Hello!
I have been following annual Google I/O 2017 and heard about all the benefits of Google's Project Treble.
I cannot help but wonder how are developers (for example here at XDA) able to create custom roms or unofficial Android updates. Why Google can't make official Android Nougat update for Nexus 7 2013, but you here at XDA can. What is different between your work and Google's when it comes to these things, as far as neither has access to hardware manufacturer's code support.
I have to say I am not a professional software developer, so I understand if this topic is beyond my comprehension.
Thank you!
"Why Google can't make official Android Nougat update for Nexus 7 2013"
Planned obsolescence.
"neither has access to hardware manufacturer's code support"
Google is obliged to release kernel source code because Linux(the kernel powering Android) is released under the GPL. The kernel is responsible for letting Android "talk" to the hardware. Developers at XDA can then modify the open-source kernel to "fit" newer versions of Android.
I'd like to chime in on this.
Let's use the Nexus 7 2013 as an example. The difference between what an official build of Nougat from Google would be and what a build of Nougat from XDA is that the Google released one will have updated devices drivers that are made specifically for Nougat, while the XDA released one simply uses the older device drivers and hope they work. In some cases they work flawlessly (mostly on Nexus devices), however other times there are things that don't work so they either need to be disabled or worked around. So essentially a Google released OS has everything updated and tested to work with the new OS, while XDA releases are more 'hacked' together to work (simply because the device drivers aren't Open Source). Google may not have access to the hardware drivers, but they still get them updated.
Now let's touch on Project Treble (and why I am so excited about it). Instead of each and every device driver needing to be upgraded and tested for each new OS version, the OS version will specify which version of the drivers (HAL's) will work with the OS. This means there will be a separate space where all the device drivers will reside, and the OS will simply load those when booting (no more proprietary binary blobs to include in the ROM! hopefully...).
This means on any Project Treble compatible device (all phones that ship with Oreo, and some that update to Oreo) with an unlocked bootloader, a user can simply compile AOSP and flash it directly to the device with no modifications and have the device work. I believe this is actually a requirement to pass Google's certification process for new devices with Oreo. That means, say, with the LG v30 if the bootloader is unlocked, there can be an AOSP ROM on day one of its release.
So instead of Android being strictly a per device compile, it is just a general compile (sans device specific features). However, this doesn't remove the old driver issue. If the drivers in their respective partition no longer are updated by the manufacturer, the later AOSP code will need to be modified to work around these (and accept them). This is still easier in my opinion than the binary blobs.
As for official updates, Project Treble allows device hardware manufacturers to work on updating the device drivers while the OS Dev (Samsung, etc) works on updating their OS. So it is a parallel development instead of a serial one (hardware AND os instead of hardware THEN os).
A question.
Do the Nexus 5X devices have the Treble system or project incorporated with Oreo?
I do not understand the other manufacturers that cheaper excuses are giving, it is true that they are not obliged but I think it would be good practice, maybe they think as before that you will not buy them a phone.
Does someone make a Change.org or similar campaign to ask all Android manufacturers to make a minimum effort?
This is unofficial lineageos 16 for Motorola Clark. It is only compatible with nougat firmware - you must have the nougat bootloader and modem flashed on your device.
Tons of thanks to hashbang for all of his work
Kernel Source-
https://github.com/randomblame/android_kernel_motorola_msm8992
Device tree-
https://github.com/randomblame/android_device_motorola_clark
Current status of rom-
Daily Driver
Broken-
Camera post processing- rotation is not accounted for in hal with latest round of hacks credit to AgathosAnthropos for fixing image capture by disabling the calls to pp, hold device in landscape for photos
Tethering - it works but device will soft reboot when tethering stops
Dual sim variants are NOT supported! I do not have the hardware to test and fix at this time - bugreports appreciated
Working - everything else?
Try it yourself (Requires Nougat Firmware and as always wipe data+cache)
Latest Releases:
1/12/2020 https://www.androidfilehost.com/?fid=4349826312261700035
8/1/2019 https://www.androidfilehost.com/?fid=6006931924117928331
Don't forget to grab a compatible version of gapps for 9.0
https://opengapps.org
Once again this rom REQUIRES that the stock nougat firmware was properly flashed to work correctly... It will check before installation that you have the correct modem version installed.
*If your radio does not work you may have the wrong modem
*If you can not switch lockscreen to pin or pattern you may have the wrong modem.
*Modem flashes fail quietly sometimes please make sure you have properly flashed it before reporting issues.
Great! [emoji6]
Enviado desde mi Nexus 5X mediante Tapatalk
I'll be happy to test once there is a working rom
I've been updating op, it seems to just be getting shorter as I fix things. The rom now compiles with default manifest only needs device tree and kernel source now. something is failing quietly and preventing boot. I'm just working the problem slowly getting it sorted out.
Can't wait to see more from this
We wait impatiently.
Spent a couple more hours going through init narrowing it down failure happens just before zygote startsI currently have my pure propped up in charging position so I can work more on it it's had a hard life
Thank You so much
randomblame said:
I've been updating op, it seems to just be getting shorter as I fix things. The rom now compiles with default manifest only needs device tree and kernel source now. something is failing quietly and preventing boot. I'm just working the problem slowly getting it sorted out.
Click to expand...
Click to collapse
I have been searching and search for lineage OS roms for my XT1575 but the bootloader is Ax052 which is not supported by 14.1 Lineage. I Hope you find a fix for this.
Moto X Pure XT1575 said:
I have been searching and search for lineage OS roms for my XT1575 but the bootloader is Ax052 which is not supported by 14.1 Lineage. I Hope you find a fix for this.
Click to expand...
Click to collapse
Hi, I have the Lineague 14.2 installed. What I did to eliminate the bootloader check was to edit the uptader-script
Fixing error caused by missing taskstats kernel feature
Hi randomblame,
A quick review please, could you tell us the intended purpose of your project.
Meaning like I'm thinking it's for a "Moto X Pure 2015 (clark)" device isn't it?
Would that be for everyone on this XT1575 device which has upgraded to a stock Nougat kernel and modem?
Or could/would others benefit from it as well with your research here - other moto's?
Any and all answers - thoughts are welcome in understanding the project...
Thanks for the lady power on XDA,
RIF
This device can have a new future. Think about it !
I will look into bootloader incompatibility once I get it running seems like it shouldn't be a big deal. I'm also toying with the idea of a new kernel 3.18 seems like low hanging fruit considering Motorola was kind enough to give us good searchable git history on GitHub of both kernels and the 3.18 source for the Moto z seems to have most of the msm8992 support still. My next step is going to be a new device tree starting as bare bones as possible and populating it properly to figure out this issue. I'll throw up a PayPal link again later a less broken device would be helpful USB port is bad and this is probably the fourth screen I've installed on it but touch only works when it feels like it lol
randomblame said:
I will look into bootloader incompatibility once I get it running seems like it shouldn't be a big deal. I'm also toying with the idea of a new kernel 3.18 seems like low hanging fruit considering Motorola was kind enough to give us good searchable git history on GitHub of both kernels and the 3.18 source for the Moto z seems to have most of the msm8992 support still. My next step is going to be a new device tree starting as bare bones as possible and populating it properly to figure out this issue. I'll throw up a PayPal link again later a less broken device would be helpful USB port is bad and this is probably the fourth screen I've installed on it but touch only works when it feels like it lol
Click to expand...
Click to collapse
I'm trying to follow along with your posts best as is possible for me - but, so sorry I and as well many others are lame to understand the under-the-hood workings of Android.
Are you saying in such a way that the Moto Pure XT1575, will maybe and with your research efforts move forward to a true PIE OS possibly?
Maybe I'm reading to much into your words.
But, as I follow your posts, you'll advance us Pure device owners beyond the Nougat kernel - or at least try too?
Or yet with your efforts will this yield something like HashBang did for the XT1575 device when a Nougat OS wasn't even a thought of possibility from Motorola for us.
Back then, HashBang had worked the Nougat OS on the Marshmallow kernel and modem - I'm very green to all of this - but that's what I understood.
Still that's good none the less if that will come here from you with PIE on Nougat internals...
Beings Motorola support is dead for our device for anything future of an OS update - not to mention security patches.
If you would spell it out better as any interested XT1575 owners now could grasp the concept here in your efforts - create a buzz for a greater community following. More MXP owners to jump on board as gained support from well wishers.
Is it to early yet for that? Is there a fear that someone could steal it out from under you? Unexpected negativity, or is it just the way you wish to present this to us for the present.
I'm still going to watch and support this project with high hopes no matter what may come in the end...
Could you benefit knowledge from a LineageOS 16 for Moto Z. download?
https://www.cyanogenmods.org/forums/topic/download-moto-z-lineage-os-16-android-9/
For people like me,
Device Tree = https://source.android.com/devices/architecture/dto
and on XDA
https://forum.xda-developers.com/android/software/guide-how-to-make-device-tree-phone-t3698419
As for any active developers still left for the XT1575 a big thank you to you all, seems to me like a daunting task to crawl inside of android moreless understand things once your there...
Kernels are only loosly linked to Android versions, Google maintains the Android-common kernel repos which are usually quite far behind mainline Linux, and caf who maintains Qualcomm specific kernels are further behind in general. Literallyany feature required by Android can be backported to an old kernel I'm sure 2.6.27 could run pie but it would need so many patches it would be an unrecognizable mess. It will become progressively more of a nuisance as time goes on to keep patching up 3.10 Pie "requires" 4.4 for new devices but only needs kernel features from 3.18 which I've backported to 3.10. with each new version of Android more assumptions are made about how modern the devices kernel is and what features it has so moving to a newer kernel would be nice and like I said 3.18 seems doable but it will still be quite a bit of work.
Thank you @randomblame I was able to grasp most of that...
Maybe it's too early but, how does Googles Android security patches figure into this - if they are possible to bring us forth from Oct 2017?
Remembering I'm a laymen to the nuts and bolts of android.
I understand your post #16 - Super !
Security patch version is irrelevant when you are building from the latest source
Obnoxiously after a few builds the dedicated 250gb SSD is full and I have to make clean which takes ages, I nooped every thing but the basics didn't include telephony or wifi, ril, audio, Bluetooth GPS nfc etc and left it to build overnight will test after work trying to narrow down the problem
Surface flinger is the culprit
I have the device laying around and getting no use. Will sure donate some $$$. Seeing a los16 with all working hardware would be great.
Only got a couple hours to work on it this weekend, there is an issue where /system/vendor is not symlinked to /vendor early enough and calls for things in /vendor fail thus the issue, since we don't have a physical /vendor partition it can not be mounted immediately via the kernel. Tis annoying. I can change the calls to /system/vendor or maybe make it symlinked earlier when I get a chance
Magisk Patched Unofficial GrapheneOS for the Pixel 6 / 6 Pro (oriole/raven)
This ROM will allow you to lock the boot loader. Do not ever disable the OEM unlocking checkbox when using a locked bootloader with root.
This is critically important. With root access, it is possible to corrupt the running system, for example by zeroing out the boot partition.
In this scenario, if the checkbox is turned off, both the OS and recovery mode will be made unbootable and fastboot flashing unlock will not be allowed.
This effectively renders the device hard bricked.
I am not responsible for any harm you may do to your device, follow at your own risk etc etc, Rooting your device can potentially introduce security flaws, I am not claiming this to be secure. If you would like to have more security and peace of mind then I highly recommend you follow This Guide to build this rom using your own encryption keys.
GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. It was founded in 2014 and was formerly known as CopperheadOS.
The features page provides an overview of the substantial privacy and security improvements added by GrapheneOS to the Android Open Source Project (AOSP). Many of the past features were contributed to AOSP, Linux and other projects to improve privacy and security for billions of users so they're no longer listed on the features page.
More info:
Official releases are available on the releases page (Not Magisk Patched) and installation instructions are on the install page.
GrapheneOS also develops various apps and services with a focus on privacy and security. Vanadium is a hardened variant of the Chromium browser and WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal security-focused PDF Viewer, our hardware-based Auditor app / attestation service providing local and remote verification of devices, our modern privacy / security focused camera app, and the externally developed Seedvault encrypted backup which was initially developed for inclusion in GrapheneOS.
No Google apps or services​GrapheneOS will never include either Google Play services or another implementation of Google services like microG. It's possible to install Play services as a set of fully sandboxed apps without special privileges via our sandboxed Google Play compatibility layer. See the FAQ section for more details on our plans for filling in the gaps from not shipping Play services and Google apps.
Installation Instructions: Fashing-factory-image
Locking the bootloader is Optional but does increase the device security Locking-the-bootloader
Update Instructions: simply follow these instructions Updates-sideloading to sideload the latest patched OTA update package (You can update from any previous version if using full ota update)
Android OS Version: 13
Current Version: See Post #2
Download: See Post #2
Sources: GrapheneOS - AVBRoot - Magisk - Patch Guide
PayPal Donation Link
Builds for Pixel 6 (Oriole)
Magisk-Patched GrapheneOS Factory Install Build
Full system install builds for clean and new installs
Build based on release#2023061402 (2023-06-14)
SourceForge_Download
Build based on release#2023050100 (2023-05-01)
SourceForge_Download
Build based on release#2023041100 (2023-04-11)
SourceForge_Download
Build based on release#2023032000 (2023-03-20)
SourceForge_Download
Build based on release#2023022300 (2023-02-23)
SourceForge_Download
Build based on release#2023020600 (2023-02-06)
SourceForge_Download
Build based on release#2023020200 (2023-02-02)
SourceForge_Download
Build based on release#2023012500 (2023-01-25)
SourceForge_Download
Build based on release#2023011000 (2023-01-10)
SourceForge_Download
Build based on release#2023010300 (2023-01-03)
SourceForge_Download | 1fichier_Download
Build based on release#2022122000 (2022-12-20)
Anonfiles Download | 1fichier Download
Build based on release#2022121400 (2022-12-14)
Anonfiles Download | 1fichier Download
Build based on release#2022121100 (2022-12-11)
Anonfiles Download | 1fichier Download
Build based on release#2022120300 (2022-12-03)
Anonfiles Download | 1fichier Download
Build based on release#2022113000 (2022-11-30)
Anonfiles Download
Build based on release#2022112500 (2022-11-25)
Anonfiles Download
Click to expand...
Click to collapse
Magisk Patched OTA Update packages
Full OTA Builds will let you update from any older version
Patched OTA based on release#2023061402 (2023-06-14)
SourceForge_Download
Patched OTA based on release#2023050100 (2023-05-01)
SourceForge_Download
Patched OTA based on release#2023041100 (2023-04-11)
SourceForge_Download
Patched OTA based on release#2023032000 (2023-03-20)
SourceForge_Download
Patched OTA based on release#2023022300 (2023-02-23)
SourceForge_Download
Patched OTA based on release#2023020600 (2023-02-06)
SourceForge_Download
Patched OTA based on release#2023020200 (2023-02-02)
SourceForge_Download
Patched OTA based on release#2023012500 (2023-01-25)
SourceForge_Download
Patched OTA based on release#2023011000 (2023-01-10)
SourceForge_Download
Patched OTA based on release#2023010300 (2023-01-03)
Anonfiles Download | SourceForge_Download | 1fichier Download
Patched OTA based on release#2022122000 (2022-12-20)
Anonfiles Download | 1fichier Download
Patched OTA based on release#2022121400 (2022-12-14)
Anonfiles Download | 1fichier Download
Patched OTA based on release#2022121100 (2022-12-11)
Anonfiles Download | 1fichier Download
Patched OTA based on release#2022120300 (2022-12-03)
Anonfiles Download | 1fichier Download
Patched OTA based on release#2022113000 (2022-11-30)
Anonfiles Download
Patched OTA based on release#2022112500 (2022-11-25)
Anonfiles Download
Click to expand...
Click to collapse
Builds for Pixel 6 Pro (Raven)
Always do a backup of your data before flashing any updates, just in case.
I make no promises that this works or that I will provide regular updates. I will attempt to provide updates when they are available and I have time, you may have issues with this rom, you could lose your data or brick your device (although it's very unlikely if you follow the instructions and use common sense)
#reserved
Thanks for this!
New Release #2022120300
Changes since the 2022113000 release:
kernel (Pixel 4, Pixel 4 XL, Pixel 4a): add back our change enabling ARM64_SSBD now that upstream issues with it are resolved for this branch
Sandboxed Google Play compatibility layer: avoid chain crash of GmsCompat app following process death from OOM killer, etc.
Vanadium: update Chromium base to 108.0.5359.79
kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.76
kernel (Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro, Generic 5.10, Generic 5.15): update to latest GKI LTS branch revision
kernel (Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro): update Mali GPU driver to r37p0 (current release is r41p0 but there are substantial changes to the driver for the Tensor SoC on Pixels and it will take substantial work to upgrade all the way)
remove broken, obsolete upstream code causing install permissions defined by user install apps not being automatically granted for user installed apps installed before the app defining the permissions unless the app is reinstalled
Messaging: update MMS configuration database based on Google Messages 20221115_01_RC01
Dialer: update visual voicemail (VVM) configuration database based on Google Phone 90.0.477356402
Dialer: adjust VVM configuration database entries for compatibility with AOSP
Click to expand...
Click to collapse
Download in Post #2
does the full system install include the android 13 boot loader? if someone was still on A12 should they do a full oem update first?
nutzfreelance said:
does the full system install include the android 13 boot loader? if someone was still on A12 should they do a full oem update first?
Click to expand...
Click to collapse
I think you should upgrade to stock android 13 first just to be safe
brilliant thanks!! can i ask a reallly random stupid question please. if i have a stock pixel 6 rom, can i just run the ota update to keep present apps/data in place and to upgrade it to graphene or would that break my phone if not already running graphene?
Ictcreations said:
brilliant thanks!! can i ask a reallly random stupid question please. if i have a stock pixel 6 rom, can i just run the ota update to keep present apps/data in place and to upgrade it to graphene or would that break my phone if not already running graphene?
Click to expand...
Click to collapse
You must install Graphene OS first, and if you want to lock the bootloader then you will need to erase your data anyway
People from GrapheneOS will permanently suspend your account on their forums for simply telling people that it is in fact possible to ROOT Graphene and Lock the Bootloder
They like to LIE to people and tell them it's impossible, while preventing anyone from contradicting them
I flashed the oriole image flawlessy, everythings seems to be fine except for the magisk manager that keeps crashing. I need to do something in order to make it works?
Edit: my bad, i was installing a super old version of magisk Sorry.
Thank you so much for you hard work
i cant find any information if its possbile to use google pay and android auto again with a rooted grapheneos and working magisk modul.
i like graphene and the features but it sucks to use an iphone for my car and cant use my galaxy watch for paying something :/
any1 got an idea or is the only possibility to flash stock google for both apps
timuh said:
i cant find any information if its possbile to use google pay and android auto again with a rooted grapheneos and working magisk modul.
i like graphene and the features but it sucks to use an iphone for my car and cant use my galaxy watch for paying something :/
any1 got an idea or is the only possibility to flash stock google for both apps
Click to expand...
Click to collapse
You cannot use google pay with official Graphene, I mean it works with loyalty cards but not NFC payment cards
So you should not expect it to work with a magisk patched Graphene, maybe you can find some magisk module and a configuration to get safety net passing and google pay working. But I am not aware of anything that works with Graphene
Why so much headache as go trough build for such simple task as resign especially for Graphene? Just get ota, follow instruction in readme.txt avbroot and that it.
I understand if you do any changes to source (patches, unneeded apps, own apps, implement of root). But just for locked bootloader? Bootloader locked or not doing it job.
If you loose and somebody stole your device how locked bootloader helps? Get your data from recovery (it stock, not custom) over adb shell if you use pass not possible. Find device or location not on graphene build. You can't pass Safetycheck or use phone for contactless payments (NFC)
So all that wind just not allow to thief reflash and use device?
boom15 said:
Why so much headache as go trough build for such simple task as resign especially for Graphene? Just get ota, follow instruction in readme.txt avbroot and that it.
I understand if you do any changes to source (patches, unneeded apps, own apps, implement of root). But just for locked bootloader? Bootloader locked or not doing it job.
If you loose and somebody stole your device how locked bootloader helps? Get your data from recovery (it stock, not custom) over adb shell if you use pass not possible. Find device or location not on graphene build. You can't pass Safetycheck or use phone for contactless payments (NFC)
So all that wind just not allow to thief reflash and use device?
Click to expand...
Click to collapse
If you think it's too much headache, that's fine, it's not for you.
I prefer to build it from source myself using my own keys for the whole process, it may be possible as you say just to patch the provided ota with avbroot, but I haven't tested this and don't have any plans to
I don't want to argue about the potential security benefits or downsides, If you don't believe it's secure and you don't feel safe using it then just don't use it. I like my data being secure and not easily accessible, regular backups are important
You can't pass safetynet or use google pay for contactless payments on official graphene, so please take it up with them to fix that as rooting it isn't going to make you more likely to pass safetynet
The thief can always just reflash and use the device unless you disable OEM unlocking in the developer settings
But you should not do this, because if something happened and your phone started to boot loop or something then there would be no way to fix it and you will brick your device, but at least your data will be safe if you had the bootloader locked
FireRattus said:
If you think it's too much headache, that's fine, it's not for you.
I prefer to build it from source myself using my own keys for the whole process, it may be possible as you say just to patch the provided ota with avbroot, but I haven't tested this and don't have any plans to
I don't want to argue about the potential security benefits or downsides, If you don't believe it's secure and you don't feel safe using it then just don't use it. I like my data being secure and not easily accessible, regular backups are important
You can't pass safetynet or use google pay for contactless payments on official graphene, so please take it up with them to fix that as rooting it isn't going to make you more likely to pass safetynet
The thief can always just reflash and use the device unless you disable OEM unlocking in the developer settings
But you should not do this, because if something happened and your phone started to boot loop or something then there would be no way to fix it and you will brick your device, but at least your data will be safe if you had the bootloader locked
Click to expand...
Click to collapse
Read one more time my comment
I'm not said that I will or plan to use your guide to build. I said that it to much work for average person.
I saw your post where you clearly state that you wanna locked bootloader. I pointed to easiest way to do that. Don't like it? Do what you like.
For patching ota by using avbroot. I did it and tested on my own pixels(6a,2 -6, not pro) and not pushing you to do that. As all here I wanna show people another option.
I don't need rom signed you or any one else. It personal rom and I do not have time and willing to inspect it. For me enough that I trust graphene team! I already build rom for my self with implemented of root, patching some graphene code, remove some apks and replaced it with mine and settings that I need. Of cause I sign but that rom it for me and my family not for public. So no any need in secondhand roms.
I did't tell that you responcible for NFC, Saftynet pass just wanna point out that locking bootloader not helps with these issue.Not expect you fix that. You said that you didn't touch code. It's Graphene and it on their side. I used Graphene long enough to know advantages and disadvantages.
And I as you don't intend to start security discussion here or with someone else. Don't worry and have a good day!
boom15 said:
Read one more time my comment
I'm not said that I will or plan to use your guide to build. I said that it to much work for average person.
I saw your post where you clearly state that you wanna locked bootloader. I pointed to easiest way to do that. Don't like it? Do what you like.
For patching ota by using avbroot. I did it and tested on my own pixels(6a,2 -6, not pro) and not pushing you to do that. As all here I wanna show people another option.
I don't need rom signed you or any one else. It personal rom and I do not have time and willing to inspect it. For me enough that I trust graphene team! I already build rom for my self with implemented of root, patching some graphene code, remove some apks and replaced it with mine and settings that I need. Of cause I sign but that rom it for me and my family not for public. So no any need in secondhand roms.
I did't tell that you responcible for NFC, Saftynet pass just wanna point out that locking bootloader not helps with these issue.Not expect you fix that. You said that you didn't touch code. It's Graphene and it on their side. I used Graphene long enough to know advantages and disadvantages.
And I as you don't intend to start security discussion here or with someone else. Don't worry and have a good day!
Click to expand...
Click to collapse
1.I already know this, I thought this would be obvious. I think using Graphene OS at all is too much for the average person, the average person will just use their phone as it comes and never put a custom rom onto it. This was never intended for the average person.
2. I appreciate that there is an easier way to do it, But I already said I was going to do what I like instead.
3. I appreciate that you have tested this works, I will likely update the guide I have created with this information for people who don't want to build it from source but would also prefer to patch official builds with magisk themselves
4. I do highly recommend everyone does build it themself, I think you should not rely on and trust graphene to always provide updates that have not been modified in some malicious way, it's always possible they could get hacked and an update build could be silently replaced with a malicious version
5. Locking the bootloader has nothing to do with safetynet for me, It's more about the other protections that locking the bootloader enables, like making it much harder for someone to be able to access my data or use the phone without erasing the data
Thankfully there is several banking apps which work and even let you use NFC for payments, while you do not pass safetynet
6. I appreciate it, thank you. I hope you have a good day also.
FireRattus said:
1.I already know this, I thought this would be obvious. I think using Graphene OS at all is too much for the average person, the average person will just use their phone as it comes and never put a custom rom onto it. This was never intended for the average person.
2. I appreciate that there is an easier way to do it, But I already said I was going to do what I like instead.
3. I appreciate that you have tested this works, I will likely update the guide I have created with this information for people who don't want to build it from source but would also prefer to patch official builds with magisk themselves
4. I do highly recommend everyone does build it themself, I think you should not rely on and trust graphene to always provide updates that have not been modified in some malicious way, it's always possible they could get hacked and an update build could be silently replaced with a malicious version
5. Locking the bootloader has nothing to do with safetynet for me, It's more about the other protections that locking the bootloader enables, like making it much harder for someone to be able to access my data or use the phone without erasing the data
Thankfully there is several banking apps which work and even let you use NFC for payments, while you do not pass safetynet
6. I appreciate it, thank you. I hope you have a good day also.
Click to expand...
Click to collapse
I spent half of my week following your guide because with my old ass I7-3770K running Debian within VMware takes days since I didn't know there was another way. The main building part (m target-files-package took 6,5 hours to complete) Reading what boom15 said I'd be very happy if I never had to go down this route ever again.
Thank both of you gentlemen for spreading information about this, I wound't be able to figure it out by myself.
I guess I only have to download the OTA from grapheneos.org/releases and follow avbroot's readme, right? (I feel like a retard right now for wasting that much time setting up my VM, it running out of disk space, reinstalling it, etc.. )
Klavaro said:
I spent half of my week following your guide because with my old ass I7-3770K running Debian within VMware takes days since I didn't know there was another way. The main building part (m target-files-package took 6,5 hours to complete) Reading what boom15 said I'd be very happy if I never had to go down this route ever again.
Thank both of you gentlemen for spreading information about this, I wound't be able to figure it out by myself.
I guess I only have to download the OTA from grapheneos.org/releases and follow avbroot's readme, right? (I feel like a retard right now for wasting that much time setting up my VM, it running out of disk space, reinstalling it, etc.. )
Click to expand...
Click to collapse
I do completely understand and sympathize, I have already updated the guide with this simple method of patching graphene for those who are unable to or don't want to build it from source themselves
I think you have gained some valuable experience and knowledge though which will likely help you in the future with other endeavors.
At least you didn't spend a good couple of weeks trying to patch graphene with magisk manually before I even discovered AVBRoot was a thing, so glad that exists
FireRattus said:
I do completely understand and sympathize, I have already updated the guide with this simple method of patching graphene for those who are unable to or don't want to build it from source themselves
I think you have gained some valuable experience and knowledge though which will likely help you in the future with other endeavors.
At least you didn't spend a good couple of weeks trying to patch graphene with magisk manually before I even discovered AVBRoot was a thing, so glad that exists
Click to expand...
Click to collapse
I understand your side too, my end goal would be using only self built opensource software on every device I have, but you gotta start somewhere, right? Maybe once I'll have nothing better to spend money on I'll build myself a newer pc and dual boot linux so it doesn't take ages to build graphene.
I'm all about doing new things, getting experience and knowledge, so I'm not even mad, but just feel relieved that I'll be able to update it easily. Atleast now I'm getting familiar with Debian, which will come in handy when I'll get myself to continue setting up my VPS, so I can selfhost everything I need..
Well I didn't try that, mainly because I'm curious if I'll be able to use my banking app if I root my phone and lock the bootloader, since that sucker won't even let me use contactless payment with a stock os combined with an unlocked bootloader.
New Release #2022121100
Missed a couple of update releases due to build errors then other errors I have finally resolved so
Changes since the 2022120300 release:
resolve upstream bug in Android 13 QPR1 causing screen brightness dimming on user profile changes
Settings: replace hard-wired refresh rate in the text for the smooth display toggle with the actual max refresh rate used for the device model (Android has the string hard-wired to say 90Hz and expects the device to provide an overlay with the correct string which isn't present in AOSP for Pixels)
kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.156
kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.77
Sandboxed Google Play compatibility layer: new infrastructure for controlling Play Store updates of Play Store and Play services with a max version of Play services and the Play Store set via GmsCompatCompat and an override toggle for allowing it to update to any version
Sandboxed Google Play compatibility layer: hide GrapheneOS Auditor variant (app.attestation.auditor) from the Play Store so it doesn't try to update it (note: we plan to fully switch to app.grapheneos.auditor.play for the Play Store and we can remove this workaround once we unpublish the GrapheneOS variant of the app there and stop updating it)
Pixel 7, Pixel 7 Pro: remove unused Google Camera SELinux policy
Auditor: update to version 67
Camera: update to version 58
2022120700
Launcher: fix Recent Apps activity crashing when using the TalkBack screen reader due to an incorrect port of the Storage Scopes shortcut to Android 13 QPR1
2022120600
full 2022-12-01 security patch level
full 2022-12-05 security patch level
rebased onto TQ1A.221205.011 release, which is the first quarterly maintenance/feature release for Android 13
Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro: rewrite under display fingerprint scanner integration
Sandboxed Google Play compatibility layer: set GmsCompat versionCode to 1000 (v1) to prepare for defining dependencies on the compatibility layer version for the Google Play apps mirrored in our app repository
Pixel 6, Pixel 6 Pro, Pixel 6a: use Scudo instead of hardened_malloc for camera service for consistency with the Pixel 7 and Pixel 7 Pro until memory corruption issues with it are resolved
add back support for OS device controls and wallet quick tiles
kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.152
Click to expand...
Click to collapse
Download in Post #2