Closed lss4 closed 3 years ago
How did you confirm the repack works? Which variant did you install?
Le jeu. 4 mars 2021 à 15:01, L.S.S. notifications@github.com a écrit :
This device uses dynamic partitioning. I used this script https://forum.xda-developers.com/t/how-to-make-gsi-flasher-for-samsung-galaxy-a51-super-partition-image.4216083/ to flash the GSI and I can confirm it works. However, the system cannot boot and keeps rebooting on Samsung logo.
Tried both vndkilte and non-lite, and this is on AOSP v301. Before this release I flashed a few others and they did not work, either.
I don't know if there's any way to look into the problem and figure out what caused the system not to boot...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/1744, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAA4OVS5OMHO3IUHBC3VN3TB6HB3ANCNFSM4YTJW2NQ .
How did you confirm the repack works? Which variant did you install?
arm64-ab-vanilla ones.
I can confirm by trying to mount /system_root
from TWRP, and I was able to see the content of the GSI.
Both vndklite and non-vndklite ones were tried. Not working.
Not because of the magisk patching?
In an mtk device that had some gsi not booting due to patching, but if it is for dm verity issues try the dm verity disabler and if you have vbmeta try an empty one
Not because of the magisk patching?
In an mtk device that had some gsi not booting due to patching, but if it is for dm verity issues try the dm verity disabler and if you have vbmeta try an empty one
Not sure, but Magisk works on stock and I'm already using it there. I need it to be working on GSI for my purpose, so if it turned out not working it defeats my purpose. The tablet is using Snapdragon 865.
When I unlocked the bootloader, the first thing I flashed even before TWRP was a "neutralized" vbmeta
I got from a guide for another Samsung device, though I'm new to this and I'm not sure if that's empty or not.
EDIT: Back then with some February patch GSIs (from GsiTestProjects, like Nusantara, which were already securized), I even tried renaming resetprop
to something else (note that I can mount /system_root
r/w on those) to avoid colliding with Magisk, and that did not work, either.
EDIT 2: I also suspected I might need to flash Multi-Disabler again, but as of the result from vndklite
variant it wasn't necessary. Should note that Multi-Disabler will fail on non-vndklite
variant since /system_root
cannot be mounted r/w (even that attempt failed).
EDIT 3: The vbmeta
I flashed is only 256 bytes and appears empty, with avbtool 1.1.0
in it. I don't know if I need to flash a larger img (to wipe everything) as I checked the original one from Samsung is about 10kB with contents.
Maybe this works for you, I had a similar error on the galaxy a51, try from twrp with the option to "fix contexts"
Maybe this works for you, I had a similar error on the galaxy a51, try from twrp with the option to "fix contexts"
Just tried this. No, it doesn't make any difference. The device still cannot boot. This is on v302, using ARM64 AB vndklite vanilla.
Thinking that using a Magisk-patched image might be related I flashed the unmodified boot via Odin, and now it entered a strange FastBoot Mode
that I can see via fastboot
command (which I think it might be fastbootd
), but cannot do anything else, including flashing system
from there.
I can't even reboot:
$ fastboot reboot
Rebooting FAILED (remote: 'unknown command')
fastboot: error: Command failed
EDIT: It says something like this
Press volume key to select, and press power key to select
FastBoot Mode (in red color)
PRODUCT_NAME - kona
VARIANT - SM8 UFS
BOOTLOADER VERSION -
BASEBAND VERSION -
SERIAL NUMBER - xxxxxx
SECURE BOOT - yes
DEVICE STATE - unlocked (in red color)
Volume key has no effect. Power key would reboot the device then return to this screen again.
EDIT: I can do fastboot getvar all
in this state. I don't know what else I should try.
I think the unmodified boot.img.lz4
that I flashed via Odin didn't really boot, so the "FastBoot Mode" I saw was actually the bootloader, just that the bootloader's fastboot doesn't offer any usable options.
Here are the stuffs I got using fastboot getvar all
:
(bootloader) parallel-download-flash:yes
(bootloader) hw-revision:0
(bootloader) unlocked:yes
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) battery-soc-ok:yes
(bootloader) battery-voltage:3700
(bootloader) version-baseband:
(bootloader) version-bootloader:
(bootloader) erase-block-size: 0x1000
(bootloader) logical-block-size: 0x1000
(bootloader) variant:SM8 UFS
(bootloader) partition-type:pad:raw
(bootloader) partition-size:pad: 0x80000
(bootloader) partition-type:tziccc:raw
(bootloader) partition-size:tziccc: 0x200000
(bootloader) partition-type:hyp:raw
(bootloader) partition-size:hyp: 0x100000
(bootloader) partition-type:btd:raw
(bootloader) partition-size:btd: 0x200000
(bootloader) partition-type:hdm:raw
(bootloader) partition-size:hdm: 0x200000
(bootloader) partition-type:vk:raw
(bootloader) partition-size:vk: 0x200000
(bootloader) partition-type:uefivarstore:raw
(bootloader) partition-size:uefivarstore: 0x80000
(bootloader) partition-type:secdata:raw
(bootloader) partition-size:secdata: 0x8000
(bootloader) partition-type:multiimgqti:raw
(bootloader) partition-size:multiimgqti: 0x8000
(bootloader) partition-type:multiimgoem:raw
(bootloader) partition-size:multiimgoem: 0x8000
(bootloader) partition-type:uefisecapp:raw
(bootloader) partition-size:uefisecapp: 0x200000
(bootloader) partition-type:qupfw:raw
(bootloader) partition-size:qupfw: 0x14000
(bootloader) partition-type:vbmeta:raw
(bootloader) partition-size:vbmeta: 0x10000
(bootloader) partition-type:storsec:raw
(bootloader) partition-size:storsec: 0x80000
(bootloader) partition-type:devcfg:raw
(bootloader) partition-size:devcfg: 0x20000
(bootloader) partition-type:logfs:raw
(bootloader) partition-size:logfs: 0x800000
(bootloader) partition-type:toolsfv:raw
(bootloader) partition-size:toolsfv: 0x200000
(bootloader) partition-type:limits-cdsp:raw
(bootloader) partition-size:limits-cdsp: 0x1000
(bootloader) partition-type:limits:raw
(bootloader) partition-size:limits: 0x1000
(bootloader) partition-type:spunvm:raw
(bootloader) partition-size:spunvm: 0x800000
(bootloader) partition-type:dpo:raw
(bootloader) partition-size:dpo: 0x1000
(bootloader) partition-type:msadp:raw
(bootloader) partition-size:msadp: 0x40000
(bootloader) partition-type:apdp:raw
(bootloader) partition-size:apdp: 0x40000
(bootloader) partition-type:cmnlib64:raw
(bootloader) partition-size:cmnlib64: 0x80000
(bootloader) partition-type:cmnlib:raw
(bootloader) partition-size:cmnlib: 0x80000
(bootloader) partition-type:keymaster:raw
(bootloader) partition-size:keymaster: 0x80000
(bootloader) partition-type:bksecapp:raw
(bootloader) partition-size:bksecapp: 0x60000
(bootloader) partition-type:bluetooth:raw
(bootloader) partition-size:bluetooth: 0x100000
(bootloader) partition-type:devinfo:raw
(bootloader) partition-size:devinfo: 0x1000
(bootloader) partition-type:abl:raw
(bootloader) partition-size:abl: 0x400000
(bootloader) partition-type:aop:raw
(bootloader) partition-size:aop: 0x80000
(bootloader) partition-type:pad:raw
(bootloader) partition-size:pad: 0x80000
(bootloader) partition-type:tz:raw
(bootloader) partition-size:tz: 0x400000
(bootloader) partition-type:mdm1m9kefs3:raw
(bootloader) partition-size:mdm1m9kefs3: 0x200000
(bootloader) partition-type:fsg:raw
(bootloader) partition-size:fsg: 0x200000
(bootloader) partition-type:mdmddr:raw
(bootloader) partition-size:mdmddr: 0x100000
(bootloader) partition-type:ddr:raw
(bootloader) partition-size:ddr: 0x100000
(bootloader) partition-type:xbl_config:raw
(bootloader) partition-size:xbl_config: 0x3F5000
(bootloader) partition-type:xbl:raw
(bootloader) partition-size:xbl: 0x400000
(bootloader) partition-type:xbl_config:raw
(bootloader) partition-size:xbl_config: 0x3F5000
(bootloader) partition-type:xbl:raw
(bootloader) partition-size:xbl: 0x400000
(bootloader) partition-type:userdata:f2fs
(bootloader) partition-size:userdata: 0x389C2FB000
(bootloader) partition-type:logdump:raw
(bootloader) partition-size:logdump: 0x1000000
(bootloader) partition-type:spu:raw
(bootloader) partition-size:spu: 0x3200000
(bootloader) partition-type:omr:raw
(bootloader) partition-size:omr: 0x3200000
(bootloader) partition-type:hidden:raw
(bootloader) partition-size:hidden: 0x2800000
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x1F400000
(bootloader) partition-type:optics:raw
(bootloader) partition-size:optics: 0x1E00000
(bootloader) partition-type:prism:raw
(bootloader) partition-size:prism: 0x38400000
(bootloader) partition-type:super:raw
(bootloader) partition-size:super: 0x25E400000
(bootloader) partition-type:metadata:raw
(bootloader) partition-size:metadata: 0x2000000
(bootloader) partition-type:vbmeta_samsung:raw
(bootloader) partition-size:vbmeta_samsung: 0x10000
(bootloader) partition-type:keydata:raw
(bootloader) partition-size:keydata: 0x1000000
(bootloader) partition-type:keyrefuge:raw
(bootloader) partition-size:keyrefuge: 0x1000000
(bootloader) partition-type:recovery:raw
(bootloader) partition-size:recovery: 0x52DD000
(bootloader) partition-type:boot:raw
(bootloader) partition-size:boot: 0x4400000
(bootloader) partition-type:dtbo:raw
(bootloader) partition-size:dtbo: 0xA00000
(bootloader) partition-type:dsp:raw
(bootloader) partition-size:dsp: 0x4000000
(bootloader) partition-type:modem:raw
(bootloader) partition-size:modem: 0xC300000
(bootloader) partition-type:apnhlos:raw
(bootloader) partition-size:apnhlos: 0xAC00000
(bootloader) partition-type:dqmdbg:raw
(bootloader) partition-size:dqmdbg: 0x1000000
(bootloader) partition-type:steady:raw
(bootloader) partition-size:steady: 0x400000
(bootloader) partition-type:persistent:raw
(bootloader) partition-size:persistent: 0x80000
(bootloader) partition-type:bota:raw
(bootloader) partition-size:bota: 0x2800000
(bootloader) partition-type:keystore:raw
(bootloader) partition-size:keystore: 0x80000
(bootloader) partition-type:misc:raw
(bootloader) partition-size:misc: 0x100000
(bootloader) partition-type:sec_efs:raw
(bootloader) partition-size:sec_efs: 0x1400000
(bootloader) partition-type:debug:raw
(bootloader) partition-size:debug: 0xA00000
(bootloader) partition-type:param:raw
(bootloader) partition-size:param: 0xA00000
(bootloader) partition-type:efs:raw
(bootloader) partition-size:efs: 0x1400000
(bootloader) partition-type:persist:raw
(bootloader) partition-size:persist: 0x2000000
(bootloader) partition-type:ssd:raw
(bootloader) partition-size:ssd: 0x2000
(bootloader) partition-type:mdm1m9kefsc:raw
(bootloader) partition-size:mdm1m9kefsc: 0x8000
(bootloader) partition-type:mdm1m9kefs2:raw
(bootloader) partition-size:mdm1m9kefs2: 0x200000
(bootloader) partition-type:mdm1m9kefs1:raw
(bootloader) partition-size:mdm1m9kefs1: 0x200000
(bootloader) partition-type:fsc:raw
(bootloader) partition-size:fsc: 0x1000
(bootloader) partition-type:modemst2:raw
(bootloader) partition-size:modemst2: 0x200000
(bootloader) partition-type:modemst1:raw
(bootloader) partition-size:modemst1: 0x200000
(bootloader) secure:yes
(bootloader) serialno:xxxxxxxxxx
(bootloader) product:kona
(bootloader) is-userspace:no
(bootloader) max-download-size:805306368
(bootloader) kernel:uefi
all:
Finished. Total time: 0.008s
Probably nothing really helpful, but at least this is-userspace: no
tells me that I'm actually in the bootloader, according to this.
I'm too lazy to re read everything but anyway:
Here are the SELinux files I took from vendor/etc/selinux
.
selinux.zip
The stock recovery (took from the most recent BUBB build) is too large to drop it here, so here's the link.
As for the vbmeta
, just checked that the 256-byte one that I used has a 2 at offset 123. Does it have to be 3? Actually I found another 4KB empty vbmeta that has avbtool 1.0.0
in it, and it also has a 2 at offset 123.
On an "empty" vbmeta, 2 is really not okay. Bit 1 is "verification", which means whether boot.img's signature should be checked or not (bit set means skip verification), Bit 2 is "dm-verity", whether system/product/odm/vendor partitions' signature should be checked.
Since "empty" vbmeta doesn't have boot.img's signature, it can't really work. It's possible that's where vbmeta_samsung partitions comes in, I don't know.
What I usually prefer to do is take stock OEM's vbmeta.img and set 3 at 123, so that I have a vbmeta.img with all signatures and metadata in case bootloader doesn't respect everything.
On an "empty" vbmeta, 2 is really not okay. Bit 1 is "verification", which means whether boot.img's signature should be checked or not (bit set means skip verification), Bit 2 is "dm-verity", whether system/product/odm/vendor partitions' signature should be checked.
Since "empty" vbmeta doesn't have boot.img's signature, it can't really work. It's possible that's where vbmeta_samsung partitions comes in, I don't know.
What I usually prefer to do is take stock OEM's vbmeta.img and set 3 at 123, so that I have a vbmeta.img with all signatures and metadata in case bootloader doesn't respect everything.
Guess Magisk patches allowed boot.img to boot while preserving avb, so they were set to 2 instead of 3 (which I believe is to pass Safety Net). As Safety Net is not a concern to me, I just flashed a modified original vbmeta with offset 123 set to 0x3 as instructed. However, it doesn't appear to be enough to allow the v302 GSI to boot.
I can confirm from your selinux that this is the same issue as other Samsung Qualcomm devices.
Le dim. 14 mars 2021 à 18:44, L.S.S. @.***> a écrit :
On an "empty" vbmeta, 2 is really not okay. Bit 1 is "verification", which means whether boot.img's signature should be checked or not (bit set means skip verification), Bit 2 is "dm-verity", whether system/product/odm/vendor partitions' signature should be checked.
Since "empty" vbmeta doesn't have boot.img's signature, it can't really work. It's possible that's where vbmeta_samsung partitions comes in, I don't know.
What I usually prefer to do is take stock OEM's vbmeta.img and set 3 at 123, so that I have a vbmeta.img with all signatures and metadata in case bootloader doesn't respect everything.
Guess Magisk patches allowed boot.img to boot while preserving avb, so they were set to 2 instead of 3 (which I believe is to pass Safety Net). As Safety Net is not a concern to me, I just flashed a modified original vbmeta with offset 123 set to 0x3 as instructed. However, it doesn't appear to be enough to allow the v302 GSI to boot.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/1744#issuecomment-798948040, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAA4OQPIBJG25TQULFSCOTTDTYWHANCNFSM4YTJW2NQ .
Guess I'll have to wait for now. I just attempted to flash v222 (Android 10) and it obviously didn't work, either.
Maybe I need to be on an Android 10 stock FW to use Android 10 GSI, but it's not really important... I'll just wait until issues with Android 11 GSI have been resolved.
Okay. Looks like AOSP v304 booted on my device. However, as said, it's not compatible with Magisk so I have to flash the original boot.img
and the original vbmeta.img
with the byte in offset 123 set to 03H to ensure I won't fall into the bootloader.
Will keep the issue open until Magisk becomes usable. For now I'll have to look for some non-systemless alternatives.
EDIT: An issue. It seems MTP doesn't work correctly here... Will test a few more stuffs besides Magisk (which doesn't work yet) for the time being. This is not a major issue for me as I'm never a fan of MTP and transfer files mostly via ADB.
04-06 06:58:29.978 3209 3209 D MtpService: starting MTP server in MTP mode with storage /storage/emulated/0 unlocked as user 0
04-06 06:58:29.980 3209 3209 I MtpService: Couldn't get control FD!
04-06 06:58:29.982 3209 3209 V MtpService: Adding MTP storage:<internal storage path here>
04-06 06:58:29.982 3209 3209 V MtpService: Adding MTP storage:<external storage path here>
04-06 06:58:29.983 3209 4693 E MtpServer: Failed to start usb driver!
EDIT 2: Guess I simply can't use GApps on GSI without Magisk... it said my device is not certified. Maybe this is due to my installing Aurora Services to system, as I'd like to use Aurora Droid/Store with it...
EDIT 3: I reverted to the original GSI state since I can't use GApps. I'm thinking about securizing it. However, after securizing, the tablet couldn't boot anymore. It stuck on Samsung logo without even rebooting, and I couldn't even bring it to TWRP... still trying...
Magisk is not going to work at the moment, on the google certification, you can certify if you use the tutorial for that in xda you must wait a few minutes after installing the gsi, about the mtp that is normal in samsung, I think it can be corrected with a custom kernel, but I do not recommend doing it, it is better to have everything in stock
Should add that I also can't seem to make audio go through Type-C to 3.5 adapters like I could in stock FW. Audio always goes to the tablet speakers. Is this issue generic on GSI?
I cannot even securize. Securizing would semi-brick the device and I have to flash TWRP again to be able to enter the recovery to revert the mistake.
Also, GApps certification doesn't seem to work in my case. After entering the device ID I'm still getting that I'm not certified. One of the games expect GApps to be installed, though... If Magisk works, I can consider using NanoDroid with microG as that also works for me regarding GMS.
So for now, GSI can be booted (finally), but not to the point that I could accept yet...
PS: Sadly I can no longer downgrade to Android Q builds to test anymore, as the build I'm currently on, T976BXXS2BUC1
, has just set the BIT value to 2 from 1.
EDIT: It seems using alternative audio policy works for getting the audio to go through Type-C.
I'm able to get a GSI booting with working Magisk by using ATK3
(A10) vendor, so Android 10 vendors work perfectly here.
However, since I've upgraded past BUC1
Odin will block me when trying to flash A10 images, so an alternative way is needed.
The GSI and the A10 vendor can be flashed the following way from TWRP.
lpunpack
tool to extract vendor.img
from super.img
. Should note that you need to unsparse the super.img
using simg2img
first. The resulted vendor.img
is not sparsed and can be directly written via dd
.system_root
and vendor
from TWRP (using ianmacd's TWRP for example).
# cat /etc/fstab
In my case, system_root is /dev/block/dm-0
and vendor is /dev/block/dm-1
.# blockdev --setrw /dev/block/dm-0
# blockdev --setrw /dev/block/dm-1
# dd if=<GSI image here> of=/dev/block/dm-0 bs=1m
# dd if=<vendor image here> of=/dev/block/dm-1 bs=1m
Note that if your GSI image is sparsed you need to first unsparse it via simg2img
. Note that with simg2img
, you can simply pass the target block device as destination to directly write the unsparsed image there. For example:
# simg2img <sparsed GSI image here> /dev/block/dm-0
If nothing went wrong the GSI should boot. However, the GSI will reboot a short while after startup. A few grabs of /proc/last_kmsg
pointed me to issue #1511 as the following logs can be found.
<2>[ 105.308109] I[1: swapper/1: 0] softdog: Initiating panic
<0>[ 105.308167] I[1: swapper/1: 0] Kernel panic - not syncing: Software Watchdog Timer expired 100s
This happened when the GSI is securized (phh-su
and stuffs removed). Before securizing the reboot did not happen. I tested this on v308, but originally observed the issue on another GSI of bvN
variant. So I don't know what is actually responsible of feeding the software watchdog, and that with Magisk alone (without phh-su
) it doesn't work.
Guess a custom kernel with those stock stuffs disabled is necessary now.
EDIT: I tried this trick and it seems to have worked as the system did not appear to have rebooted itself after about 10 minutes.
After entering a root shell (via su
):
# echo 'V' > /dev/watchdog
EDIT 2: This trick indeed works. Now I need to find ways to make the software watchdog disabled on boot.
EDIT 3: It's possible to put the command above into a Magisk module's service.sh
, or a script that its service.sh
would call at some point, to automate the disabling of watchdog so the GSI can work normally.
I'm closing the issue as GSI can be considered usable on this device now, just that one needs Android 10 vendor and there's a watchdog to take care of. Android 10 vendor works even with post-BUC1
stock FW, just that you have to do it from TWRP and can't use Odin.
Anyway, many thanks for helping getting GSIs working. :-)
UPDATE (May 23, 2021): GSI works with Magisk using A10 vendor (preferrably
ATK3
). However, there are some stuffs worth noting when flashing. For details, check recent comments.UPDATE (Apr 10, 2021): v304 can be booted on Android 11 vendor, but without Magisk at the moment. In this case, you need to use the
vbmeta.img
from your current firmware and edit the byte at offset 123 to03h
to disable AVB completely, or you'll fall into the bootloader when using the stock, unmodifiedboot.img
.I can no longer conduct tests with Android Q vendor, because the recent released
T976BXXS2BUC1
build has just set the BIT value to 2 from 1 which effectively blocked the downgrade path completely. So if you're still onT976BXXU1BUBB
or earlier, DO NOT UPGRADE ANY FURTHER if you intend to run it with Android Q vendor!I haven't tested the
gapps
variant, but with avanilla
variant with GApps installed later (via BiTGApps), I got the same "uncertified device" notice that prevents me from logging in to my Google account. Regardless, the issue might be the same as #1784.For now I can only keep looking forward to the progress, though I can still conduct tests whenever needed, as I can still go back and forth between stock and GSI by restoring respective nandroid backups I did with TWRP.
Original Issue:
This device uses dynamic partitioning. I used this script to flash the GSI and I can confirm it works. However, the system cannot boot and keeps rebooting on Samsung logo.
Tried both vndkilte and non-lite, and this is on AOSP v301. Before this release I flashed a few others and they did not work, either.
I don't know if there's any way to look into the problem and figure out what caused the system not to boot...
I'm on ianmacd's latest TWRP, with stock kernel already patched for Magisk. I've also flashed Multi-Disabler as otherwise the device won't boot, since it disables FBE which TWRP currently cannot handle.