FP3 custom rom development based on released source code

As far as I understand it, the zip in the format we have it is not directly flashable because the system partition is too large. @k4y0z overcame that to create a “sparse” image, but while that might install via sideloading I don’t know how to create, unpack or verify that. (I looked into the zip, but couldn’t figure out the file formats)
I can’t make one of those without further documentation, but most likely anyone can make a sparse image from the full image, later.

Edit: found this:


I am using img2simg first to create a sparse image from the ext4 (that’s available as a package in my debian).
Then I use img2sdat to create the dat-files.
and then i pass it through brotli -q 6 (also available in debian) to create the brotli-files.
I do this for system, vendor and product.
The rest of the partitions are straight dd-images.

You can do the reverse process for confirming they result in the same images.

Then update META-INF/com/android/metadata and META-INF/com/google/android/updater-script with the ROM-information.

Should probably create a sript that does all this automatically.


Do you have the source for that update-binary that is used to unpack it all? all other packages I found so far seem to use a shell script in its place.


Should be this one (It’s part of recovery sources):


thanks. I found the source of the weird strings. It’s google’s “brotli”

this is still weird, but at least now I know where the weirdness comes from.


anyone here interested into looking into this?

the FP3’s chipset is supposed to include a radio chip. The driver is in the kernel, but doesn’t show up in dmesg, so it might be a device tree / configuration issue. Since the “chip” is actually an integral part of the system-on-a-chip it might be possible to copy paste the config from another device with the same hardware (linked in linked thread)


I read a lot. but I couldn’t find an answer to: WHAT was the solution in the end? How did you get the kernel running? What was not working?


From https://source.codeaurora.org/quic/la/kernel/lk/tree/platform/msm_shared/avb/libavb/avb_slot_verify.c?h=LA.UM.7.6.2.r1-09200-89xx.0 line 694 :

    AvbSlotVerifyResult sub_ret;
        full_partition_name, ": VERIFICATION_DISABLED bit is set.\n", NULL);
    /* If load_requested_partitions() fail it is always a fatal
     * failure (e.g. ERROR_INVALID_ARGUMENT, ERROR_OOM, etc.) rather
     * than recoverable (e.g. one where result_should_continue()
     * returns true) and we want to convey that error.
    sub_ret = load_requested_partitions(
        ops, requested_partitions, ab_suffix, slot_data);
    if (sub_ret != AVB_SLOT_VERIFY_RESULT_OK) {
      ret = sub_ret;
    goto out;

I guess that’s load_requested_partitions which is broken


the answer is chaos-magic :wink:

1 Like

please elaborate in more detail

1 Like

spell that @k4y0z - magic

@k4y0z managed to get it to work. Main changes:

  1. instead of compiling the kernel using the kernel build scripts, they used an android-build-environment which assembles and packages the kernel, dtb and dtbo containers using the scripts in

in combo with @k4y0z own kernel modifications which in turn are based on @z3ntu kernel modifications of the fairphone released kernel sources which were needed to get the kernel to actually compile, boot in general and with TWRP in particular.

But a big factor was probably using the android build environment instead of kernel make files to package the image with device tree in the way aboot wanted it.

for more details you have to ask the lords of chaos :slight_smile:


Actually using the android build environment ist just way more convenient, when building TWRP.
Im quite certain with my modifications and config it would also work using the build-scripts.

The main things to get it working where enabling (probably only needed for fastboot boot, not when flashing the kernel)
Which got rid of the “dtb not found” error, but requires using an external device tree compiler (DTC_EXT).
And patching the kernel to ignore the skip_initramfs flag the bootloader sets. (So it actually loads the TWRP initramfs instead of booting straight into the OS)
My config also enables the serial console (UART) which was usefull for debugging, but not required for it to work now.


I actually had tried that ( building the overlay with system installed dtb compiler ) but I still had eun into dtb not found, must have been how the dtbo was included unto the boot .img . There is aprox 5 different ways


I tried with @z3ntu a while ago with just that option enabled and built without android environment, and that made the error disappear.
Are you sure you used the Image.gz-dtb?


I am pretty certain. I tried several things:

  1. image.gz-dtb (which is the image.gz with dtb’s concatenated)
  2. image.gz with manually concatenated dtb database created with dtbtool
  3. image.gz with separate dtb in .img - as created with fastboot with --dtb option
  4. image.gz with separate dtbo in .img - as created with fastboot with --dtbo option
  5. the same as 3 and 4 but with dtb database created with dtbtool
    and a few combos with both dtb and dtbo in various combos. i never got past the dtb not found, but its possible i somehow missed the one working solution.
    Since we didn’t know in which form arima aboot expects the dtb(o) we were looking into the serial uart debug outputs, to get some pointers, but you got it working before I could get a 1.8V uart converter put together

I think it needs one of these Image with CONFIG_BUILD_ARM64_DT_OVERLAY=y :slight_smile:


This with CONFIG_BUILD_ARM64_DT_OVERLAY=y is what you need.

We used a 3.3V UART which worked fine (only connected TX and GND of course)


Hi, my FP3 just arrived here today. Is there anything I should do - that would be of help to the rest of you - before I turn it on, downloading OTAs and so on?


Hi, I let the others reply to your question. But I suggest you to do at least the following:

  1. Boot without SIM card and without internet conection
  2. Unlock the bootloader
  3. Boot into fastboot
  4. Boot into TWRP without installing it
  5. Open a shell on your smartphone
  6. Use dd in order to backup the following partitions:
  • aboot_a
  • boot_a
  • cmnlib64_a
  • cmnlib_a
  • devcfg_a
  • dsp_a
  • dtbo_a
  • fsc
  • fsg
  • keymaster_a
  • lksecapp_a
  • mdtp_a
  • modem_a
  • modemst1
  • modemst2
  • product_a
  • rpm_a
  • sbl1_a
  • system_a
  • tz_a
  • vbmeta_a
  • vendor_a
  • DDR
  • apdp
  • config
  • devinfo
  • dip
  • dpo
  • frp
  • keystore
  • limits
  • logdump
  • mcfg
  • misc
  • mota
  • msadp
  • oem
  • persist
  • prodinfo
  • sec
  • splash
  • ssd
  • syscfg

Doing this should guarantee that as long as you are careful to keep your system untouched in at least one of the two slots (you can experiment on the other), you would have a very hard time bricking your phone irreversibly. And if you are unhappy with some update, you should also be able to actually make a real “factory reset” of the phone.

Probably you don’t actually need to backup as much as that, but I preferred to keep on the safe side.