Oh wow! If double-tap-to-wake is working, the essentials are there and the port is ready to release
Nah, seriously: this is really cool, like in the days of my J1
Fortunately now there are many more devices that have hardware support for double-tap:)
Regarding release, I will probably make a “devel” release soon, since I will hit a wall on what easy / not started tasks I have, and I’ll have to start the hard ones (video recording, wifi crashing / power consumption) which will probably take more time.
By the way, are you going to add encryption to the port?
Thank you for reminding me “before it’s too late”.
Meaning: for my current device I don’t have encryption because rinigus developed it while I was already daily-driving the device and never “found” the time to back up, re-flash it and,…
There is some work to enable encryption: a small Android package build, 4-5 more SFOS rpms.
I should probably start this before the first release, so its “before it’s too late” for all.
The only problem I have (and is not related to the community encryption but…) is that I have to decide a file size for the home partition.
Why? Because my port (as opposed to Sony ones) is using a bare /data/.stowaways/sailfishos
as root mount, instead of building a LVM partition. Why? Because this is how they teach you in HADK and I haven’t invested the time to see how I can go about to make a LVM port.
How is that a “problem”? Well, root and home, in this configuration, can expand any way they like, they will still be a subfolder in /data partition. Meaning I can choose to fill my hundreds of Gigabytes with software in /usr or with files in /home (not with videos for now:). Their sum just needs to be under 227GB as I have the partition today.
But, when I enable encryption, I have to choose the size of the /home partition. And that would be the default for all new installs, and probably instructions can be made to resize it.
Not only is this a 80/20 problem (you can have this problem on your home computer), but there’s also the fact that Asus Zenfone 8 comes in at least 128GB and 256GB variants - so even though I have the latter, I will probably choose a default to match the former…
Anyway, again, this is a good thing, that you brought this up. I will do my best to enable it and report back.
Day 9, Season 2
I moved all my repos to sailfishos-on-sake.
I’ve added -z instead of -j to hybris boot image creation.
I’ve rebuilt kernel, droid-hal and re-uploaded to OBS through the osc
command (which is like a SVN for build inputs)
I’m now adding the OBS repo to my locally built device (4.4).
What can go wrong ? Anything. In that case I’ll have to re-flash.
But that is an opportunity - I would test if -z (gzip) instead of -j (bzip2) would work in TWRP or Lineage Recovery. Bzip2 didn’t,
[root@Zenfone8 defaultuser]# ssu ar adaptation-community http://repo.merproject.org/obs/nemo:/devel:/hw:/asus:/sake/sailfish_latest_aarch64/
[root@Zenfone8 defaultuser]# zypper ref adaptation-community
Retrieving repository 'adaptation-community' metadata ...........................................................................................................[done]
Building repository 'adaptation-community' cache ................................................................................................................[done]
Specified repositories have been refreshed.
[root@Zenfone8 defaultuser]# ssu re 4.5.0.19
Changing release from 4.4.0.58 to 4.5.0.19
Your device is now in release mode!
[root@Zenfone8 defaultuser]# version --dup
REBOOT NOW unless you need to investigate update
issues or know what you are doing (or both).
All bugs encountered until reboot are features.
[root@Zenfone8 defaultuser]# ls -l /etc/systemd/system/usb-moded.service
lrwxrwxrwx 1 root root 9 Apr 29 00:58 /etc/systemd/system/usb-moded.service → /dev/null
Vibration starts later?
But it booooooots!
So I have done my first upgrade from locally-built 4.4 to OBS build 4.5
It does not include a kernel upgrade, I need to do something like this later, maybe tomorrow?
Waydoid
Installing waydroid from chum - it does not start, says something about binder device not found.
I thought having BINDERFS enabled in the kernel would just allow one to create binder devices on the fly.
But that waydroid script only does that for “mainline” devices
Meaning: only if getprop does not return ro.vndk.version it tries to create binder devices using bindercontrol…
One reason to re-build the kernel with pre-defined binder devices as piggz’s FxTech Pro1X
Wifi
ifconfig shows both wlp1s0 but also wifi-aware0.
Searching for it reveals this “Neighbour Aware Network” Wi-Fi Aware overview | Android Developers
Maybe I should disable it.
One reason to re-build the kernel
So, two reasons to re-build the kernel and one lingering ‘kernel update’ development to do. I sense an opportunity
Day 10 Season 2
I finally enabled kernel upgrade, after fighting a bit with a script:
# /usr/sbin/flash-partition
At least one partition needs to be defined variables PART_1, PART_REAL_1 and PART_I.
This brought me two new kernel changes: binder devices and disablement of wifi-aware0
/NAN, in the hope that less power is consumed by WLAN…
Which reminds me that powertop does not start, debugfs related error.
As in day 4, mount -t debugfs none /sys/kernel/debug
doesn’t work.
On closer inspection, I am missing CONFIG_DEBUG_FS=y, let’s add that, and build the kernel again…
The worflow for updating kernel from now would be: build it (hybris-boot.img) boot it (fastboot boot hybris-boot.img) and if it works package it (build_packages.sh --droid-hal) and copy the droid-hal* packages through osc to OBS.
About waydroid: it seems that the change I made to the kernel generates these devices
# ls /dev/binderfs/
binder
hwbinder
hwpuddlejumper
puddlejumper
vndbinder
vndpuddlejumper
but Waydroid expects them directly under /dev/
Peeking through previous work again, it seems piggz fixes this with ln -sf /dev/binderfs/* /dev/
here, I should copy that whole service (plus, I also have misc stuff not related to droid-hal-early-init.sh so…)
For now, manually ln -sf /dev/binderfs/* /dev/
# waydroid init
[17:22:54] Downloading https://sourceforge.net/projects/waydroid/files/images/system/lineage/waydroid_arm64/lineage-18.1-20230422-VANILLA-waydroid_arm64-system.zip/download
Good!
When the download finishes, I install waydroid-settings
and go to Settings app to stat the daemon.
The new icon is now on my screen but doesn’t “start”.
Let’s see:
May 01 16:49:35 Zenfone8 dnsmasq[7033]: dnsmasq: failed to create listening socket for port 53: Address already in use
This is the first point here: GitHub - sailfishos-open/waydroid: Waydroid packaging for Sailfish OS
Next:
(017197) [17:32:51] Failed to get service waydroidplatform, trying again...
Meanwhile, 20 minutes of kernel build have passed, let’s boot it.
Ooops, takes a long time to turn on the screen and the touch isn’t working. Telnet to the rescue…
Ah… of course. it doesn’t work like this, kernel drivers do not load…
# modprobe qca_cld3_wlan
modprobe: FATAL: Module qca_cld3_wlan not found in directory /lib/modules/5.4.61-qgki-perf-gbb907089bcf2-dirty
I don’t have that directory. Kernel changed magic again. insmod
doesn’t work either, “disagrees about version of symbol …”
Ok, build droid-hal then…
Copy droid-hal*.rpms to osc checkout directory, osc commit.
Let’s also cherry pick that binder link service.
# zypper ref adaptation-community
# zypper up
It reboots two times, as expected, flashing the new kernel kicks a reboot.
powertop
starts
dnsmasq does not
droid-bootctl does not - didn’t I already fix this?
/lib/udev/rules.d/998-droid-system.rules
indeed shows original content.
rpm -qf
says it’s from droid-config-sake
I have a locally built variant of that package and it has the correct file…
I also download the OBS built droid-config-sake rpm and it has the correct file…
zypper in --force droid-config-sake
reinstalls the package but no changes, the file is incorrect.
strace-ing that shows /home/.zypp-cache but also shows that the download is unlinked…
Hmm… I may make a mistake, the contents seem fine now. But marking boot as successful is not.
?/
This really bugs me… and will probably bite me later but…
Waydroid now starts!
Welcome back, Lineage-in-a-container !
The nice thing about waydroid booting is that I can… have Camera 2 API (no horrbile sharpening) and… wait for it… video recording works! This may mean that the bits I have compiled on the “host droid-hal” are good, and I can strace the waydroid camera to see how they are used.
(for context, on my previous device, recording didn’t work in either SFOS nor in Waydroid)
If I should actually start looking for a Zenfone 8, would I have to pay attention to anything? With the Sonys, for example, you have to make sure that it says “Bootloader unlock allowed: yes” or something like that. I have never had an Asus in my fingers. Is there something similar?
Not sure either - it is the first Asus phone for me too (if you don’t count last century’s Nexus 7 2012). Basically picked by specs and availability of Lineage 18.1…
That’s why I bought it “unboxed”.
In the Day 1 post I am using the APK to unlock and notice that I don’t need any account (goog/asus) to do that. This might mean that you can safely buy an opened/used device.
However, it might be that some models are not targeted globally - the manufacturers usually split the world into “US/Int’l/CN” and I most probably have the “International” version. I don’t have the box handy as I write this.
A cursory search for unlock in the XDA forum for the zenfone 8 shows at least somebody mentioning HK as unlockable and unlocked/relocked problems…
So really, this is as much as I know too.
Day 11 Season 2
Trying to fix the sharp notification (e.g when battery is discharging under 10%, or when camera makes a photo)
According to a recent conversation there is quirks=+no_hw_volume
for pulseaudio.
That doesn’t work on my phone - it is probably because I’m using another pulseaudio droid plugin.
The documentation actually says hw_volume=false and that seems to work.
Waydroid assessment:
GPS is just as unstable as on my previous device. It mostly does not work.
Vibration is not working either - which is different, my previous device had that.
Trying to add this to disabled_services.rc
in SFOS does not help.
service vendor.qti.vibrator /vendor/bin/hw/vendor.qti.hardware.vibrator.service_HYBRIS_DISABLED
Porters tasks also suggests so. I start waydroid, and as root run waydroid shell
find the vibra process by ps -ef
and strace
it by pid.
What it tries to do is:
openat(AT_FDCWD, "/sys/devices/virtual/timed_output/vibrator/enable", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/sys/class/leds/vibrator/activate", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EROFS (Read-only file system)
The first one is not working on my device, the second one could work…
The Waydroid lxc python script mentions it too.
I try to edit the next line and put instead of the path “/sys/devices/virtual/timed_output/vibrator” the path “/sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator” but that doesn’t make it writable from lxc.
Also I try
make_entry("/sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator", dist="/sys/class/leds/vibrator",
“Waydroid log” says:
Too many levels of symbolic links - vibrator in /usr/lib64/lxc/rootfs/sys/class/leds/vibrator was a symbolic link!
This all ends up in /home/waydroid/lxc/waydroid/config_nodes
(no it doesn’t! it doesn’t seem updated → maybe lxc.py does not run all the times)
I try to manually patch
lxc.mount.entry = /sys/class/leds/vibrator sys/class/leds/vibrator none bind,create=dir,optional 0 0
to be
lxc.mount.entry = /sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator sys/class/leds/vibrator none bind,create=dir,optional 0 0
Mmm… still the same message from “waydroid log”, which is unusual.
ps aux | grep lxc
shows
lxc-start -P /var/lib/waydroid/lxc -F -n waydroid – /init
And vi /var/lib/waydroid/lxc/waydroid/config_nodes
shows my previously edited config,
Let’s pause and think - about something else:)
Spam in dmesg -w
:
[ 614.254035] [ 614.254035] (CPU:2-pid:12828:fthread_2) [21:05:14.637305916] msm_cvp: warn: fthread_2 cvp_fence_proc: cvp_wait_process_msg non-fatal 4107
When did that start…
Let’s go back to bootctl:
/usr/libexec/droid-hybris/system/bin/bootctl is-slot-marked-successful 1
logcat:
gpt-utils: gpt_get_header: Failed to open …/…/…/…/… : Is a directory
Matches:
ls -l /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_b
lrwxrwxrwx 1 root root 19 May 2 23:55 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_b → …/…/…/…/…/sdc1
Let’s… rm /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_b
and ln -s /dev/block/sdc1 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_b
Same error.
logcat shows a PID in the gpt-utils error message. Let’s strace -p
that since the bootctl command doesn’t seem to touch devices.
readlinkat(AT_FDCWD, "/dev/block/bootdevice/by-name/xbl_b", "../../../../../sdc1", 4096) = 19
A-ha!
rm
that / ln -s
again
Wait what? I ls -l
that link, it has absolute /dev/block/sdc1
then I bootctl mark-boot-successful
and it is back to ../../../../../sdc1
??
Not only that, there’s an error about
readlinkat(AT_FDCWD, “/dev/block/bootdevice/by-name/abl_b”, “…/…/…/…/…/sde33”, 4096) = 20
Let’s link that to absolute path too.
WAT
readlinkat(AT_FDCWD, “/dev/block/bootdevice/by-name/aop_b”, “…/…/…/…/…/sde26”, 4096) = 20
Is this going to stop.
rm /dev/block/bootdevice/by-name/xbl_b
ln -s /dev/block/sdc1 /dev/block/bootdevice/by-name/xbl_b
ls -l /dev/block/bootdevice/by-name/xbl_b
rm /dev/block/bootdevice/by-name/abl_b
ln -s /dev/block/sde33 /dev/block/bootdevice/by-name/abl_b
ls -l /dev/block/bootdevice/by-name/abl_b
rm /dev/block/bootdevice/by-name/aop_h
ln -s /dev/block/sde26 /dev/block/bootdevice/by-name/aop_h
ls -l /dev/block/bootdevice/by-name/aop_h
Cont’d:
readlinkat(AT_FDCWD, “/dev/block/bootdevice/by-name/xbl_config_b”, “…/…/…/…/…/sdc2”, 4096) = 19
rm /dev/block/bootdevice/by-name/xbl_config_b
ln -s /dev/block/sdc2 /dev/block/bootdevice/by-name/xbl_config_b
ls -l /dev/block/bootdevice/by-name/xbl_config_b
Cont’d:
readlinkat(AT_FDCWD, “/dev/block/bootdevice/by-name/aop_b”, “…/…/…/…/…/sde26”, 4096) = 20
rm /dev/block/bootdevice/by-name/aop_b
ln -s /dev/block/sde26 /dev/block/bootdevice/by-name/aop_b
ls -l /dev/block/bootdevice/by-name/aop_b
Cont’d
readlinkat(AT_FDCWD, “/dev/block/bootdevice/by-name/dsp_b”, “…/…/…/…/…/sde34”, 4096) = 20
rm /dev/block/bootdevice/by-name/dsp_b
ln -s /dev/block/sde34 /dev/block/bootdevice/by-name/dsp_b
ls -l /dev/block/bootdevice/by-name/dsp_b
This needs to stop.
I think the problem is
# ls -l /dev/block/bootdevice
lrwxrwxrwx 1 root root 37 May 2 23:55 /dev/block/bootdevice -> /dev/block/platform/soc/1d84000.ufshc
Trying to play with those UDEV rules…
No joy.
However
[root@Zenfone8 defaultuser]# rm -r /dev/block/bootdevice
[root@Zenfone8 defaultuser]# mkdir /dev/block/bootdevice
[root@Zenfone8 defaultuser]# ln -s /dev/block/* /dev/block/bootdevice/
makes bootctl succesful,… but of course it includes some more devices.
I still need to figure out (ask about) those udev rules…
Day 12, Season 2
bootctl and waydroid vibra cont’d
Wifi update: 8 hours on 2.4Ghz network is “just” 25% battery, not 50%…
I’m not sure if this is related to the removal of wifi-aware0 device - needs more testing.
Meanwhile I still have to figure out powertop output:
The battery reports a discharge rate of 38.5 W
The power consumed was 776 J
Summary: 281.4 wakeups/second, 0.0 GPU ops/seconds, 0.0 VFS ops/sec and 26.1% CPU use
Usage Events/s Category Description
34.7 ms/s 36.6 kWork
2.9 ms/s 34.1 Process [PID 11] [rcu_preempt]
9.4 ms/s 18.9 Process [PID 9038] [irq/25-90b6400.]
3.6 ms/s 19.7 Process [PID 12] [rcuog/0]
3.7 ms/s 17.2 Interrupt [17] apps_rsc
3.4 ms/s 15.9 kWork
8.9 ms/s 7.7 Process [PID 1282] [wk:__typeid__Z]
5.6 ms/s 6.7 Timer
6.1 ms/s 6.4 Process [PID 4531] [wk:ufs_qcom_vo]
15.0 ms/s 2.6 Process [PID 5838] [wk:__qdf_defer]
7.5 ms/s 5.4 Process [PID 32380] [wk:devfreq_mon]
13.1 ms/s 2.3 Process [PID 2444] [wk:process_src]
617.8 us/s 7.2 kWork
4.1 ms/s 4.7 Timer
137.6 us/s 6.2 Timer
8.4 ms/s 2.5 Process [PID 5412] /usr/sbin/connmand -n -W nl80211 --nobacktrace --noplugin=wifi
(connmand is in top 15, but there are “kernel work” stuff that does not have a description.)
Back to bootctl and udevd…
`TEST=="/dev/block/bootdevice", GOTO=“bootdevice_end”
Hah, didn’t notice this line before. It skips most of the rules. Did I copy this version yesterday?
Reading some udev tips from udev - ArchWiki
# udevadm info --query=path --name /dev/block/bootdevice/sdb1
/devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:1/block/sdb/sdb1
# udevadm trigger --verbose
Btw, looking at porters’ log for udevadm I find a reference to usb-moded too - I still don’t run that service as it cuts me from telnet access, maybe I should look into it later…
Desperately finding all *.rules on my system… and guess what
I figured out why no changes were working - the problem was between keyboard and chair…
The .rules file I tested was in /lib/udev, the one I checked in into my repo was in /usr/udev…
I was furiously editing the /usr/udev one, and no systemctl restart systemd-udevd
nor udevadmin trigger
would make a difference.
I copy it to the right place (with my edits), restart the above and the links are correct.
Let’s reboot…
Uh-uh, ramdump. unthethered.
Reboot. Maybe its’ udevd rules file.
Telnet. dmesg -w
Telnet. zypper in -f droid-config-sake
Works.
Tic toc. Ramdump.
[ 93.894951] [ 93.894951] (CPU:6-pid:183:irq/335-smp2p) [20:27:07.920442344] Fatal error on modem!
[ 93.894975] [ 93.894975] (CPU:6-pid:183:irq/335-smp2p) [20:27:07.920466823] modem subsystem failure reason: dog_hal_common.c:177:DOG detects stalled initialization, triage with IMAGE OWNER.
[ 93.894983] [ 93.894983] (CPU:6-pid:183:irq/335-smp2p) [20:27:07.920474687] (93)2023-05-03 20:27:07 :[SSR]:modem dog_hal_common.c:177:DOG detects stalled initialization, triage with IMAGE OWNER
[ 93.895048] [ 93.895048] (CPU:6-pid:183:irq/335-smp2p) [20:27:07.920539635] subsys-restart: subsystem_restart_dev(): Restart sequence requested for modem, restart_level = SYSTEM.
[ 93.895087] [ 93.895087] (CPU:6-pid:8795:wk:device_rest) [20:27:07.920578280] Ramdump(ramdump_microdump_modem): No consumers. Aborting..
[ 93.895092] [ 93.895092] (CPU:6-pid:8795:wk:device_rest) [20:27:07.920583332] microdump_modem_notifier_nb: do_ramdump() failed
[ 93.895454] [ 93.895454] (CPU:0-pid:351:wk:do_write_su) [20:27:07.920945309] (93)2023-05-03 20:27:07 :[SSR-Info] Save SubSys Medical Table Error: [0xfffffffe]
Caught it;)
Reboot.
Earlier in that error log there’s also
droid-hal-init: starting service 'vendor.rmt_storage'...
rmt_storage:INFO:check_support_using_libmdm: Modem subsystem found on target!
rmt_storage:ERR:parse_gpt_partition: Failed to open partition /dev/block/bootdevice/by-name/modemst1 err 2 (No such file or directory)
rmt_storage:ERR:parse_gpt_partition: Failed to open partition /dev/block/bootdevice/by-name/modemst2 err 2 (No such file or directory)
This looks like my changes to the udev rules. Now they’re backed out.
Fortunately just mv sparse/usr/udev/rules.d/998-droid-system.rules sparse/lib/udev/rules.d/
was the bootctl fix…
The rest was noise generated by myself.
And a ramdump from modem which could still be investigated (i.e. if it turns out its a “fail the debug builds” thing.)
what next? Waydroid? encryption? video recording …?
Waydroid
vi /var/lib/waydroid/lxc/waydroid/config
and setting sys:rw
makes the boot_vibrator writable but the SFOS touchscreen goes crazy, probably picked up /sys/ stuff from guest…?
Waydroid camera recording for later study: Ubuntu Pastebin
Wait, that symbolic link error from yesterdays’ waydroid?
It seems that even inside waydroid, /sys/class/leds/vibrator -> /sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator
.
So all I have to do is change the /var/lib/waydroid/lxc/waydroid/config
to actually mount
lxc.mount.entry = /sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator sys/devices/platform/soc/998000.i2c/i2c-2/2-005a/leds/vibrator none bind,remount,rw,create=dir,optional 0 0
And keyboard vibration works in waydroid too now.
Not sure how to ship this with the port, leaving it for reference here…
Keyboard vibration is the first thing I switch off whenever I get a phone into my hands
Heh, we’re on different sides on this one. I’ve been spoiled by Nokia 808 before. I want to have feedback on touch (not only keyboard), on scroll and at end of list. Different rolls and rumbles. It was only disabled when battery was low. I still pick up today’s phones and think “oh, it must be low on battery, that’s why no feedback”…
The Zenfone port uses the most basic interface to vibra though: it’s just “bzzz till I tell you to stop”. The Mi Note 10 has different effects for light tap/strong tap etc. but I’ve yet to map them to a QML/Silica patch :hmm: maybe I should do that. But “no vibration” is not in my book:)
I found a used one for a good price with 8GB/128GB (which is enough for me) and Android 13. I’m curious if the unlock also works under A13 and if I can also simply flash the image you linked… Or will flashing A11 not be necessary because your port will provide everything?
This makes really a stunning progress and the porter is really talented and tough enough to not give up
You would have to flash Android 11, yes. The current installation is just making a folder in /data, it does not ship system or vendor partitions (and I am wondering, with the super-partitions, if that would work…)
I still haven’t tested installing the sfos images from zero, I am waiting to break my current setup by adding encrypting first, then test;) But I’ll do that. Otherwise, I have to write many manual steps which I don’t like either.
When you get that 8Gb I would be interested in the size of the /data partition to adjust the home “partition” file size. Thanks @pansen-jim !
Thanks @fingus for the kind words. The above is hopefully a proof that with enough time and stubbornness, and by searching the existing logs and asking for advice, one can achieve booting SFOS on the desired phone.
If you could tell me how I can find out with Android, I will let you know when I get my hands on it.
Maybe you are right, but my lack of understanding and the necessity to learn about all that would take me approximately 2 years to get so far, I guess. And during that time 2 major versions of SFOS would be released and I would have to start it all over
Day 13, Season 2
On the 5Ghz wifi, 14 hours is 50%, so a slightly better battery than 8hrs/50% but far from ideal…
Some inspiration from fxtech:
Encryption support? That’s it? Add encryption support · sailfish-on-fxtecpro1/droid-config-t5@1570159 · GitHub
USB fix? Merge pull request #34 from sailfish-on-fxtecpro1/fix-usb · sailfish-on-fxtecpro1/droid-config-t5@9b1878f · GitHub
Time to break the device!
# zypper in sailfish-device-encryption
I do get through these screens indeed Encryption of User Data | Sailfish OS Documentation
Let’s make a note of the disk free first:
# df -h
/dev/sda23 227.0G 8.2G 218.8G 4% /
/dev/sda23 227.0G 8.2G 218.8G 4% /data
This is not using a separate /home partition.
Let’s also peek inside wat was installed… but I lost the output from zypper.
# rpm -ql sailfish-device-encryption
(contains no files)
How does install-history work?
A-ha, less /var/log/zypp/history
contains more or less:
sailfish-device-encryption-service
sailfish-device-encryption-unlock-ui
sailfish-device-encryption-settings
sailfish-device-encryption
rpm -ql sailfish-device-encryption-service
/etc/crypttab
/etc/systemd/system/actdead.target.wants/jolla-actdead-charging.service
/etc/systemd/system/home-mount-settle.service.d/50-sailfish-home.conf
/etc/systemd/system/home.mount.d
/etc/systemd/system/home.mount.d/50-settle.conf
/etc/systemd/system/multi-user.target.d
/etc/systemd/system/multi-user.target.d/50-home.conf
/etc/systemd/system/systemd-user-sessions.service.d
/etc/systemd/system/systemd-user-sessions.service.d/50-home.conf
/usr/lib/systemd/system/aliendalvik.service.d/01-prevent-start.conf
/usr/lib/systemd/system/connman-vpn.service.d/01-prevent-start.conf
/usr/lib/systemd/system/connman.service.d/01-prevent-start.conf
/usr/lib/systemd/system/dbus-org.nemomobile.MmsEngine.service.d/01-prevent-start.conf
/usr/lib/systemd/system/dbus-org.nemomobile.provisioning.service.d/01-prevent-start.conf
/usr/lib/systemd/system/dbus-org.sailfishos.EncryptionService.service
/usr/lib/systemd/system/home-encryption-preparation.service
/usr/lib/systemd/system/home-mount-settle.service
/usr/lib/systemd/system/local-fs.target.wants/home-encryption-preparation.service
/usr/lib/systemd/system/mdm_proxy.service.d/01-prevent-start.conf
/usr/lib/systemd/system/mount-sd@.service.d/50-after-preparation.conf
/usr/lib/systemd/system/packagekit.service.d/01-home-mount.conf
/usr/lib/systemd/system/packagekit.service.d/01-prevent-start.conf
/usr/libexec/sailfish-encryption-service
/usr/share/dbus-1/system-services/org.sailfishos.EncryptionService.service
/usr/share/dbus-1/system.d/org.sailfishos.EncryptionService.conf
/usr/share/sailfish-device-encryption
/usr/share/sailfish-device-encryption/home-encryption-copy.sh
/usr/share/sailfish-device-encryption/home-encryption-finish.sh
/usr/share/sailfish-device-encryption/home-encryption-preparation.sh
/usr/share/sailfish-device-encryption/home-restore.sh
Some of the conf files are missing though.
But - will it work on a .stowaways
-type device? What kind of partition has the fxtech?
Uh uh… looks like lvm Jolla-@RELEASE@-t5-@ARCH@-lvm.ks · master · sailfishos-porters-ci / t5-ci · GitLab
Mal says you can set the root size for lvm ports droid-hal-img-boot-sony-lena/droid-hal-pdx213-img-boot.spec at master · mer-hybris/droid-hal-img-boot-sony-lena · GitHub
Let’s try it anyway!
Backup. Enabled encryption. Reboots
Ahoi!
Cannot encrypt
telnet journalctl says
May 04 23:11:22 Zenfone8 sailfish-encryption-service[15384]: Removing file /var/lib/sailfish-device-encryption/encrypt-home
May 04 23:11:22 Zenfone8 sailfish-encryption-service[15384]: GDBus.Error:org.freedesktop.systemd1.NoSuchUnit: Unit home.mount not found.
May 04 23:12:05 Zenfone8 encsfa[5506]: Device /dev/sailfish/home does not exist or access denied.
# reboot
Ok, back on track. Which track?
Well “I tried”. Let’s go with rinigus solution then.
[HABUILD_SDK]$ git clone https://github.com/rinigus/hwcrypt.git hybris/mw/hwcrypt
[HABUILD_SDK]$ make hwcrypt
Oh noes
hybris/mw/hwcrypt/main.cpp:301:36: error: too few arguments to function call, expected 6, have 5
&ignored_params, &output_data);
It seems system/security/keystore/include/keystore/keystore_client_impl.h
needs another parameter. “Allow for input_data on finish”. Maybe just pass in blank string?
Next:
[HABUILD_SDK]$ DEVICE=sake sh hybris/mw/hwcrypt/rpm/copy-hal.sh
Then:
[PlatformSDK]$ rpm/dhd/helpers/build_packages.sh --build=hybris/mw/hwcrypt --spec=rpm/droid-hwcrypt.spec --do-not-install
Which gets me a droid-hwcrypt
package that I upload into OBS in the droid-hal repo.
Next is (adjusted hostname) copypac from tama:
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 libsfosdevenc nemo:devel:hw:$VENDOR:$DEVICE
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 sailfish-device-encryption-community nemo:devel:hw:$VENDOR:$DEVICE
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 sailfish-device-encryption-community-service nemo:devel:hw:$VENDOR:$DEVICE
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 sailfish-device-encryption-community-settings nemo:devel:hw:$VENDOR:$DEVICE
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 sailfish-device-encryption-community-wizard nemo:devel:hw:$VENDOR:$DEVICE
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 systemd-ask-password-gui nemo:devel:hw:$VENDOR:$DEVICE
Finally, the device.ini
I put in:
[home_in_file]
name=Home
device=/encrypted.img
mapper=home_encrypted_file
mount=/home
type=file
size_mb=86016
The size is my /data size (with df -BM
) 232472M minus 1281024M(accounting for the smaller storage devices) minus whatever should be left for root partition size. 151024M would make it?
Finally,
# zypper ref adaptation-community
# zypper in sailfish-device-encryption-community-droid
Problem: nothing provides 'sailfish-device-encryption-community-generator' needed by the to be installed sailfish-device-encryption-community-1.1.1-1.1.1.jolla.noarch
Hmm… maybe copypac didn’t work? No, I just need one more
osc -A https://build.sailfishos.org copypac nemo:devel:hw:sony:tama:aosp10 sailfish-device-encryption-community-generator nemo:devel:hw:$VENDOR:$DEVICE
This time it installs.
Ok, config file written to /etc/sailfish-device-encryption-community/devices.ini
Fingers crossed and reboot.
Nothing changes, it boots unencrypted.
Wait, I forgot to install droid-hwcrypt. Done. reboot.
There was nothing in journalctl -b | grep encrypt
(there are some droid-hal-init messages)
# systemctl status sailfish-device-encryption-community-wizard
Active: active (exited) since Fri 2023-05-05 23:47:04 EEST; 3min 8s ago
Process: 5633 ExecStart=/bin/echo Device Encryption Setup Wizard Done (code=exited, status=0/SUCCESS)
Process: 5632 ExecStartPre=/system/bin/start vendor.hwcomposer-2-3 (code=exited, status=1/FAILURE)
Process: 5630 ExecStartPre=/system/bin/stop vendor.hwcomposer-2-3 (code=exited, status=1/FAILURE)
Process: 5617 ExecStartPre=/usr/bin/sailfish-device-encryption-community-wizard $LIPSTICK_OPTIONS (code=exited, status=0/SUCCESS)
Removing that from /usr/lib/systemd/system/sailfish-device-encryption-community-wizard.service
But that’s not it. The service was not in error anyway.
Maybe it’s because I already have /home directory?
Stracing /usr/bin/sailfish-device-encryption-community-wizard
shows it opens the ini file then quits.
Wait, it also reads config.ini
That now has the same keys :scratches-head:
Maybe I should close lipstick before running manually the wizard? since it uses environment options from lipstick…
(Whcih are -plugin evdevtouch -plugin evdevmouse -plugin evdevkeyboard:keymap=/usr/share/qt5/keymaps/droid.qmap
)
# systemctl stop user@100000
It still does not start
# rm /etc/sailfish-device-encryption-community/config.ini
Nope
# mv /home /home-bak
and reboot
Nope (I do get the welcome message…)
Well, I need to add some debug messages to the encryption wizard to see why it doesn’t consider starting.
I did not break my device yet since the home-bak was easily restored…
My idea was to do it for xz1 compact which i have here as spare-device for family members.
But it takes too much work and time i didn’t can’t afford, sadly.
Yes, it’s a nice device, but indeed, having the time is the main problem here.
I’m doing this a second time with a 2 year pause, but don’t know when the third time will be as I know what it takes (and know it’ll not be “a walk in the park”…)
Day 14, Season 2
Got it. I was missing the group for the devices.ini, see this looping over groups.
That “[home_in_file]” was missing when I pasted in vi on the device.
Moving back /home to /home-bak, rebooting…
sailfish-device-encryption-community-wizard[5643]: library “/vendor/lib64/egl/libEGL_adreno.so” ("/vendor/lib64/egl/libEGL_adreno.so") needed or dlopened by “/usr/libexec/droid-hybris/system/lib64/libvndksupport.so” is not accessible for the namespace
This sounds like needing the linkerconfig-user.service wait & sleep 5, that I introduced in Day 3 Season 2.
But that is a user systemd service, and the wizard is a system systemd service.
I will just make a copy “linkerconfig-system” for now and add it to its .wants/
I also change linkerconfig-user to sleep 0
If this works I need to update the files in my repo too…
Manually running it works though!
EGL_PLATFORM=hwcomposer QT_QPA_PLATFORM=hwcomposer /usr/bin/sailfish-device-encryption-community-wizard -plugin evdevtouch -plugin evdevmouse -plugin evdevkeyboard:keymap=/usr/share/qt5/keymaps/droid.qmap
I think the line in droid-hal that I need to wait for is
droid-hal-init: linkerconfig generated /linkerconfig with mounted APEX modules info
Find in files shows that’s in /system/core/init/builtins.cpp
That runs /system/bin/linkerconfig --target /linkerconfig
Which probably creates the com.android*
subfolders from /linkerconfig
Let’s change it to /bin/bash -c "while [ ! -f /linkerconfig/com.android.runtime/ld.config.txt ]; do sleep 1; done; sleep 5"
This seems to work for the new “linkerconfig-system” service, but the wizard does not wait for it.
Maybe the services, as opposed to the targets, need to also list the Wants= inside the service file.
I could add a conf file in (…).service.d/ folder
Adding
# cat sailfish-device-encryption-community-wizard.service.d/20-droid.conf
[Unit]
After=linkerconfig-system.service
Requires=linkerconfig-system.service
This time it works. I let it create and encrypt a home file
Then reboot
systemd-ask-password-gui[5647]: couldn’t find an OpenGL ES implementation, make sure you set ro.hardware.egl or ro.board.platform
Same error.
# mkdir systemd-ask-password-gui.service.d
# cp sailfish-device-encryption-community-wizard.service.d/20-droid.conf systemd-ask-password-gui.service.d/
Reboot
Ramdump?
Reboot again.
Works.
Unfortunately no dmesg was running at that ramdump.
Now it asks for password and boots.
Then cp -ar /home-bak/* /home/
and reboot
And again
systemd-ask-password-gui[5637]: couldn’t find an OpenGL ES implementation, make sure you set ro.hardware.egl or ro.board.platform
I don’t understand why. It seems “Linkerconfig generated /linkerconfig with mounted APEX modules info” message is twice output.
Ultimate plan: wait for both /linkerconfig/default to disappear then /linkerconfig/com/android/runtime to appear.
while [ -f /linkerconfig/default/ld.config.txt ]; do sleep 1; done; while [ ! -f /linkerconfig/com.android.runtime/ld.config.txt ]; do sleep 1; done; sleep 1
Ramdump again at reboot.
[ 703.260744] [ 703.260744] (CPU:5-pid:183:irq/335-smp2p) [23:45:50.374376193] Fatal error on modem!
[ 703.260761] [ 703.260761] (CPU:5-pid:183:irq/335-smp2p) [23:45:50.374393797] modem subsystem failure reason: rmts_api.c:2304:[2, 3145728, -919099608] EFS:rmts_get_buffer failed while writing.
[ 703.260769] [ 703.260769] (CPU:5-pid:183:irq/335-smp2p) [23:45:50.374400932] (703)2023-05-05 23:45:50 :[SSR]:modem rmts_api.c:2304:[2, 3145728, -919099608] EFS:rmts_get_buffer failed while writing
[ 703.260781] [ 703.260781] (CPU:5-pid:183:irq/335-smp2p) [23:45:50.374413172] subsys-restart: subsystem_restart_dev(): Restart sequence requested for modem, restart_level = SYSTEM.
[ 703.260791] [ 703.260791] (CPU:7-pid:10317:wk:do_write_su) [23:45:50.374423068] (703)2023-05-05 23:45:50 :[SSR-Info] Save SubSys Medical Table Error: [0xfffffffe]
[ 703.260811] [ 703.260811] (CPU:5-pid:11284:wk:device_rest) [23:45:50.374443380] Ramdump(ramdump_microdump_modem): No consumers. Aborting..
[ 703.260816] [ 703.260816] (CPU:5-pid:11284:wk:device_rest) [23:45:50.374447963] microdump_modem_notifier_nb: do_ramdump() failed
So there is something about modem not initialized when it ramdumps. Hopefully this happens only in my experiments, not in real life.
Let’s make that wait script into its own, say /usr/bin/droid/wait_for_linkerconfig.sh
Here is the result:
Now to the logs: the “with mounted APEX modules info” is 5 seconds apart. This might add 5 seconds to the entire boot process (passphrase entry is around 25s).
An idea would be to remove a previous patch that enabled mount of linkerconfig change…
These are the changes that enable community encryption for this device. You still have to install sailfish-device-encryption-community-droid
manually for now, I need to test them at initial installation