Xperia Tama port: 4.2.0.21 release

This is to announce 4.2.0.21 SFOS update for Xperia Tama devices: XZ2, XZ2c, and XZ3. Please read release notes and description below before update.

This release introduces support for encryption based on open source implementation. When compared to the official implementation, the open source implementation allows greater flexibility in used encryption passwords, including hardware assisted solutions. When using encryption, you are encouraged to use hardware keystore backed LUKS password which should greatly hinder brute-force attack attempts.

While OTA is possible from the earlier release, it is recommended to reflash the device to enable encryption from the start.

As storage configuration has been altered, note that it is highly recommended to have backup of the data that you have on device.

As always, early adopters please report how it went. For those wishing to be on the safer side, wait till more users would have a chance to test the release.

Edit: Note that after encrypting your device and setting up the system/software, it is recommended to make a copy of encryption recovery password and remove the copy from device. Use System Settings/Encryption (Community) for it.

Edit 26 Sept: bugfix for configs has been released. See Xperia Tama port: 4.2.0.21 release - #16 by rinigus for details.

@rinigus and all of you who committed to the Xperia Tama port: you are (not only) my heroes! Thank you!

Now I know what I will do this weekend …

update was fine for me… unfortunately my xz2c os not my daily driver atm, because the touchscreen is behaving weird (too much sensivity?). thanks anyways!

I have seen that occasionally (once in few months) on xz2c - but reboot has helped these times. sounds not like in your case.

before aarch64, it worked like a charm! it is not the ghost input, which happened once to me. when i try to write text, i get the letters 2 or 3 times. i guess input delay is a milisecond too long or cpu is too busy, it changes approx. every 10 or 20 seconds between normal behaviour and this impssible to write a text thing…

That type of hyper-sensitivity was exactly what I had on that few occasions. I think it happened early in AOSP10/aarch64 transition (xz2c is my development device).

As you have it sitting without use, try to flash AOSP9/arm32 based latest SFOS release and see if everything is OK there. If it is, try to flash Sony Stock Android and update to the latest version. Boot and try to use Android to check if there is no hyper-sensitivity there. Latest Stock Android should also get modem and maybe something else updated. Next, try SFOS/AOSP10/aarch64 again. Let’s see if you could reproduce the bug.

If it is still reproducible after Sony Stock Android reflash, I will ask if any of Sony AOSP devs can recall similar issue in AOSP10.

PS Before this extensive testing - I wonder if it is related to some issue that Jolla had with the screen initialization on Xperia 10 II. To overcome it they show splashscreen. I wonder, if you enable storage encryption whether that splash screen like interaction will help.

went to latest android before aarch64, like you advised. have there been any changes since your alpha release? may be i will give a reflah a try, but i think it is some tweak with the gouverneur you fixed locally on your device, which is not included in the ota…

All the changes should be there in the latest OTA as well. This includes updates to AOSP10 bits and zgovernor tweaks - I shouldn’t have anything specific locally as I check once in a while with reflash of dev device.

Reflashing went smoother than when i reflashed from AOSP9 to AOSP10. The flash script didn’t complain.

Its slightly annoying that you have to use one password to unencrypt the phone (yes you don’t do that often since its rock solid stable) and use a security code for all the other stuff but i can live with that.
Oh. And the unencrypt keyboard seems to have no haptic or aural feedback.

Will report back in case something is wrong.

Having different password for encryption from your PIN is just better for security. And indeed, may issue is that you use LUKS unlocking password rarely - so make sure you don’t forget it

As for keyboard without haptics and sound - yes, it is separate keyboard implemented specifically for that GUI only. It is not system keyboard that we use later when system is booted - no Maliit here. I am not sure I have even access to haptics and sounds at that boot stage.

Thank you very much for new update. All went smooth. But I have problem with MTP protocol. MTP connection do not work.

All my passwords are 123456 so i never forget any of them

If its a custom keyboard forget i even mentioned haptics.

@rinigus a possibly stupid question. If in the future sailfish os moves to systemd-homed (and alphanumeric passwords) can your encryption implementation of home be migrated to it?

I don’t know, there are just too many open questions with it. I have no idea whether systemd-homed is in pipeline for starters.

Now, the beauty in our implementation is the use of android keystore to generate LUKS password. In practice, it generates rather long password (see example at the bottom of https://github.com/sailfishos-open/hwcrypt). Which means that even your 123456 password has to be guessed on device. As guess frequency is limited to once in 3 seconds, it may take some time to break it.

I am sure systemd will not have android keystore backing, unless we add it. Don’t know how difficult it is, systemd devs haven’t done it properly for TPM yet either.

But, if we do move to systemd-homed, many parts can be reused. the password dialog that you get is implemented as systemd-ask-password responder, for example. then some scripts can be probably adjusted to pipe user reply through hwcrypt. But as for rest, I don’t know.

I have killed mtp support by accident, as I was sure it wasn’t working anyway. looks like I am wrong and it is possible to restore it as well.

Let me work a bit on config and then I just update configs at OBS for you to update them via zypper/pkcon

Bugfix has been released, available via simple

zypper ref
zypper up

as root. In addition to MTP, navigation pulse stream has been fixed (Navigation instructions doesn't play via bluetooth headphones (but phone speaker) - #5 by karry) as well as config changes from upstream have been pulled (forgot to do that before release).

For those using Presage-based predictive keyboard: please update to the latest release available via Chum. Jolla has changed internals of the keyboard in SFOS 4.2 and it required changes in open-source solution as well.

Thanks Rinigus for this upgrade! I updated by ota with no problems, it took about 15 mins. Everything seems fine…except when using usb tethering, connecting the cable usually causes a reboot. This happened also on sfos 4.1., xz2c. Maybe I can work round this by selecting usb default as ‘internet connection’ and attaching the cable before activating the hotspot? I’ll try later on…Edit: works ok if I attach cable before starting hotspot.

I struggle with flashing. So far, everything worked fine (unlocking, installing fastboot driver etc.) but:

PS C:\Users\joe\Downloads\SFOS42XZ3\Sailfish_OS-4.2.0.21-h9436-0.4.0.1> ./fastboot getvar current-slot
current-slot: a
Finished. Total time: 0.016s
PS C:\Users\joe\Downloads\SFOS42XZ3\Sailfish_OS-4.2.0.21-h9436-0.4.0.1> ./flash-on-windows.bat

This is a Windows flashing script for Sony Xperia 10 device.

Power on the device in fastboot mode, by doing the following:

1. Turn off your Xperia.
2. Connect one end of a USB cable to your PC.
3. While holding the volume up button pressed, connect the other end of
   the USB cable to your Xperia.
4. After this you should see the blue LED lit on Xperia, and it will be
   ready for flashing

Drücken Sie eine beliebige Taste . . .
Verifying MD5 checksums…
MD5SUM ‘b559b4467e1e0eb2d09241c139a573d7’ match for file ‘flash-on-windows.bat’.

Searching for a compatible device…

my XZ3 apparently is not found although it is found in the previous step. Any idea?

At some point there were issues with usb3 ports. No idea if it was fixed. Try a different usb port. That might help.