Livecasting porting notes for Zenfone 8

vlagged · 8 May 2023 21:01

Day 15, Season 2

What should I do next? Possiblities are

investigate video recording
investigate wifi power usage.
test fresh installation from zip file
investigate init patching to not switch linkerconfig mounts anymore, maybe 5s are gained at boot time

Let’s tinker a bit with video recording.
If you remenber, there was an error “> E Codec2Buffer: GraphicMetadataBuffer does not work on 64-bit arch” that I saw about 10 days ago.

I also said “Jolla camera links to something which includes this 64-bit code.”

Well that something has to be gstreamer droid plugin. A quick strings on /usr/lib64/libgstdroid-1.0.so.1.0.0 shows libdroidmedia, but how is it loaded? (ldd doesn’t work since this is not linked in, as it is an Android library, probably bionic.)

Maybe retrace how droidmedia includes Codec2Buffer, which is in “frameworks/av/media/codec2/sfplugin” ?

Partial drill-down:
external/droidmedia/Android.mk declares for “LOCAL_MODULE := libdroidmedia” dependencies like “libmedia_codeclist” (A11+) or “libmedia_omx” (A9+) or just “libmedia”. This is just me picking stuff by intuition.
frameworks/av/media/libmedia/Android.bp declares “libmedia” as one (of the) cc_library, “libmedia_omx” as one of cc_library_shared (wait the former is not shared?). Also “libmedia_codeclist”.

Drill-“up”:
frameworks/av/media/codec2/sfplugin/Android.bp includes Codec2Buffer.cpp in its build, for cc_library_shared { name: "libsfplugin_ccodec" }.
Find in files inside frameworks/av/media reveals ./libstagefright/Android.bp needing libsfplugin_ccodec for building cc_library { name: "libstagefright" }
I look again at droidmedia and it is indeed using “libstagefright”.

So the dependency is gst-droid(libc) → droidmedia(bionic) → libstagefright → libsfplugin_ccodec
Somewhere across these lines, the code needs to switch from 64-bit to 32 bit, OR it shouldn’t touch libsfplugin_ccodec?

Looking through the Waydroid camera recording “for later study” from three days ago, I do see exactly one reference in that log to “Codec2Buffer”

Codec2Buffer: VideoNativeMetadata contains null buffer

My logcat from Day 4 does not have that line though.
Guess which function has that message above. The same one that has no 64-bit implementation.
Fun fact? it does have 64-bit code in the next android version.

The code is introduced in two commits: one that says “Look, devices that have 64-bit and 64-bit ONLY work.” and the second that says “Well, it works on 32/64 too if you want to set this debug flag to be non-0”. The debug flag is introduced as -1 in a commit I do have on Lineage 18.1
So there is a tiny possibility that I can cherry pick the above two commits. That is, if that “setprop debug.stagefright.c2inputsurface -1” would work.
But… why does it work in Waydroid?

(Mental note: mediaserver process is running, and it should not. I need to add it as override/disabled in disabled_services.rc
In itself, stopping it doesn’t fix the recording problem but still, one process less.)

Waydroid seems to also have a slew of patches, some of them for frameworks/av
Some are “rebase from API 30”, some are “new media stack”. Nothing related to that Codec2Buffer stuff, but maybe some other code path is used.

Looking at the hybris patches for frameworks/av too.
There is the 0002 one that draws my attention: first, because it is related to 32 bit. Second, because I know it fixed video recording on my previous port:) And lastly, because the code is in an #else that follows the #ifndef OMX_ANDROID_COMPILE_AS_32BIT_ON_64BIT_PLATFORMS.

What is curious about that is that OMX_ANDROID_COMPILE_AS_32BIT_ON_64BIT_PLATFORMS is defined above, in the same cpp file, when __LP64__ is. So why wouldn’t it NOT be defined at any point? (that is, for 64-bit machines it should always be, right?)

Also, what’s this build warning every time I call soong (meaning: I build something in HA_BUILD env)?

hardware/qcom-caf/sm8350/audio/configs/lahaina/lahaina.mk:422: warning: “Enabling codec2.0 SW only for non-generic odm build variant”

(This looks benign though, “Rank OMX SW codecs lower than OMX HW codecs”)

About that define. Let’s double-check that the LP64 flag is indeed set.
There is a compiler flag for outputing preprocessor definitions: Clang command line argument reference — Clang 17.0.0git documentation
I add -E and -dM to a small project - let’s use yesterday’s hwcrypt - into its .bp (soong blueprint) file.
The make now gives an error (because preprocessor output is instead of object code) and kindof gets me hunting to where the output is, I find it five minutes later in the last corner of the build, namely “out/soong/.intermediates/hybris/mw/hwcrypt/hwcrypt/android_arm64_armv8-2a/obj/hybris/mw/hwcryp/main.o”
And yes, LP64 is 1

Back to reading logs: waydroid vs host - the SFOS recording calls into QC2Comp/QC2Interface which I believe are “QCOM” “Codec2”. The waydroid does not. Also, there are messages from the service like vendor.qti.media.c2@1.0-service: missing struct descriptor (…)
While searching for errors related to QC2Interface I found a message about a drone that doesnt’ record video. That and then people complain about pixel 2 working but pixel 3a not.
Hmm, wasn’t pixel 3a a device with halium port? It may mean they also use this QC2 stuff.
I find at least two possible leads:

Changes in media_codecs_c2.xml
a setprop debug.stagefright.ccodec 0 in a .rc file

Just adding that setprop and rebooting (checking it is still 0) and recording doesn’t work. Log and process analysis for future me: Ubuntu Pastebin
Oh well, the quick trick didn’d do it, we’re in for the long one;)

vlagged · 9 May 2023 20:07

Day 16, Season 2

Thermal spam in logcat. Cannot read thermal_zone84

05-08 21:27:04.439  6225  6308 I android.hardware.thermal@2.0-service.qti: uevent triggered for sensor: camera-therm-usr
05-08 21:27:04.462  6225  6308 E android.hardware.thermal@2.0-service.qti: read error:0. buf:libudev ����(   (   �   N�e�            ACTION=change DEVPATH=/devices/virtual/thermal/thermal_zone84 SUBSYSTEM=thermal NAME=camera-therm-usr TEMP=28681 TRIP=0 EVENT=0 SEQNUM=11677 USEC_INITIALIZED=9018961 androidboot.bootdevice=1d84000.ufshc

EV_ER_Y SE_CO_ND.

And journal:

droid-hal-init: processing action (vendor.asus.virtualtherm=*) from (/vendor/etc/init/init.asus.rc:89)

/vendor/etc/init/init.asus.rc has just:

on property:vendor.asus.virtualtherm=*
    # Thermal               
    write /sys/class/asuslib/virtual_thermal ${vendor.asus.virtualtherm}

Wonder who’s setting that property.
Hmm # cat /sys/devices/virtual/thermal/thermal_zone*/config | grep polling shows that 84 is the only zone with polling_delay 1000, the rest have 0. And that is set through a dtsi file.

I wonder if I should just remove it since a the camera thermal sensor is only ever useful for video recording :))

Hmm wifi tethering does not actually work. The DNS does not respond, otherwise routing seems ok.
Created /var/lib/environment/connman/10-debug.conf with contents:

CONNMAN_ARGS=-d

Nevermind. It works if I systemctl stop dnsmasq. Let’s mask that.

Created symlink /etc/systemd/system/dnsmasq.service → /dev/null.

…back to video recording

[vlad@vlinux hadk]$ find out -iname libdroidmedia.so
out/target/product/sake/obj_arm/SHARED_LIBRARIES/libdroidmedia_intermediates/libdroidmedia.so
out/target/product/sake/obj_arm/SHARED_LIBRARIES/libdroidmedia_intermediates/LINKED/libdroidmedia.so
out/target/product/sake/system/lib/libdroidmedia.so
out/target/product/sake/system/lib64/libdroidmedia.so
out/target/product/sake/symbols/system/lib/libdroidmedia.so
out/target/product/sake/symbols/system/lib64/libdroidmedia.so
out/target/product/sake/obj/SHARED_LIBRARIES/libdroidmedia_intermediates/libdroidmedia.so
out/target/product/sake/obj/SHARED_LIBRARIES/libdroidmedia_intermediates/LINKED/libdroidmedia.so
[vlad@vlinux hadk]$ find out -iname libdroidmedia.so -exec rm {} \;

Let’s build 32-bit droidmedia.
The Android bits already have both 64 and 32.
There are two places where this makes the rpm to deliver: One in droid-hal-device script and another one in droidmedia spec

Ok, built, scp’d, installed, now everyone and his dog complains:

systemd-ask-password-gui[5822]: libminisf is incompatible or missing. Can not possibly start the SurfaceFlinger service. If you’re experiencing troubles with media try updating droidmedia (and/or this plugin).library “libgralloctypes.so” not found
May 09 02:47:53 Zenfone8 dbus-daemon[9037]: library “libdroidmedia.so” not found

I don’t get that dbus-daemon reference. Maybe I should have rebuilt gst-droid too? But I don’t get how it loads the library.
And it now comes from adaptation-common, so I am not expected to build it.

Switching to frameworks/av:

av $ git remote -v
github  https://github.com/LineageOS/android_frameworks_av (fetch)
github  https://github.com/LineageOS/android_frameworks_av (push)
av $ git fetch origin lineage-19.1
av $ git cherry-pick a222c0b28d5694e69cfd51b4758b30248799e39e
av $ git cherry-pick 731e914f4945dc65e9d872f3303a6c21388fcf36
[HABUILD_SDK]$ TEMPORARY_DISABLE_PATH_RESTRICTIONS=true make -j$(nproc --all) hybris-hal libui_compat_layer

Followed by building all droid-hal packages, and osc add them to OBS.
Then zypper ref adaptation-community; zypper up -r adaptation-community

File /usr/libexec/droid-hybris/system/bin/hwcrypt
from install of
droid-hal-sake-0.0.6-202305090849.aarch64 (adaptation-community)
conflicts with file from package
droid-hwcrypt-1.0.0+master.20230504210118.64e34ab-202305042103.aarch64 (@System)

Hmm… this means that the droid-hal build automatically picks up the hwcrypt binary and packages it, while I also have the droid-hwcrypt package exactly for that. This would get me in trouble when building the installable zip, but now I can answer “y” to overwrite that binary.

Reboot. telnet and # setprop debug.stagefright.c2inputsurface -1.
Starting camera, recording video… Stop.
And IT SAVES the video!

Looks a bit pixelated when changing the exposure, seems to miss a beat at the beginning a couple more at the end, but it does the job, has audio, works with all three cameras :wohooo:

Pushing patches for further reference.
Now I need to make that setprop automatically at boot. I will “temporarily” use droid-misc.sh for that…

And maybe limit the recording resolution for the jolla-camera. But I need further testing vs advanced camera, to see if it helps with quality. Or just blame it on missing Camera2 API
The videos do not appear in Gallery. I need to find out the codec used, their playback is also not … optimal, sometimes frames are missed when decoding?

Camera recording
yes, needs tweaking

fingus · 10 May 2023 08:29

If someone would assist me with a xz1 compact port i would helpf if i can (flashing, testing…etc). I would sacrify my xz1 compact for this.

pansen-jim · 11 May 2023 13:27

To be sure that I don’t miss anything, I’ll post the whole output of df after adb shell:

ASUS_I006D:/ $ df
Filesystem        1K-blocks    Used Available Use% Mounted on
/dev/block/dm-6     3656424 3645432         0 100% /
tmpfs               3698692    1916   3696776   1% /dev
tmpfs               3698692       0   3698692   0% /mnt
/dev/block/dm-7      375584  374424         0 100% /system_ext
/dev/block/dm-8     1675748 1670708         0 100% /product
/dev/block/dm-9     1280752 1276880         0 100% /vendor
/dev/block/dm-10       1136    1132         0 100% /odm
tmpfs               3699204      32   3699172   1% /apex
/dev/block/sda9      380888   43320    329704  12% /asdf
/dev/block/dm-41  113090380 2868936 110090372   3% /data
/dev/block/loop7     110608  110576         0 100% /apex/com.android.vndk.v30@1
/dev/block/loop8       7920    7884         0 100% /apex/com.android.runtime@1
/dev/block/loop6       3908    3880         0 100% /apex/com.android.resolv@331011050
/dev/block/loop5        232     116       112  51% /apex/com.android.scheduling@330443040
/dev/block/loop9      36936   36904         0 100% /apex/com.android.i18n@1
/dev/block/loop10      1624    1596         0 100% /apex/com.google.mainline.primary.libs@331058000
/dev/block/loop11      3392    3360         0 100% /apex/com.android.appsearch@331011020
/dev/block/loop12      1872    1844         0 100% /apex/com.android.os.statsd@331010010
/dev/block/loop14     52616   52584         0 100% /apex/com.android.vndk.v33@1
/dev/block/loop13      5840    5812         0 100% /apex/com.android.media@331012020
/dev/block/loop16      5820    5792         0 100% /apex/com.android.extservices@331012020
/dev/block/loop15      8536    8504         0 100% /apex/com.android.mediaprovider@331011070
/dev/block/loop17       792     764        12  99% /apex/com.android.tzdata@331012040
/dev/block/loop18      4792    4764         0 100% /apex/com.android.conscrypt@331011010
/dev/block/loop20     19168   19140         0 100% /apex/com.android.media.swcodec@331012020
/dev/block/loop19      6492    6460         0 100% /apex/com.android.adbd@331011042
/dev/block/loop22      7384    7352         0 100% /apex/com.android.neuralnetworks@330443030
/dev/block/loop24       244     212        28  89% /apex/com.android.adservices@330442000
/dev/block/loop23     40352   40324         0 100% /apex/com.android.vndk.v31@1
/dev/block/loop21     13964   13936         0 100% /apex/com.android.cellbroadcast@331013010
/dev/block/loop28     50904   50868         0 100% /apex/com.android.art@331012050
/dev/block/loop25     40468   40440         0 100% /apex/com.android.vndk.v32@1
/dev/block/loop26       704     676        16  98% /apex/com.android.sdkext@330810050
/dev/block/loop27     16372   16344         0 100% /apex/com.android.permission@331019040
/dev/block/loop29       752     724        16  98% /apex/com.android.ipsec@331014020
/dev/block/loop30      8208    8176         0 100% /apex/com.android.tethering@331012080
/dev/block/loop32       232      96       132  43% /apex/com.android.apex.cts.shim@1
/dev/block/loop31       232      88       140  39% /apex/com.android.ondevicepersonalization@330442000
/dev/block/dm-34       8372    8340         0 100% /apex/com.android.wifi@339990000
/dev/block/dm-25       2880    2852         0 100% /apex/com.android.uwb@339990000
/dev/fuse         113090380 2868936 110090372   3% /storage/emulated

Is that the information needed or can I deliver something else?

poetaster · 11 May 2023 17:06

Yeah! It saves the video! We’re such simple folk I was just overjoyed shift left and shift right worked again. Ah, long day

fingus · 11 May 2023 18:04

God save the Video!

vlagged · 11 May 2023 22:38

I got 8Gb / 256Gb device and 1K-blocks

/dev/sda23           238051148  17246800 220804348   7% /data

Yours is in 1K-blocks

/dev/block/dm-41  113090380 2868936 110090372   3% /data

So yes, this is the info I was looking for. The 1k blocks means 113090380 / 1024 ~= 110440 MB
The home encryption file is set to size_mb=86016 so there are some 24GB left for root.
I think I should increase the encrypted home size, since I now notice that it doesn’t preallocate the space (maybe it’s like a sparse file, but I’m too lazy to install bash to check. Also I was to lazy to find the resize command for that, but I will be the first one needing it)

vlagged · 11 May 2023 22:51

@fingus you could start with trying to build AOSP from sony (the supported devices lists XZ1c as Android 8 to 11, kernel 4.4 to 4.14 if I read that correctly, so you have many choices).
See if you can boot AOSP with it. If you can, you can hit the #sailfishos-porters through IRC, matrix bridge or Telegram bridge and start asking for pointers on the next HADK steps.
50% of the job will be to boot hybris-boot.img (or hybris-recovery) and get telnet, and 50% to get to the GUI. The remaining 100% percent will be a joy after that… Really there’s no shortcut, and I’m afraid I won’t touch another device soon (and it may not be XZc even if so)

vlagged · 11 May 2023 22:53

To be more correct, it saved the video before too. The hard part was to have more than 0 bytes in it

vlagged · 11 May 2023 23:51

Day 17, Season 2

jolla-camera-hw.txt

[apps/jolla-camera]
backCameraLabels=['1x', '0.5']
maxVideoResolution='2048x1080'

Fingerprint…
device/asus/sake/fod/FingerprintInscreen.cpp says

Return<int32_t> FingerprintInscreen::getPositionX() {
    return 435;
}

Return<int32_t> FingerprintInscreen::getPositionY() {
    return 1631;    
}

Following instructions from GitHub - sailfishos-open/sailfish-fpd-community: Sailfish OS fingerprint support

This is my previous fork from sailfish-open that had some hacks to work with the Mi Note 10.

git clone https://github.com/b100dian/sailfish-fpd-community.git hybris/mw/sailfish-fpd-community
[HABUILD_SDK]$ make libbiometry_fp_api

Then

git clone https://github.com/erfanoabdi/fake_crypt.git external/fake_crypt
[HABUILD_SDK]$ make fake_crypt

Which fails:

external/fake_crypt/Keymaster4.h:27:10: fatal error: ‘keymasterV4_0/Keymaster.h’ file not found
#include <keymasterV4_0/Keymaster.h>

A quick find shows hardware/interfaces/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h
So 4.0 becomes → 4.1
That could be a quick change…

However, the build still fails (not finding keymasterV4_1/Keymaster.h). And it still contains this include -Ihardware/interfaces/keymaster/4.0/support/include line.

Hmm… Let’s proceed without it since I have a keymaster service, maybe fake_keymaster is not needed.

[PlatformSDK]$ hybris/mw/sailfish-fpd-community/rpm/copy-hal.sh
droid-biometry-fp-0.0.0/out/target/product/sake/system/lib64/libbiometry_fp_api.so
[PlatformSDK]$ rpm/dhd/helpers/build_packages.sh --build=hybris/mw/sailfish-fpd-community --spec=rpm/droid-biometry-fp.spec --do-not-install

The ‘–do-not-install’ option is not needed anymore and is currently ignored

Building rpm/droid-biometry-fp.spec
Setting version: 1.1.2+lineage.18.1.20230510180255.25842be
error: Unable to open /mnt/datas/sake/hadk/hybris/mw/sailfish-fpd-community/.mb2/spec: No such file or directory
error: query of specfile /mnt/datas/sake/hadk/hybris/mw/sailfish-fpd-community/.mb2/spec failed, can’t parse
Check /mnt/datas/sake/hadk/hybris/mw/sailfish-fpd-community.log for full log.

That log has the same contents. That .mb2/spec file exists though.
Hmm… that error goes away by just exiting and re-entering sfossdk. Stale something…?

The package goes directly to OBS’s droid-hal-device, as do all packages of Android bits:

[PlatformSDK]$ cp droid-local-repo/sake/droid-biometry-fp-1.1.2+lineage.18.1.20230510180255.25842be-202305101841.aarch64.rpm ~/osc/nemo\:devel\:hw\:asus\:sake/droid-hal-sake/
[PlatformSDK]$ cd ~/osc
[PlatformSDK]$ osc add droid-biometry-fp-1.1.2+lineage.18.1.20230510180255.25842be-202305101841.aarch64.rpm 
[PlatformSDK]$ osc commit

The other two packages I copy their definitions from my previous port:

[PlatformSDK]$ osc copypac nemo\:devel\:hw\:xiaomi\:tucana/sailfish-fpd-community-test nemo\:devel\:hw\:asus\:sake/
[PlatformSDK]$ osc copypac nemo\:devel\:hw\:xiaomi\:tucana/sailfish-fpd-community nemo\:devel\:hw\:asus\:sake/

Ok, now zypper them in.

sailfish-fpd-community[25580]: library "android.hardware.biometrics.fingerprint@2.1.so" not found

Hmm… that was available at compile time and now it is not?

Detour:

Testing zip install

Let’s take a break and test a zip file. Reboot, hold power-up.

$ sudo fastboot boot twrp-3.7.0_12-0-I006D.img
Sending 'boot.img' (98304 KB)

Seems locked. “Restart bootloader”
Same “result” the 2nd and 3rd time.

Changing cable… (to the original one) and it works. Maybe just luck.
Actually it does not, it is stuck at ASUS logo.
Hold Power + Vol Dn, on logo dissapearence - hold Vol Up. Again. Stuck at logo.

Let’s try previous TWRP.
$ sudo fastboot boot twrp-3.6.1_11-0-I006D.img
This one is stuck at another logo:) The charging one.
Let’s try a second time. Asus logo. Stuck.

Third cable, the Xiaomi one I flashed A11 with.
$ sudo fastboot boot twrp-3.7.0_12-0-I006D.img
Stuck at Asus logo.
$ sudo fastboot boot twrp-3.6.1_11-0-I006D.img
Stuck at the charging logo

This might not be a cable issue only, after all.
Booting normally actually ends up in battery charging mode of sailfishos too:)
I use the “occasion” to issue /usr/libexec/droid-hybris/system/bin/bootctl commands to mark boot successful and switch slots, from 1 to 0
I expect a ramdump on reboot since in this state I think the modem driver will be upset.
And ramdump it is. Unfortunately no logs, as I was using journalctl and that was probably cut off earlier than dmesg is.

Darn. Let’s flash twrp

$ sudo fastboot flash boot twrp-3.7.0_12-0-I006D.img 
Sending 'boot_a' (98304 KB)                        OKAY [  3.359s]
Writing 'boot_a'                                   OKAY [  0.196s]

No it doesn’t start. Not even by selecting “Recovery mode”
There must be something about the device that I changed… some other thing.

Let’s flash Lineage boot. (Danger! I remember if I don’t get this right it may while my /data)
Using “Recovery mode” AND holding VolDn just to be shure - it boots. Whew
Pusing “adb shell push sailfishos-sake-release-4.5.0.19-alpha2.zip /data”
But I can’t find what to do with it.
As much as I grep sources from lineage recovery, I don’t understand how to use the zip file which has an “udpater-script.sh”
(android_bootable_recovery/updater.h at lineage-18.1 · LineageOS/android_bootable_recovery · GitHub)
Actually, it does look as it is used in an updater_main.cpp that is in a an executable module named ‘updater’, but that binary is not in path, so maybe it was not compiled in.
So the only thing I can test if it can unzip and untar. And that works, thankfully, so if I boot twrp…

Manual installation instruction written Sailfish on Zenfone 8 · GitHub

/end detour

Back to that fpd error. “android.hardware.biometrics.fingerprint@2.1.so” not found.
Let’s grep the filenames on device:

# find / -type f -iname android.hardware.biometrics\*
/apex/com.android.vndk.v30/lib64/android.hardware.biometrics.face@1.0.so
/apex/com.android.vndk.v30/lib64/android.hardware.biometrics.fingerprint@2.1.so
/apex/com.android.vndk.v30/lib64/android.hardware.biometrics.fingerprint@2.2.so
/apex/com.android.vndk.v30/lib/android.hardware.biometrics.face@1.0.so
/apex/com.android.vndk.v30/lib/android.hardware.biometrics.fingerprint@2.1.so
/apex/com.android.vndk.v30/lib/android.hardware.biometrics.fingerprint@2.2.so
/apex/com.android.vndk.v30@1/lib64/android.hardware.biometrics.face@1.0.so
/apex/com.android.vndk.v30@1/lib64/android.hardware.biometrics.fingerprint@2.1.so
/apex/com.android.vndk.v30@1/lib64/android.hardware.biometrics.fingerprint@2.2.so
/apex/com.android.vndk.v30@1/lib/android.hardware.biometrics.face@1.0.so
/apex/com.android.vndk.v30@1/lib/android.hardware.biometrics.fingerprint@2.1.so
/apex/com.android.vndk.v30@1/lib/android.hardware.biometrics.fingerprint@2.2.so
/vendor/etc/init/android.hardware.biometrics.fingerprint@2.1-service.rc
/vendor/etc/vintf/manifest/android.hardware.biometrics.fingerprint@2.1-service.xml
/vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service

So it seems it uses 2.1 version services, but also has 2.1 and 2.2 libraries.
Let’s link one of the 2.1 ones to /odm/lib64:

# ln -s /apex/com.android.vndk.v30/lib64/android.hardware.biometrics.fingerprint@2.1.so /odm/lib64/
# systemctl restart sailfish-fpd-community

library “android.hardware.biometrics.fingerprint@2.1.so” needed or dlopened by “/usr/libexec/droid-hybris/system/lib64/libbiometry_fp_api.so” is not accessible for the namespace [name="(default)", ld_library_paths="/usr/libexec/droid-hybris/system/lib64:/vendor/lib64:/system/lib64:/odm/lib64", default_library_paths="/system/lib64:/system_ext/lib64", permitted_paths="/system/lib64/drm:/system/lib64/extractors:/system/lib64/hw:/system_ext/lib64:/system/framework:/system/app:/system/priv-app:/system_ext/framework:/system_ext/app:/system_ext/priv-app:/vendor/framework:/vendor/app:/vendor/priv-app:/system/vendor/framework:/system/vendor/app:/system/vendor/priv-app:/odm/framework:/odm/app:/odm/priv-app:/oem/app:/product/framework:/product/app:/product/priv-app:/data:/mnt/expand:/apex/com.android.runtime/lib64/bionic:/system/lib64/bootstrap"]

Ok, soft link doesn’t cut it.

# touch /odm/lib64/android.hardware.biometrics.fingerprint@2.1.so 
# mount -o ro,bind /apex/com.android.vndk.v30/lib64/android.hardware.biometrics.fingerprint@2.1.so /odm/lib64/android.hardware.biometrics.fingerprint@2.1.so
# systemctl restart sailfish-fpd-community

Adding the sake 435 and 1631 coordinates to /usr/share/sailfish-fpd-community-test/qml/pages/EnrollPage.qml

Rectangle {
        x: 435
        y: 1631
        width: 220
        height: 220
        radius: 220

(previous values were from Mi Note 10)

Then starting the test app with the white ~~circle~~ rectangle to give inscreen fingerprint a chance…

Error while starting to enroll: -1

05-11 21:44:39.185  5512  5517 E rpmb_ufs: Unable to open /dev/0:0:0:49476 (error no: 2)
05-11 21:44:39.186  5555  5555 E KeymasterUtils: rsp_header->status: -30

Maybe I need that fake_crypt package though.
I look at the compile error and at the Android.mk still had a reference to 4.0 by listing libkeymaster4support, instead of libkeymaster4_1support (as I’ve found out looking in hardware/interfaces/keymaster/4.1/support/Android.bp)

All in all, both were needed, plus some changes that were not needed actually… Comparing erfanoabdi:master...b100dian:keymaster41 · erfanoabdi/fake_crypt · GitHub

Built droid-fake-crypt, commit to OBS, zypper in…
Still fails to enroll, -1.

Journal:

May 12 02:29:48 Zenfone8 sailfish-fpd-community[12109]: void AndroidFP::enroll(uid_t) 100000
May 12 02:29:48 Zenfone8 systemd[1]: sailfish-fpd-community.service: Main process exited, code=killed, status=11/SEGV

Logcat continues to have

rpmb_ufs: Unable to open /dev/0:0:0:49476 # process is /vendor/bin/qseecomd
KeymasterUtils: rsp_header->status: -30 # process is /vendor/bin/hw/android.hardware.gatekeeper@1.0-service-qti

Great. Vendor services for which I don’t have sources.
qseecomd is one that I made dev/ufs-bsg available to, for rpmb-something errors, on day 29, before-GUI…

poetaster · 12 May 2023 07:57

Video killed the Radio Star. La lah, la lah, la lah.

vlagged · 12 May 2023 09:17

Thanks for reminding me, this thing has an FM radio (region dependent), I should look into that too

Seven.of.nine · 12 May 2023 09:51

Thanks for reminding me at the late 70’s! Oh, ohohoh -ooh

vlagged · 15 May 2023 21:18

Day 18, Season 2

Daily driving experience:
50% in the evening (18hours?), without wifi, of course.
Youtube displayed decoding errors in the bottom part of video - this was because I uninstalled gecko-camera-droid-module for some tests.
I re-install it, the decoding is fine now visually - but the stream is interrupted often, reloads, and at Nth interruption youtube displays an error which is very hard to escape from in fullscreen mode - TODO reproduce, but it was a null inside some browser js file.
The bluetooth pods need manual volume control to be useable.
The screen does not seem to turn off by itself although it is set to sleep after 30 seconds.
I really like the size! But the punch hole is sometimes exactly where you have to click… e.g. in Angelfish when you press back.

That youtube error:

gecko-camera[30338]: droid-codec error:774 – Hardware error 4
JavaScript error: resource://gre/actors/AudioPlaybackParent.jsm, line 19: TypeError: browser is null

There is definitely something wrong about video playback. I don’t seem to be able to finish playing back videos from my own camera, or even quickddit ones.
Something to look into next…

Back to qseecomd that seems to prevent fingerpring enroll:
On day 29 I linked /dev/bsg/ufs0 from /dev/ufs0 so qseecomd finds it and doesn’t bring the system down.
Now it says it doesn’t find /dev/0:0:0:49476 but guess where that is… it’s in /dev/bsg/0:0:0:49476 of course.
I could make one more link (would that number change?) or just… find the cause!

There is also this boot cmdline appended by either vendor or the bootloader: androidboot.fused.norpmb=1

But regardless, looking through the same strings /vendor/lib64/librpmb.so where I found that /dev/ufs0 link, I also find the exact /dev/0:0:0:49476 reference which is as static as can be, burned inside an executable.
There is also reference to /system/etc/rpmb_sec_parti.cfg, a file that I (so nor did Lineage) have.

I need to remember how to mount super.img partitions on my host to inspect if that file is in asus system.img
But let’s try that device “temporarily”:

# ln -s /dev/bsg/0\:0\:0\:49476  /dev/0\:0\:0\:49476

Logcat:

19:44:05.452  5503  5509 E rpmb_ufs: SCSI error occurred!!
19:44:05.452  5503  5509 E rpmb_ufs: ----------------------------------------------------
19:44:05.453  5503  5509 E rpmb_ufs: scsi_bsg_ioctl: Error from sg_io info (check sg info: device_status: 0x2, transport_status: 0x0, driver_status: 0x8, Sense Key code: 0x6)
19:44:05.453  5503  5509 E rpmb_ufs: ----------------------------------------------------
19:44:05.453  5503  5509 E rpmb_ufs: rpmb_ufs_read: Error sending SPO through scsi_bsg_ioctl (return value: -11, error no: 2, iter: 0, retries remain 3)
19:44:05.453  5503  5509 E rpmb_ufs: scsi_bsg_ioctl: Error from sg_io ioctl (return value: -1, error no: 25)
19:44:05.453  5503  5509 E rpmb_ufs: rpmb_ufs_read: Error sending SPO through scsi_bsg_ioctl (return value: -1, error no: 25, iter: 0, retries remain 2)
19:44:05.453  5503  5509 E rpmb_ufs: scsi_bsg_ioctl: Error from sg_io ioctl (return value: -1, error no: 25)
19:44:05.453  5503  5509 E rpmb_ufs: rpmb_ufs_read: Error sending SPO through scsi_bsg_ioctl (return value: -1, error no: 25, iter: 0, retries remain 1)
19:44:05.458  5545  5545 E KeymasterUtils: rsp_header->status: -30
19:44:06.239    19    19 I (CPU    : 2-pid:16365:sailfish-fpd-co) [19:44:05.459836689] Core dump to |/usr/sbin/rich-core-dumper disabled

Wow, a SCSI error :-S

Let’s “restart” qseecomd. Since it doesn’t respond to setprop crl.stop qseecomd, I just kill it and is back again.
Error while staring to enroll: 3 wohoo, NEW ERROR!

05-12 19:49:58.345 6662 7996 D [GF_HAL][CustomizedFingerprintCore]: [notifyAcquiredInfo] transfer acquired info: 1001 to customized: 1010.

This sounds very familiar. I have my Mi Note 10 notes on this: it was the same message, but with “1002 to customized: 1022”.
I don’t have debug messagess enabled in droid-biometry, let’s enable that.

Then android make it, and SDK package it…

[HABUILD_SDK]$ make libbiometry_fp_api
[PlatformSDK]$ hybris/mw/sailfish-fpd-community/rpm/copy-hal.sh
[PlatformSDK]$ rpm/dhd/helpers/build_packages.sh --build=hybris/mw/sailfish-fpd-community --spec=rpm/droid-biometry-fp.spec

Looking at logcat while starting enroll:
The process /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service opens /dev/goodix_fp

Stracing it, and looking at dependencies:

Interesting strings /vendor/lib64/hw/fingerprint.default.so

/home/gilbert/g6/delmar/customized/goodix/delmar_public_standard/fingerprint.default/fingerprint.cpp
[%s] CUSTOMIZED_FINGERPRINT_CMD_FINGER_DOWN.
[%s] CUSTOMIZED_FINGERPRINT_CMD_FINGER_UP.

Interesting strings /vendor/lib64/libgf_hal.so

(lots of csv patterns to dump data like `%s/%s/%s_sensor%d_iq-rawdata.csv`) (lots of config stuff like "support-anti-peep=%d") > [%s] GOODIX_FP_PACK : %s Vendor ID = %d > vendor.goodix.disable.study > vendor.gf.debug.dump_data > /proc/driver/fp_xy > /vendor/firmware > /system/etc/firmware > /firmware/image > /vendor/firmware_mnt/image > goodixfp64 > keymaster64 > [%s] Don't dump anything for GF_ERROR_TOO_FAST > [%s] Don't dump anything for GF_ERROR_SPI_RAW_DATA_CRC_FAILED > vendor.goodix.debug.dump_talog_data > /data/vendor/goodix/gf_data/ta_log > /data/algo-params-log.txt > /data/algo-log-aut.txt > /data/mem-log.txt > vendor.goodix.debug.write_talog_data > /gf_data/kb_calibration/ > vendor.debug.pre_dump_rawdata > /gf_data/encrypted_data/ > /data/gf_etc/ > gf_sensors.conf > /data/vendor/goodix/fpdata/ >

This one is also interesting

enrollTimerThread postEnroll vendor.goodix.sensor.status [%s] fp property_set 2 onEnrollError [%s] gid=%d, fid=%d, remaining=%d. notifyEnrollProgress [%s] fp property_set 1 onAuthRequested [%s] Authenticate. authenticate [%s] Auth Down. onAuthDownEvt

And a bunch of other constants

GF_SUCCESS GF_ERROR_BASE GF_ERROR_OUT_OF_MEMORY GF_ERROR_OPEN_TA_FAILED GF_ERROR_MODULE_NOT_INITED GF_ERROR_BAD_PARAMS GF_ERROR_NO_SPACE GF_ERROR_MEMORY_COPY_FAILED GF_ERROR_REACH_FINGERS_UPLIMIT GF_ERROR_NOT_MATCH GF_ERROR_CANCELED GF_ERROR_TIMEOUT GF_ERROR_PREPROCESS_FAILED GF_ERROR_GENERIC GF_ERROR_ACQUIRED_PARTIAL GF_ERROR_ACQUIRED_IMAGER_DIRTY GF_ERROR_DUPLICATE_FINGER GF_ERROR_OPEN_DEVICE_FAILED GF_ERROR_HAL_GENERAL_ERROR GF_ERROR_HAL_FILE_DESCRIPTION_NULL

Also, searching github for
I found this: Goodix_Fingerprint/gf_fingerprint.h at a03453905b3d1514a4b89b68af4ac4b6cd44c26a · lbule/Goodix_Fingerprint · GitHub

typedef enum gf_fingerprint_acquired_info {
    GF_FINGERPRINT_ACQUIRED_GOOD = 0,
    GF_FINGERPRINT_ACQUIRED_PARTIAL = 1,
    GF_FINGERPRINT_ACQUIRED_INSUFFICIENT = 2,
    GF_FINGERPRINT_ACQUIRED_IMAGER_DIRTY = 3,
    GF_FINGERPRINT_ACQUIRED_TOO_SLOW = 4,
    GF_FINGERPRINT_ACQUIRED_TOO_FAST = 5,
    GF_FINGERPRINT_ACQUIRED_VENDOR_BASE = 1000,
    GF_FINGERPRINT_ACQUIRED_WAIT_FINGER_INPUT = 1001,
    GF_FINGERPRINT_ACQUIRED_FINGER_DOWN = 1002,
    GF_FINGERPRINT_ACQUIRED_FINGER_UP = 1003,
    GF_FINGERPRINT_ACQUIRED_INPUT_TOO_LONG = 1004,
    GF_FINGERPRINT_ACQUIRED_DUPLICATE_AREA = 1005,
    GF_FINGERPRINT_ACQUIRED_DUPLICATE_FINGER = 1006
}

So 1001 is “wait finger input”, but 1001 to customized: 1010
1002 is “finger down”, but 1002 to customized: 1001
I think 1003 (“finger up”) will be 1002

Keying the above numbers in. make libbiometry_fp_api, packaging rpm, scp-ing.

Nope. The events are not “just sent” when I touch the screen in enroll mode, as they were on my previous Xiaomi.
You see, Lineage probably manually calls FingerprintInscreen::onPress and onRelease from the FOD GUI.
On Xiaomi, I was able to deduce that the fingerprint driver is doing that already, and I had to just redirect the vendor codes to their respective lineage implementations.

Here, I will have to do this myself. Which is a problem, since I do not have a GUI for fingerprint:

sailfish-fpd-community-test is hackable
sailfish homescreen less so

Maybe listening directly to the touchscreen events, but needs more debugging to see that at least manually it would work…

poetaster · 16 May 2023 11:32

I’ve been trying to figure that out for ages. If you launch my moremahjong in a terminal, you’ll also see that error.
EDIT: JavaScript error: resource://gre/actors/AudioPlaybackParent.jsm

But, just checked now and on 4.4.0.72 it’s not apparent anymore. Nor on 4.5.0.19.

multispeedlurker · 17 May 2023 04:29

This is all so exciting that I have now created an account for the forum to not only passively read along. I have a ZF8 (8/128) here that I bought with Android 13. Using the flash scripts provided on the Asus site (for those who want to get out of the beta program for new Android versions), I downgraded it first to A12 and then to A11.

Now I’m still hesitating whether to risk unlocking it…

Do you need any more information about the “small” model?

nasi · 17 May 2023 08:48

I now also had the time to try some stuff with my Zenfone 8.
It also arrived with Android 13 but I couldn’t manage to downgrade so far. I think there is something wrong with fastboot, I will try to use another computer. When using the downgrade-script I just receive the message “get hwid failed”. — EDIT: I was in fastboot mode but phone must be in bootloader for it to work.

You have time to think about it. Unlocking is not possible at the moment - the app for unlocking needs to connect to ASUS’ servers which are currently offline due to maintenance.

multispeedlurker · 17 May 2023 09:05

Oops.

The worrisome part here is:

Please note that as per our HQ there’s a System Maintenance until the period on May 2, 2023, till further notice.
The Unlock app service is currently under maintenance, and the service will be suspended during the maintenance period.

May 2, 2023 is over by two weeks… I hope they’ll bring it up again. Let’s hope System Maintenance and Unlock App have different time lines and will be back soon.

Edit: maybe we should monitor this thread: https://zentalk.asus.com/t5/zenfone-8/when-will-the-unlock-device-app-work-again/td-p/368748

nasi · 17 May 2023 12:30

I found the reason: I put the phone in fastboot mode but you have to be only in the bootloader.
Starting the phone with Volume Up + Power button, wait until it says “Start” and leave it in this mode. Then the script works.

Installed version of adb+fastboot of my system doesn’t change anything since the downgrade script ships with it’s own fastboot.

multispeedlurker · 17 May 2023 14:10

So the downgrade worked? I am glad about that!

But on the other hand, I’m a bit bummed that my nice plan to work with this port on this phone for the next few years might fail due to Asus’ possible unwillingness to allow an unlock.