FP3 custom rom development based on released source code

k4y0z · January 25, 2020, 11:08pm

On an unlocked device the kernels signature isn’t checked, therefore you can just flash a custom kernel as you wish.
That’s exactly what is happening when flashing Magisk or TWRP (using the twrp-installer) to the device.
They both modify the boot partition.

Installing Magisk actually disables verity so you can modify the system/vendor partitions without breaking it.

Regarding EDL you would typically need a manufacturer signed firehose-programmer.
This is basically sbl1 with the added implementation of the firehose protocol.

The certificate-chain used for verifying sbl1 is apparently using test-certificates ?!:

Subject: C = US, ST = California, L = San Diego, OU = General Use Test Key (for testing 13 only), OU = CDMA Technologies, O = QUALCOMM, CN = QCT Root CA 1
Subject: C = US, ST = CA, L = San Diego, OU = CDMA Technologies, O = QUALCOMM, CN = QUALCOMM Attestation CA
Subject: C = US, CN = SecTools Test User, L = SANDIEGO, O = SecTools, ST = CA, OU = 01 0000000000000000 SW_ID, OU = 02 000BA0E100000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000168 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG

corvuscorax · January 25, 2020, 11:49pm

Do these certificates have expiry dates? One thing test-certificates usually have in common is a very short lifetime. That would kinda suck, if the phone would refuse to boot beyond 2022 or something like that.

How did you extract the certificates? sbl1 strings finds the strings in both sbl1.img and aboot.img

strings also finds debugging symbols in sbl1, source code file names, function names, etc… Oddly enough however objdump claims it’s a stripped binary, that doesn’t add up.

k4y0z · January 25, 2020, 11:57pm

The root CA (which is what matters) expires Dec 13 08:23:22 2038 GMT.
Although I doubt the bootrom actually checks the expiry-date.
What If you had the battery removed, how would it know the current time?

I used binwalk to extract them from sbl1

those may not be debugging symbols, but just prints and similar, although I haven’t looked at sbl1 in detail.

corvuscorax · January 26, 2020, 12:35am

Its possible the ELF header is fake. This isn’t really a file loaded by an OS but an image loaded by the ebl and probably run with a hardcoded start address. I’m surprised they bothered with an ELF header (or something that looks like it) to begin with.

Normally you would extract the raw, headerless binary from the elf with
objcopy -O binary source.elf target.bin
But with the sbl1 that just reports “sbl1 has no sections” - which indicates this isn’t really a valid ELF at all. (Same with aboot)

Linus · January 26, 2020, 3:57pm

This is really great news. Is there any estimate how long it might take until there could be a lineage or other Android without Google? Or is that still unlikely?

Is there anything I could help with? I can only program python and some C++ for Arduino microcontrollers.

I don’t have a Fairphone 3 yet, I would buy one soon, if I knew for sure an OS without google would come. Also to maybe help somehow.

pigpig · January 26, 2020, 5:35pm

Yiha! I have lineage on the FP3! (with gsi)

I used the treble_arm64_bvN image.

Install magisk
Note the slote !
Flash back stock vendor & system, erase userdata

fastboot getvar current-slot
fastboot --set-active={slot with magisk} # if needed
fastboot flash vendor vendor.img # Not sure if needed
fastboot flash system system.img # Not sure if needed
fastboot -w
Flash the gsi on the two slots!

fastboot flash system_a {gsi_image}
fastboot flash system_b {gsi_image}
Reboot and wait

fastboot reboot

~~Note: Can someone try directly from step 3? or only with fastboot -w~~ boot needs to be changed.
Note2: The slots need to have success

fastboot getvar all
[...]
(bootloader) current-slot:a
(bootloader) slot-retry-count:b:6
(bootloader) slot-success:b:Yes
(bootloader) slot-active:b:No
(bootloader) slot-unbootable:b:No
(bootloader) slot-retry-count:a:6
(bootloader) slot-success:a:Yes
(bootloader) slot-active:a:Yes
(bootloader) slot-unbootable:a:No

To get a slot-success=Yes, you have to do : (with stock system)

bootloader --set-active=a
bootloader reboot (go until system)
bootloader --set-active=b
bootloader reboot

Note3 :
To get the navigation bar, as mentionned by @dyd0u,

Maybe we could change it directly in the boot props.

Note4:
Some unwanted packages are still there (because of the way treble works). It is easy to disable/uninstall them.

adb shell pm disable-user --user 0 com.qualcomm.qti.qms.service.telemetry
adb shell pm disable-user --user 0 com.qualcomm.qti.qms.service.connectionsecurity
adb shell pm disable-user --user 0 com.qualcomm.qti.optinoverlay
adb shell pm disable-user --user 0 com.orange.update
adb shell pm disable-user --user 0 com.orange.aura.oobe

sm01man · January 26, 2020, 5:59pm

Thats really cool! I will probably try install it tomorrow and I will let everyone know how it goes here.

smurf · January 26, 2020, 6:13pm

Nice. Is there a newer version of that image? Did you check whether things actually work (GSM, LTE, GPS, camera, power+charge mgmt, whatever)?

pigpig · January 26, 2020, 6:16pm

Here is a list of gsi available :

I just start to test it.
~~For the moment the home, history and back button aren’t here, which is quick anoying ^^~~ Solved

GSM, GPS, cameras, wifi, charging works fine

dyd0u · January 26, 2020, 8:18pm

Thanks to you, I successfully booted Treble LineageOS on my FP3!
I got the navigation bar by using Magisk module MagiskHidePropsConf and setting prop qemu.hw.mainkeys to 0.

basxto · January 27, 2020, 7:44am

That sounds great.
What has to work for official lineageOS support?

Dosenheini · January 27, 2020, 7:55am

Not all heroes wear capes. You are my heroes.

Claymore1297 · January 27, 2020, 8:46am

first of all needs a capable maintainer
And GSI is not “standard” LOS…

oli.sax · January 27, 2020, 9:23am

I’m really impressed of the acceleration this project just took: soon after TWRP, a “generic” LineageOS is already available . Project Treble is definitively a good thing, I remember the months of development for the LOS port for FP2…

What do you mean? Is there some features missing in this Generic System Image? Does working on a dedicated port for FP3 is anyway needed?

EDIT: Awesome work, guys

Dosenheini · January 27, 2020, 9:42am

The GSI contains the full google apps.

Claymore1297 · January 27, 2020, 9:46am

Treble is not always making our lifes easier, especialy if you maintain older devices
Due the fact I don’t own a GSI-capable device - I’m not very experienced with this. But I know no offical supported device on LOS with GSI-images - but maybe someone knows this better
But all official LOS-devices have device-tree+kernel

pigpig · January 27, 2020, 10:28am

Not all GSI. For example the lineage one I mentioned don’t.

Actually, the gsi have their own maintainer. It is easy to do the update from FP ones for other partitions. We just have to do a patch from the FP one witout system and with a patched boot.
The only thing which can be hard to do is a patch for the vendor implementation. And I’m not sure there is any.

The maintain chain is really different from “standard” custom rom : we still need FP support, and the system is done by the gsi maintainer.

Claymore1297 · January 27, 2020, 10:32am

the question was official Lineage-Support - but most people have a weired imagination of “official” support

lklaus · January 27, 2020, 10:48am

As GSI seems to be easier to get it running, anyone tried Bliss-rom already?

pigpig · January 27, 2020, 10:56am

Feel free to try, and let us know! Just follow the same steps

Edit: GSI for BLISS, is an official image