run at all, I don't know if it's because of Magisk or Samsung protections...

[dheineman]

Mounted the test image in ubuntu copied the .so files and modified rw-system.sh to create a custom image (as the steps above will require root and not work on original boot)

heimdall flash --BOOT original_boot.img --SYSTEM custom_image.img

...
Uploading BOOT
100%
BOOT upload successful

Uploading SYSTEM
6%
ERROR: Failed to confirm end of file transfer sequence!
ERROR: SYSTEM upload failed!

Ending session...
ERROR: Failed to receive session end confirmation!
Releasing device interface...

The ODIN MODE screen displays the following: SW REV CHECK FAIL : [system]Fused 1 > Binary 0

After this it was just bootloops in every way i tried to flash it (i even tried flashing the full stock package with odin3) but no success.

I reflashed rooted_boot.img after which it booted again (on stock system.img) so it seems like the tablet is completely refusing to start on stock boot.

[phhusson]

Perhaps try to simg2img the system.img before flashing it?

[dheineman]

Flashing the (non sparse) patched_system.raw.img did work, but as before booting on the stock boot.img does not; and as i have no root i do not get any logs.

After this i reflashed rooted_boot.img and booted it got stuck on the Samsung Galaxy tab A screen again but based on the log it got stuck in some different kind of loop.

I cut it off a some point as the logs seem to be repeating but i have included the file. Something (i believe) of note is that it seems like in this case it did at least run rw-systems.sh (or made an attempt)

...
01-29 10:14:00.169     0     0 I [4:           init:    1] init: starting service 'exec 4 (/system/bin/rw-system.sh)'...
01-29 10:14:00.170     0     0 I [4:           init:    1] init: SVC_EXEC pid 484 (uid 0 gid 0+0 context default) started; waiting...
--------- beginning of crash
01-29 10:14:00.180   484   484 F libc    : unable to stat "/proc/self/exe": Permission denied
01-29 10:14:00.180   484   484 F libc    : Fatal signal 6 (SIGABRT), code -6 (SI_TKILL) in tid 484 (rw-system.sh), pid 484 (rw-system.sh)
01-29 10:14:00.218   487   487 I crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone
01-29 10:14:00.218   487   487 E libc    : failed to connect to tombstoned: No such file or directory
01-29 10:14:00.218   487   487 I crash_dump32: performing dump of process 484 (target tid = 484)
01-29 10:14:00.219   487   487 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-29 10:14:00.219   487   487 F DEBUG   : Build fingerprint: 'Android/treble_arm_b64_avS/phhgsi_arm_b64_a:9/PPR1.180610.009/phh:userdebug/test-keys'
01-29 10:14:00.219   487   487 F DEBUG   : Revision: '5'
01-29 10:14:00.219   487   487 F DEBUG   : ABI: 'arm'
01-29 10:14:00.219   487   487 F DEBUG   : pid: 484, tid: 484, name: rw-system.sh  >>> /system/bin/sh <<<
01-29 10:14:00.219   487   487 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
01-29 10:14:00.219   487   487 F DEBUG   : Abort message: 'unable to stat "/proc/self/exe": Permission denied'
01-29 10:14:00.219   487   487 F DEBUG   :     r0  00000000  r1  000001e4  r2  00000006  r3  f1789c60
01-29 10:14:00.220   487   487 F DEBUG   :     r4  000001e4  r5  000001e4  r6  ff91abdc  r7  0000010c
01-29 10:14:00.220   487   487 F DEBUG   :     r8  00000000  r9  00000000  r10 00000000  r11 00000000
01-29 10:14:00.220   487   487 F DEBUG   :     ip  00000000  sp  ff91abc8  lr  f175920d  pc  f1757356
01-29 10:14:00.222   487   487 F DEBUG   : 
01-29 10:14:00.222   487   487 F DEBUG   : backtrace:
01-29 10:14:00.223   487   487 F DEBUG   :     #00 pc 00086356  /system/bin/linker (__dl_abort+62)
01-29 10:14:00.223   487   487 F DEBUG   :     #01 pc 00015bfb  /system/bin/linker (__dl___linker_init+2918)
01-29 10:14:00.223   487   487 F DEBUG   :     #02 pc 0001a644  /system/bin/linker (__dl__start+4)
01-29 10:14:00.225     0     0 D [4:    logd.reader:  438] logd: logdr: UID=0 GID=0 PID=487 n tail=50 logMask=8 pid=484 start=0ns timeout=0ns
01-29 10:14:00.226     0     0 D [4:    logd.reader:  438] logd: logdr: UID=0 GID=0 PID=487 n tail=50 logMask=1 pid=484 start=0ns timeout=0ns
01-29 10:14:00.227     0     0 D [4:    logd.reader:  438] logd: logdr: UID=0 GID=0 PID=487 n tail=0 logMask=8 pid=484 start=0ns timeout=0ns
01-29 10:14:00.227     0     0 D [4:    logd.reader:  438] logd: logdr: UID=0 GID=0 PID=487 n tail=0 logMask=1 pid=484 start=0ns timeout=0ns
01-29 10:14:00.228   487   487 E crash_dump32: unable to connect to activity manager: No such file or directory
01-29 10:14:00.229     0     0 I [4:           init:    1] init: Service 'exec 4 (/system/bin/rw-system.sh)' (pid 484) killed by signal 6 waiting took 0.059000 seconds
...

rooted-boot_patched_system.log

p.s. i hope these logs and debug information is still helpful to you, i think it is already awesome you are helping out to such an extend.

[phhusson]

Without magisk, what's the precise behaviour?

Reboot straights to download mode? recovery? Stuck? Did you check you don't actually get an adb connection at this point?

I guess that your next thing to try is to remove /vendor/lib/hw/key*. Android will fallback to software keymaster

[dheineman]

Booting the device on stock boot.img without magisk with whatever system.img (including stock) will result in the tablet continuously rebooting directly after the Samsung Galaxy Tab A screen occasionally flashing a black screen, adb -d logcat -b all > boot.log keeps waiting for devices and no logs are produced.

Booting with a magisk patched boot.img and v23 arm system will do the same but also produce a log. Using the test image from comment 417681968 the tablet will get stuck on the Samsung Galaxy Tab A screen with a never ending log and the same goes for the patched image (log)

I am not quite sure what is going on because even without the .so patches i am not seeing the openGL errors in the logs anymore and i am not able to get back to the "android logo" boot screen. Is it now crashing before even getting to this point or is some file or configuration staying behind even after flashing boot & system and factory resetting the device between every flash?

I can also no longer access a root shell with the test image on the device as after executing a adb root adb will no longer find the device (possibly related to the previous paragraph) so i might have to make a patched vendor.img file in order to test removing the key* files.

Currently the only way to boot the tablet in a working android system is with a magisk patched boot image and the stock system image.

side note: i noticed a keymaster.mbn file in the stock image files. Could be completely unrelated or unhelpful but given it's name i though can't do any harm to include it. keymaster.mbn.zip

[phhusson]

Some new (Samsung...) devices surfaced with 32bits software, 64bits binder, and also various annoying stuff that might be related to what you get. So, could you test https://github.com/phhusson/treble_experimentations/releases/download/v108/system-arm32_binder64-aonly-vanilla-nosu.img.xz ? If it doesn't boot, try again the keymaster changes

[JeroenED]

Hi,

Just letting you know that I tried flashing resurrection remix GSI on my tab 10.5 and it does not work. It gives the galaxy tab A screen and goes into bootloop. No resurrection logo, no sign of any life.

I really would like to help but I have no idea on how to get a adb via original stock recovery. Building it myself wouldn't work either. I'm living in poor little belgium where I have a 200GB data limit which is almost not enough for me alone.

File flashed: system-190406-arm32binder64-aonly-vanilla-nosu.img Download location: https://get.resurrectionremix.com/?dir=gsi

[waltercool]

Sorry for reviving this old topic, but did someone found a problem about it? I got the same problem with Samsung Galaxy Tab S4.

11-17 22:45:29.799 936 936 W keymaster_tee: [WRN]start nwd_get_key_characteristics 11-17 22:45:29.807 936 936 D keymaster_swd: keymaster: 2 log strings received 11-17 22:45:29.807 936 936 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:28) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1 11-17 22:45:29.807 936 936 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:228) swd_get_key_characteristics() returns 0 11-17 22:45:29.807 936 936 W keymaster_tee: [WRN]ret OK PARAMS: A32 AT3 P1 B32 P1 TO15 S256 2020.11.17,22:45:18.944 11-17 22:45:29.808 1298 4487 I keymaster_worker: upgradeKeyBlob USRPKEY_syntheticpasswordREMOVED 1000 11-17 22:45:29.809 936 936 D keymaster2_mdfpp: entered upgrade_key function. 11-17 22:45:29.820 936 936 D keymaster_swd: keymaster: 3 log strings received 11-17 22:45:29.820 936 936 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:28) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1 11-17 22:45:29.820 936 936 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:28) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1 11-17 22:45:29.820 936 936 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:228) swd_upgrade_key() returns 0 11-17 22:45:29.820 936 936 D keymaster2_mdfpp: exit upgrade_key function, returned 0 11-17 22:45:29.831 936 936 W keymaster_tee: [WRN]start nwd_get_key_characteristics 11-17 22:45:29.840 936 936 D keymaster_swd: keymaster: 2 log strings received 11-17 22:45:29.840 936 936 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:28) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1 11-17 22:45:29.840 936 936 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:228) swd_get_key_characteristics() returns 0 11-17 22:45:29.840 936 936 W keymaster_tee: [WRN]ret OK PARAMS: A32 AT3 P1 B32 P1 TO15 S256 2020.11.17,22:45:18.944 11-17 22:45:29.842 1539 4478 W System.err: java.security.InvalidKeyException: Keystore operation failed 11-17 22:45:29.842 1539 4478 W System.err: at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1373) 11-17 22:45:29.842 1539 4478 W System.err: at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1413) 11-17 22:45:29.842 1539 4478 W System.err: at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) 11-17 22:45:29.842 1539 4478 W System.err: at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) 11-17 22:45:29.842 1539 4478 W System.err: at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265) 11-17 22:45:29.842 1539 4478 W System.err: at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:148) 11-17 22:45:29.842 1539 4478 W System.err: at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2980) 11-17 22:45:29.842 1539 4478 W System.err: at javax.crypto.Cipher.tryCombinations(Cipher.java:2891)

...

[waltercool]

OK, seems like removing /vendor/lib64/hw/keystore.* did the job. Sadly, it might lose encryption by hardware. Not expert on this.

[GiorgioSteel]

hello guys, i have an Tab A t590, and im trying to flash the firmware but no luck, the OEM its locked and i cant acces the settings tab ...not passing after logo....i need help please !!