To anyone to whom this is not obvious, it should be noted that TWRP includes adb in root mode. So if you want to have console root on the phone just to snoop around and look at things, the quickest way is:
unlock the bootloader
fastboot boot twrp.img
adb shell
mount system and vendor read only as seen necessary
no flashing or any eeprom modification needed.
Unfortunately the TWRP minimal busybox does not include any wifi drivers or tools, so no networking.
How hard is it to go from TWRP to a minimal ubuntu/debian image? If one places the ubuntu system image within the userdata partition, no flashing of the phone would have to happen (as long as one boots via fastboot and external boot image)
On an unlocked device the kernels signature isn’t checked, therefore you can just flash a custom kernel as you wish.
That’s exactly what is happening when flashing Magisk or TWRP (using the twrp-installer) to the device.
They both modify the boot partition.
Installing Magisk actually disables verity so you can modify the system/vendor partitions without breaking it.
Regarding EDL you would typically need a manufacturer signed firehose-programmer.
This is basically sbl1 with the added implementation of the firehose protocol.
The certificate-chain used for verifying sbl1 is apparently using test-certificates ?!:
Subject: C = US, ST = California, L = San Diego, OU = General Use Test Key (for testing 13 only), OU = CDMA Technologies, O = QUALCOMM, CN = QCT Root CA 1
Subject: C = US, ST = CA, L = San Diego, OU = CDMA Technologies, O = QUALCOMM, CN = QUALCOMM Attestation CA
Subject: C = US, CN = SecTools Test User, L = SANDIEGO, O = SecTools, ST = CA, OU = 01 0000000000000000 SW_ID, OU = 02 000BA0E100000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000168 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG
Do these certificates have expiry dates? One thing test-certificates usually have in common is a very short lifetime. That would kinda suck, if the phone would refuse to boot beyond 2022 or something like that.
How did you extract the certificates? sbl1 strings finds the strings in both sbl1.img and aboot.img
strings also finds debugging symbols in sbl1, source code file names, function names, etc… Oddly enough however objdump claims it’s a stripped binary, that doesn’t add up.
The root CA (which is what matters) expires Dec 13 08:23:22 2038 GMT.
Although I doubt the bootrom actually checks the expiry-date.
What If you had the battery removed, how would it know the current time?
I used binwalk to extract them from sbl1
those may not be debugging symbols, but just prints and similar, although I haven’t looked at sbl1 in detail.
Its possible the ELF header is fake. This isn’t really a file loaded by an OS but an image loaded by the ebl and probably run with a hardcoded start address. I’m surprised they bothered with an ELF header (or something that looks like it) to begin with.
Normally you would extract the raw, headerless binary from the elf with objcopy -O binary source.elf target.bin
But with the sbl1 that just reports “sbl1 has no sections” - which indicates this isn’t really a valid ELF at all. (Same with aboot)
This is really great news. Is there any estimate how long it might take until there could be a lineage or other Android without Google? Or is that still unlikely?
Is there anything I could help with? I can only program python and some C++ for Arduino microcontrollers.
I don’t have a Fairphone 3 yet, I would buy one soon, if I knew for sure an OS without google would come. Also to maybe help somehow.
fastboot getvar current-slot
fastboot --set-active={slot with magisk} # if needed
fastboot flash vendor vendor.img # Not sure if needed
fastboot flash system system.img # Not sure if needed
fastboot -w
Thanks to you, I successfully booted Treble LineageOS on my FP3!
I got the navigation bar by using Magisk module MagiskHidePropsConf and setting prop qemu.hw.mainkeys to 0.
I’m really impressed of the acceleration this project just took: soon after TWRP, a “generic” LineageOS is already available . Project Treble is definitively a good thing, I remember the months of development for the LOS port for FP2…
What do you mean? Is there some features missing in this Generic System Image? Does working on a dedicated port for FP3 is anyway needed?
Treble is not always making our lifes easier, especialy if you maintain older devices
Due the fact I don’t own a GSI-capable device - I’m not very experienced with this. But I know no offical supported device on LOS with GSI-images - but maybe someone knows this better
But all official LOS-devices have device-tree+kernel
Not all GSI. For example the lineage one I mentioned don’t.
Actually, the gsi have their own maintainer. It is easy to do the update from FP ones for other partitions. We just have to do a patch from the FP one witout system and with a patched boot.
The only thing which can be hard to do is a patch for the vendor implementation. And I’m not sure there is any.
The maintain chain is really different from “standard” custom rom : we still need FP support, and the system is done by the gsi maintainer.