Related
Dears,
I apologize if same kind of topic already exist. I searched but did not find anything.
I want to build my own image for Pixel (sailfish) from AOSP.
I built it and flashed it, but my Pixel is now blocked and reboot continuously.
I would like to know what is wrong in my procedure:
repo init https://android.googlesource.com/platform/manifest -b android-8.0.0_r30
repo sync
Extract binaries from qcom-sailfish-opr3.170623.013-e4997420.tgz and sailfish-opr3.170623.013-factory-bdc49b40.zip
source build/envsetup.sh
lunch aosp_sailfish-userdebug
make
Then to flash:
First flashed official ROM : sailfish-opr3.170623.013
then
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash system_other system_other.img
fastboot flash vendor vendor.img
fastboot flash userdata userdata.img
Did I made something wrong ?
any thanks I advance for your support
Something tells me that if it were that easy, there would be 100s of Oreo roms, not just 1.
If you have TWRP installed you can get a console-ramoops from it.
If you do I am guessing you will be running into this error:
Code:
[ 2.875998] c2 1 init: /system/bin/secilc: Failed to resolve typeattributeset statement at /system/etc/selinux/mapping/26.0.cil:561
[ 2.876026] c2 1 init: /system/bin/secilc: Failed to compile cildb: -2
[ 2.876116] c2 1 init: /system/bin/secilc exited with status 254
[ 2.876159] c2 1 init: panic: rebooting to bootloader
The commits to fix this can be found here:
https://review.carbonrom.org/#/q/topic:stock_vendor
or here:
https://gerrit.omnirom.org/#/q/topic:stock_vendor
thank you, I will try
I finally found a workaround, let me explained.
I am not satisfied, but at least it works...
I downloaded the google factory image corresponding to android-8.0.0_r30 from
https://developers.google.com/android/images
OPR3.170623.013, Nov 2017
Inside there is a zip with .img files
I replaced those files with mine, and used flash-all
Now it works...
the problem is that there are many files, an dI am able to generate/update only few of them...
aboot.img -> ??
android-info.txt -> ok
apdp.img -> ??
boot.img -> ok
bootlocker.img -> ??
cmnlib32.img -> ??
cmnlib64.img -> ??
devcfg.img -> ??
hosd.img -> ??
hyp.img -> ??
keymaster.img -> ??
list.txt -> ??
modem.img -> ??
pmic.img -> ??
ramdisk-recovery.img -> ok
ramdisk.img -> ok
rpm.img -> ??
system.img -> ok
system_other.img -> ok
tz.img -> ??
userdata.img -> ok
vendor.img -> ok
xbl.img -> ??
So, what does your new rom have over the factory versions? 8.1 just dropped a few hrs ago.
I think his mission is learning. Not supplying you with an l33t firmware.
Sent from my Pixel using Tapatalk
maulich said:
I think his mission is learning. Not supplying you with an l33t firmware.
Click to expand...
Click to collapse
Didn't want one. I was genuinely wondering what his customizations were, Stock 8.x on the Pixel, is quite close to AOSP, and now that 8.1 is out with all the bug fixes that 8.0 needed...
I was able to build 8.0.0 for Pixel without issues. Make sure to disable the jack server when building, otherwise you'll likely have errors:
Code:
make ANDROID_COMPILE_WITH_JACK:=false
edit: for 8.1.0 you need to do
Code:
export ANDROID_COMPILE_WITH_JACK=false
before compiling for the option to have an effect
edit: also you should flash the images with fastboot flashall -w
8.1.0 Sources are also available now at android-8.1.0_r1, I'm currently downloading them.
However even with a successful build, there are minor issues I had, see here:
https://forum.xda-developers.com/android/help/compiled-aosp-8-0-0-source-pixel-dialer-t3714890
Hello,
I just realized that when I build the aosp for sailfish, the vendor.img partition is not built.
it uses a prebuilt image, located in
/vendor/google_devices/sailfish/proprietary/vendor.img
Does anybody knows how to generate our own vendor.img file ?
thanks in advance
maulich said:
I think his mission is learning. Not supplying you with an l33t firmware.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
Yes right, mission is learning.
zongojim said:
Hello,
I just realized that when I build the aosp for sailfish, the vendor.img partition is not built.
it uses a prebuilt image, located in
/vendor/google_devices/sailfish/proprietary/vendor.img
Does anybody knows how to generate our own vendor.img file ?
thanks in advance
Click to expand...
Click to collapse
The vendor partition contains proprietary things from the hardware manufacturers, things like device drivers and photo processing for example. Since the source code for those isn't freely available, you cannot build the image yourself.
HeavyHDx said:
The vendor partition contains proprietary things from the hardware manufacturers, things like device drivers and photo processing for example. Since the source code for those isn't freely available, you cannot build the image yourself.
Click to expand...
Click to collapse
yes I know this. But in previous Nexus images, we can use the binaries delivered by Google from:
https://www.google.com/url?sa=t&rct...roid/drivers&usg=AOvVaw314pNmO5TDKaw5H1b3pyYS
Then we could build vendor.img partition including these binaries.
For Pixel, I also retrieved the binaries, and now would like to build the new vendor.img partition.
vendor.img contains other information than only binaries, that I am interested to change (for instance sepolicy files, or init rc files)
Alright, 8.1.0 seems to work perfectly without any crashes this time. I'll sign it real quick and do a bit of testing and then I'll make a thread and upload the ROM.
HeavyHDx said:
Alright, 8.1.0 seems to work perfectly without any crashes this time. I'll sign it real quick and do a bit of testing and then I'll make a thread and upload the ROM.
Click to expand...
Click to collapse
I'm also trying to build AOSP for 8.1.0. However, my ultimate goal would be building it with the new Android GO configuration, any ideas how to approach this?
ka-la said:
I'm also trying to build AOSP for 8.1.0. However, my ultimate goal would be building it with the new Android GO configuration, any ideas how to approach this?
Click to expand...
Click to collapse
No idea, I'm also new to to this all. I discovered that the dialer does crash when making or receiving phone calls, however. I'm currently making my post.
HeavyHDx said:
No idea, I'm also new to to this all. I discovered that the dialer does crash when making or receiving phone calls, however. I'm currently making my post.
Click to expand...
Click to collapse
Did you make... the Dialer app your default Phone app under Settings -> Apps -> Advanced -> Default Apps -> Phone app?
ka-la said:
Did you make... the Dialer app your default Phone app under Settings -> Apps -> Advanced -> Default Apps -> Phone app?
Click to expand...
Click to collapse
Yup.
Thread is up now:
https://forum.xda-developers.com/pixel/development/rom-aosp-8-1-0-sailfish-t3715557
ka-la said:
I'm also trying to build AOSP for 8.1.0. However, my ultimate goal would be building it with the new Android GO configuration, any ideas how to approach this?
Click to expand...
Click to collapse
Man, I'd love to see that. I asked the Nova guys last night if they could enhance their Google Assistant tool to let you pick what app, so I could have it open Google Go (search lite) and I sideloaded YoutubeGo and it works good.
Hi, ran my 8.0.0 AOSP build without issues on the dialer. Have a look at the AOSP fixes which I collected from developers.
https://github.com/GeyerA/device_google_marlin/commit/dd78aff040dccef47ba0a77a84f1bc2b2373c468
Here also the content of aosp_fixes.mk which I kept in the vendor_tree (credit to PureNexusProject).
Code:
# Copyright (C) 2017 The Pure Nexus Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Google property overides
ifeq ($(filter marlin sailfish,$(TARGET_PRODUCT)),)
PRODUCT_PROPERTY_OVERRIDES += \
keyguard.no_require_sim=true \
ro.control_privapp_permissions=enforce \
ro.url.legal=http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html \
ro.url.legal.android_privacy=http://www.google.com/intl/%s/mobile/android/basic/privacy.html \
ro.com.google.clientidbase=android-google \
ro.error.receiver.system.apps=com.google.android.gms \
ro.setupwizard.enterprise_mode=1 \
ro.com.android.dataroaming=false \
ro.atrace.core.services=com.google.android.gms,com.google.android.gms.ui,com.google.android.gms.persistent \
ro.setupwizard.rotation_locked=true \
ro.config.notification_sound=Chime.ogg \
ro.config.alarm_alert=Flow.ogg \
ro.config.ringtone=Zen.ogg
ro.carrier=unknown
endif
I also built the gapps directly with the ROM which might make a difference. Maybe this is of help.... Also, what does logcat say?
Since Xiaomi released source code for kernel, I tried to build it.
https://github.com/Dhoine/android_kernel_cereus
Current status of this - it compiles, boots, but unusable.
Bugs:
Broken bluetooth
Broken wifi
Soft-reboots after some time
Propably, more bugs that remained undiscovered because of reboots.
Tested with miui 9 on cereus 3/32.
--------
You can test builded kernel using this:
GDrive
Use Carliv image Kitchen to repack your rom's boot.img, then flash it via fastboot (UNLOCKED BOOTLOADER REQUIRED). To restore working state after testing, flash stock boot image again.
WARNING
Our kernel uses android regular boot.img format, not MTK.
---------
If you want to build this, any manual for building kernel will fit. I used google's android arm eabi 4.9 toolchain, our arch is arm, defconfig is cereus_defconfig.
For now, I don't have enough time to take a closer look at this (work, university exams), so, any help (last_kmsg, dmesg, pull requests) will be appreciated.
Wait seriously? Does that mean that i can buil LOS rom now? I have my UbuntuVM with whole LOS source code downloaded but i got stuck at no kernel found for cereus. So it might work now(Im extremely new to linux) I'll try to build the rom asap
TanRayCz said:
Wait seriously? Does that mean that i can buil LOS rom now? I have my UbuntuVM with whole LOS source code downloaded but i got stuck at no kernel found for cereus. So it might work now(Im extremely new to linux) I'll try to build the rom asap
Click to expand...
Click to collapse
This kernel for now won't really help with building los. I haven't find any device tree for our SoC (or close). MTK always requre a ton of patches to android sources. But i have reference MTK 9.0 android sources for this SoC - ALPS (can't share, it's probably illegal, but you can find them on 4pda.ru, if you want). It builds on almost unmodified reference device tree, but i haven't tested it on device. First, we need to make this kernel usable.
[email protected] said:
This kernel for now won't really help with building los. I haven't find any device tree for our SoC (or close). MTK always requre a ton of patches to android sources. But i have reference MTK 9.0 android sources for this SoC - ALPS (can't share, it's probably illegal, but you can find them on 4pda.ru, if you want). It builds on almost unmodified reference device tree, but i haven't tested it on device. First, we need to make this kernel usable.
Click to expand...
Click to collapse
This may not really help, but can you try that kernel again after upgrading to MIUI 10.2.4 ?
EDIT : See https://www.kimovil.com/en/list-smartphones-by-processor/mediatek-helio-p22-mt6762 for a list of devices with MT6762. Probably we can check out their trees?
EDIT 2 : It seems like our Redmi 6 is the only device with available kernel source in that list.
EDIT 3 : Try this?
minhducsun2002 said:
EDIT : See https://www.kimovil.com/en/list-smar...lio-p22-mt6762 for a list of devices with MT6762. Probably we can check out their trees?
EDIT 2 : It seems like our Redmi 6 is the only device with available kernel source in that list.
Click to expand...
Click to collapse
Maybe them exists, but I haven't found them.
minhducsun2002 said:
This may not really help, but can you try that kernel again after upgrading to MIUI 10.2.4 ?
---------------------
EDIT 3 : Try this?
Click to expand...
Click to collapse
I finally finished my university exams, so now I have some free time to play with it.
The kernel you link is just forked xiaomi sources merged to linux 4.9 kernel. It shouldn't be buildable at all, since there is the same problem in sources I "fixed" with this.
Probably, this too.
[email protected] said:
I finally finished my university exams, so now I have some free time to play with it.
The kernel you link is just forked xiaomi sources merged to linux 4.9 kernel. It shouldn't be buildable at all, since there is the same problem in sources I "fixed" with this.
Probably, this too.
Click to expand...
Click to collapse
[email protected] said:
Maybe them exists, but I haven't found them.
Click to expand...
Click to collapse
You're right, they're identical.
By the way, I couldn't find any implementation available for our Helio P22; the chipset itself is fairly new, thus not many devices have the source code available.
minhducsun2002 said:
This may not really help, but can you try that kernel again after upgrading to MIUI 10.2.4 ?
Click to expand...
Click to collapse
Ok, i've tested it on latest GS. It seems to work a way better. At least, it doesnt reboot after few seconds of usage. It makes things a lot easier.
Tested a few more things:
-sound - works
-camera (both photo and video) - works
- mobile data - works
- phone calls - work
- dual sim -works
- all sensors work
The only thing i was unable to test is gps. It didn't worked for me, but i was inside 9-floor building near the window to inner corner of building... So idk.
And usb otg - since i don't have adapder.
After this I can tell, that there are only 2 major bugs - wifi and bluetooth.
Maybe gps, fm radio and exfat too. This is modules loading problem, I think (though, there shouldn't be any modules, drivers are marked as built-in in config, but .ko files for them exist in /vendor/lib/modules)
[email protected] said:
Ok, i've tested it on latest GS. It seems to work a way better. At least, it doesnt reboot after few seconds of usage. It makes things a lot easier.
Tested a few more things:
-sound - works
-camera (both photo and video) - works
- mobile data - works
- phone calls - work
- dual sim -works
- all sensors work
The only thing i was unable to test is gps. It didn't worked for me, but i was inside 9-floor building near the window to inner corner of building... So idk.
And usb otg - since i don't have adapder.
After this I can tell, that there are only 2 major bugs - wifi and bluetooth.
Maybe gps, fm radio and exfat too. This is modules loading problem, I think (though, there shouldn't be any modules, drivers are marked as built-in in config, but .ko files for them exist in /vendor/lib/modules)
Click to expand...
Click to collapse
Yeah, Treble definitely makes things easier.
Nevertheless I'm trying to integrate those kernel modules into the compiled zImage - there's no modprobe in Android, sadly.
Adding modules support and disabling modules versions check in config didn't help.
I can't find any source files in kernel sources, from which these modules can be built. Maybe, they are built from separate platform code (they are placed in vendor, so...) Need to download ALPS (brrr, around 50 gb of tar.bz2 archives) to check it.
I've looked into reference mediatek 4.9 kernel sources and found this:
Code:
# Do build-in for Makefile checking
# export CONFIG_WLAN_DRV_BUILD_IN=y
ifeq ($(CONFIG_WLAN_DRV_BUILD_IN),y)
PATH_TO_WMT_DRV = vendor/mediatek/kernel_modules/connectivity/common
PATH_TO_WLAN_CHR_DRV = vendor/mediatek/kernel_modules/connectivity/wlan/adaptor
PATH_TO_WLAN_DRV = vendor/mediatek/kernel_modules/connectivity/wlan/core/gen4m
ABS_PATH_TO_WMT_DRV = $(srctree)/../$(PATH_TO_WMT_DRV)
ABS_PATH_TO_WLAN_CHR_DRV = $(srctree)/../$(PATH_TO_WLAN_CHR_DRV)
ABS_PATH_TO_WLAN_DRV = $(srctree)/../$(PATH_TO_WLAN_DRV)
# check wlan driver folder
ifeq (,$(wildcard $(ABS_PATH_TO_WMT_DRV)))
$(error $(ABS_PATH_TO_WMT_DRV) is not existed)
endif
ifeq (,$(wildcard $(ABS_PATH_TO_WLAN_CHR_DRV)))
$(error $(ABS_PATH_TO_WLAN_CHR_DRV) is not existed)
endif
ifeq (,$(wildcard $(ABS_PATH_TO_WLAN_DRV)))
$(error $(ABS_PATH_TO_WLAN_DRV) is not existed)
endif
$(warning symbolic link to $(PATH_TO_WMT_DRV))
$(warning symbolic link to $(PATH_TO_WLAN_CHR_DRV))
$(warning symbolic link to $(PATH_TO_WLAN_DRV))
$(shell unlink $(srctree)/$(src)/wmt_drv)
$(shell unlink $(srctree)/$(src)/wmt_chrdev_wifi)
$(shell unlink $(srctree)/$(src)/wlan_drv_gen4m)
$(shell ln -s $(ABS_PATH_TO_WMT_DRV) $(srctree)/$(src)/wmt_drv)
$(shell ln -s $(ABS_PATH_TO_WLAN_CHR_DRV) $(srctree)/$(src)/wmt_chrdev_wifi)
$(shell ln -s $(ABS_PATH_TO_WLAN_DRV) $(srctree)/$(src)/wlan_drv_gen4m)
# for gen4m options
export CONFIG_MTK_COMBO_WIFI_HIF=axi
export MTK_COMBO_CHIP=CONNAC
export WLAN_CHIP_ID=6765
export MTK_ANDROID_WMT=y
# Do build-in for xxx.c checking
subdir-ccflags-y += -D MTK_WCN_REMOVE_KERNEL_MODULE
subdir-ccflags-y += -D MTK_WCN_BUILT_IN_DRIVER
obj-y += wmt_drv/
obj-y += wmt_chrdev_wifi/
obj-y += wlan_drv_gen4m/
endif
No such code in xiaomi's source. And this prooves my words: these modules CAN BE BUILT IN and SOURCES FOR THEM ARE IN ALPS. I have to download this ton of ****...
-------
I tried to backpors drivers from 9.0 - no success. It compiles,but doesn't boot. I tried to hack modules loading - no success too.
[email protected] said:
Adding modules support and disabling modules versions check in config didn't help.
I can't find any source files in kernel sources, from which these modules can be built. Maybe, they are built from separate platform code (they are placed in vendor, so...) Need to download ALPS (brrr, around 50 gb of tar.bz2 archives) to check it.
Click to expand...
Click to collapse
Most of the time those binaries are not open-source (you probably know vendor blobs for Google devices are too, but that is a different story). Nevertheless I don't really get why kernel modules are placed in
Code:
/vendor
- after all, mobile devices don't have hot-plugging hardware that requires dynamic LKM loading, why do they separate them out?
I'll attempt to crawl the web for those sources while waiting for Mi Unlock to allow my device being unlocked (the waiting period sucks).
[email protected] said:
I've looked into reference mediatek 4.9 kernel sources and found this:
No such code in xiaomi's source. And this prooves my words: these modules CAN BE BUILT IN and SOURCES FOR THEM ARE IN ALPS. I have to download this ton of ****...
-------
I tried to backpors drivers from 9.0 - no success. It compiles,but doesn't boot. I tried to hack modules loading - no success too.
Click to expand...
Click to collapse
1. Backports? How?
2. In which file did you got those lines?
3. Indeed those modules' source are removed from our tree - if you have the link, I don't really mind having another 50GB occupied on my PC to get those source code.
minhducsun2002 said:
1. Backports? How?
2. Indeed those modules' source are removed from our tree - if you have the link, I don't really mind having another 50GB occupied on my PC to get those source code.
Because attached below is the existence of the modules. /shrug
Click to expand...
Click to collapse
I already said that i have leaked mtk alps 9.0 sources These modules have sources, they are not prebuilt. I managed to built in them, but kernel doesn't boot at all after that. And i can't take any logs because the system dies before adb init.
Ok, after one little, but very cruel hack modules are fixed. Enjoy testing the kernel.
https://drive.google.com/open?id=1Z3p2fAWOZFyp045QMNV6vhLZvj9ZZPSY
[email protected] said:
Ok, after one little, but very cruel hack modules are fixed. Enjoy testing the kernel.
Click to expand...
Click to collapse
does it work well?
Lonewolf_1210 said:
does it work well?
Click to expand...
Click to collapse
Users from 4pda reported it fully working.
---------------------
Soon will be build with usb network adapters support enabled (requested by romanxdream from 4pda).
P.S. I'm not adding everything requested to kernel. But this was only config modification.
-------
I don't check xda often, so there can be a huge delay in my responses.
[email protected] said:
Users from 4pda reported it fully working.
---------------------
Soon will be build with usb network adapters support enabled (requested by romanxdream from 4pda).
P.S. I'm not adding everything requested to kernel. But this was only config modification.
-------
I don't check xda often, so there can be a huge delay in my responses.
Click to expand...
Click to collapse
Great job then, hope for a custom rom coming soon
Ok, download link to all versions. I'll edit the first post later.
https://drive.google.com/open?id=1yEZRS8L8bPgkk58tT5Uv2b-vsLqk7aql
Should we make a telegram group for this?
Specifications:
Phone: ASUS ROG 1
Model Number: ASUS_Z01QD
Android version : 8.1.0
Firmware: WW-15.1630.1907.98
Kernel Version: 4.9.65-perf
I have an ASUS ROG 1 Phone. It came with Android 8.1 and firware version WW-15.1630.1907.98. I took the kernel source code from ASUS site. Source code version: <new user on XDA hence unable to post the src code link.>
Was able to build successfully and flash to the phone. Rooted the phone following to that. The problem is that the wifi wasnt working after flashing the new kernel .
1. I checked the modules loaded lsod, from adb and it didnt show the wil6210.ko loaded.
2. I tried insmod /modprobe wil6210.ko and was constantly getting the following errors:
a. disagrees about version of symbol module_layout android kernel
b. required key not available .
c. No such file or directory.
3. I tried building the kernel with the SIG flags disabled in the .config file and flashed to the phone. Yet ended up getting errors like no such file or directory and required key not available.
Any help will be really appreciated.
@nathanchance
You need to rebuild the Wi-Fi module against the source that you compiled then flash it. Alternatively, you can try building the Wi-Fi source into the kernel image but that is usually broken or you can force the module to load by whitelisting it in kernel/module.c (there are commits floating around that allow this) but it can open up a security vulnerability.
nathanchance said:
You need to rebuild the Wi-Fi module against the source that you compiled then flash it. Alternatively, you can try building the Wi-Fi source into the kernel image but that is usually broken or you can force the module to load by whitelisting it in kernel/module.c (there are commits floating around that allow this) but it can open up a security vulnerability.
Click to expand...
Click to collapse
Thanks for your reply.
The source code I downloaded from the ASUS website, the wifi module code was a part of it. So whille building the kernel the module <wil6210.ko> also got built along with it.
So the wifi module did get built against the same source.
Hello, can someone give me a hint, howto build Lineage (based on the work of @SyberHexen) on my own?
I think the most work is done, but I wan't to dig a bit deeper into it.
I know there are several guides, specific to one device but I don't know how to include the sources of SyberHexen.
Thanks!
Setup your build environment with Java and all the required packages. Setup repo and grab the source code. Clone the device, kernel and vendor trees. Go through the steps to initialize your build system then build the ROM.
What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 19.1 suitable for using to re-lock the bootloader on a Google Pixel 5
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 19.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 20.04 installation, if you are using Windows or another Linux distro, the commands may be different or not work at all.
Supported devices:
The following devices have been tested and confirmed to work:
OnePlus 5T (dumpling)
OnePlus 6 (enchilada)
OnePlus 6T (fajita)
OnePlus 7 (guacamoleb)
OnePlus 7 Pro (guacamole)
Google Pixel 4 (flame)
Google Pixel 5 (redfin)
Note: As of OxygenOS 12, OnePlus no longer supports bootloader relocking with custom keys, as such, any OnePlus device that receives official Android 12 and has LineageOS 19.1 based on it (which include the 8/8T/9 models) cannot be supported.
For simplicities sake, all further references will only be to the Google Pixel 5 (redfin).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 19.1 (recommended 8 cores, 32g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 19.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki (https://wiki.lineageos.org/devices/redfin/build) for details on how to complete these tasks
if you have generated your signing keys at some significant time in the past, you may have generated 2048 bit keys. 4096 bit keys are now supported and recommended, so you may want to generate new keys for LineageOS 19.1. If you decided to continue to use the 2048 bit keys make sure to make the appropriate changes in step 2 and 3 below.
signing with keys that have passwords set can cause problems, the easiest way around this is to *not* set a password when you generate your signing keys, however this does add risk that if your key files are stolen, no password is required to use them.
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/.android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/redfin
mkdir ~/android/redfin/patches
mkdir ~/android/redfin/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message (this may no longer be required).
Step 2: Update the signing keys to use & enable AVB
The Pixel 5 device files are mostly contained in the shared "redbull" device for the Pixel 5 and 5 Pro. You will need to add a few parameters to the shared make file found here: ~/android/lineageos/device/google/redbull/BoardConfigLineage.mk, they are:
Code:
BOARD_AVB_ALGORITHM := SHA256_RSA4096
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/device/google/redbull
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/' BoardConfigLineage.mk
Step 3: Set the AVB key to use
To set the correct signing key to use for AVB, do the following:
Code:
cd ~/android/lineageos/device/google/redbull
sed -i 's/external\/avb\/test\/data\/testkey_rsa2048.pem/\/home\/<userid>\/.android-certs\/releasekey.key/' BoardConfig-common.mk
sed -i 's/SHA256_RSA2048/SHA256_RSA4096/' BoardConfig-common.mk
Don't forget to replace your <userid> in the first sed command above with your current logged in user id.
Step 4: Patch the AOSP and Device Makefile
You also need to patch the Makefile included with AOSP as it will otherwise fail during the build.
The required patch can be found here:
https://raw.githubusercontent.com/Wunderment/build_tasks/master/source/core_Makefile-19.1.patch
Download it and store in ~/android/redfin/patches.
Now apply it with the following command:
Code:
cd ~/android/lineageos/build/core
patch Makefile ~/android/redfin/patches/core-Makefile-fix-19.1.patch
If you would like to know more about this patch, see the additional info at the bottom of this post.
Step 5: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
breakfast redfin
croot
mka target-files-package otatools
Step 6: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Step 7: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-19.1-[date]-UNOFFICIAL-redfin-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 8: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/redfin/pkmd/pkmd.bin
Note: if you don't have a releasekey.key file in your certificate directory, use the following command to generate one:
Code:
openssl pkcs8 -in releasekey.pk8 -inform DER -out releasekey.key -nocrypt
Step 9: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer. Or, if you want to use the recovery that was just created, it is located in ~/android/lineageos/out/target/product/redfin and is called vendor_boot.img.
Reboot your phone in to recovery mode
In LineageOS Recovery return to the main menu and select "Apply update", then "Apply from ADB".
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-19.1-[date]-UNOFFICIAL-redfin-signed.zip
When the sideload is complete, reboot into LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously, it's best to do so anyway. In LineageOS Recovery return to the main menu and select "Factory reset", then "Format data/factory reset", then confirm with "Format data".
Step 10: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/redfin/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot flashing lock
On your phone, confirm you want to re-lock and it will reboot
Note: If you have already flashed a custom avb key you must erase it before flashing the new one, use "fastboot erase avb_custom_key" to do so.
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 11: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 12: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files as well as give you root shell access through ADB. Step 3/4 above protects your system/vendor/boot/dtbo/etc. partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous builds/versions of LineageOS. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
The above build will not include other items like GAPPS or Magisk. Those are outside the scope of this tutorial.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the AOSP Makefile may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the file to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
You can! See https://forum.xda-developers.com/t/...ustom-rom-such-as-lineageos-official.4260825/ for more details.
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo/etc. partitions stored in vbmeta. Official LineageOS builds for redfin do include the vendor.img in them along with everything else that is needed, however that is not true for all phones.
An "issue" that might stop someone from using the official redfin builds is that AVB is enabled in the official LineageOS builds but does not validate the hash trees during boot which limits the protection offered.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message and then the standard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what does that patch to the Makefile do?
AOSP's default Makefile makes an assumption that when AVB is enabled, that all the img files will be available well before vbmeta.img is created. This is simply NOT true and AOSP seems to know this as well from the following comment in the Makefile:
Code:
# Not using INSTALLED_VBMETA_SYSTEMIMAGE_TARGET as it won't be set yet.
ifdef BOARD_AVB_VBMETA_SYSTEM
$(eval $(call check-and-set-avb-args,vbmeta_system))
endif
ifdef BOARD_AVB_VBMETA_VENDOR
$(eval $(call check-and-set-avb-args,vbmeta_vendor))
endif
These two calls eventual evaluate to returning the path to the partitions based upon the INSTALLED_*IMAGE_TARGET variable, which isn't created until later in the build process.
Because of this, the command to build vbmeta.img gets corrupted due to the missing make variable being empty and an invalid command line is passed to avbtool near the end of the build.
The corruption happens due to the fact that the following line from the original Makefile:
Code:
--include_descriptors_from_image $(call images-for-partitions,$(1))))))
Gets added to the avbtool call even if "$(call images-for-partitions,$(1))" turns out to be an empty string. Avbtool then throws an error message as it is expecting a parameter after the "--include_descriptors_from_image" flag that is added for the "empty" partition path.
The fix is to call "$(call images-for-partitions,$(1))" earlier, set it to a variable and check to make sure it isn't an empty string before letting the "--include_descriptors_from_image" be added to the avbtool command line to be used later.
This technically generates an incomplete vbmeta.img file during the build process, but since the signing process recreates it from scratch anyway; no harm, no foul.
Thank-Yous
Obviously to all of the members of the LineageOS team!
aleasto & mikeioannina for supporting redfin
optimumpro for the OnePlus 5/5t re-locking guide which inspired this one
Quark.23 for helping with the process and testing on enchilada
Related guides
OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299)
Re-locking the bootloader with a pre-built custom ROM, such as LineageOS official (https://forum.xda-developers.com/t/...ustom-rom-such-as-lineageos-official.4260825/)
Re-locking the bootloader on the OnePlus 6t with a self-signed build of LOS 17.1 (https://forum.xda-developers.com/t/...s-6t-with-a-self-signed-build-of-los.4113743/)
Re-locking the bootloader on the OnePlus 8t with a self-signed build of LOS 18.1 (https://forum.xda-developers.com/t/...with-a-self-signed-build-of-los-18-1.4259409/)
A discussion about bootloader locking/unlocking... AKA I want to relock my bootloader, should I? (over on [reddit]/ r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/) (link broken on purpose to avoid the linked post being embedded here)
Thank you for your guides on bootloader relocking. They have helped to enable bootloader relocking on other devices.
After "all further references will only be to the Google Pixel 5 (redfin)" but before the "Thank-Yous", there are a few (typos?) that refer to the oneplus. In particular, beneath "Other things" and "under what messages do I see during the boot process then?"
HTH
If anyone is interested, I made a tool to automate all this using Hetzner Cloud. This tool's client can pretty much run on anything, including android itself on Termux(since it's a terminal app). You can make the tool upload the finished builds to your private repo so no need to worry about letters from Google for using GAPPS.
Bash:
wget -O ham "https://github.com/antony-jr/ham/releases/download/stable/ham-linux-amd64"
chmod a+x ham
./ham init # Init with your Hetzner Cloud API (Only Once)
./ham get [email protected]/enchilada-los19.1:gapps
# Without gapps
./ham get [email protected]/enchilada-los19.1
# You can close the terminal app after it starts tracking remote build
# the build continues to run on the cloud until finishes or errors out,
# in both cases the server destroys itself to save you a lot of cost.
# It cost me 0.30 euros for single build which ran for about 3 hours.
Thanks for the OP though, I copied a lot of scripts from WundermintOS.
Now the output of the build can be flashed like the OP described for OnePlus 6 and the pkmd.bin file will be included in the recovery zip file along with the boot/recovery image. The tool will ask you question before it starts the build for the variables, like the path to Android Certs in a zip file which will be used for signing.
For anyone that is interested, I've posted an updated guide for LineageOS 20.0 on the Pixel 6 here.