Hovatek Forum DEVELOPMENT Android How to deactivate AVB 1.0 in Oreo
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


How to deactivate AVB 1.0 in Oreo

How to deactivate AVB 1.0 in Oreo

Pages (3): 1 2 3 Next
vpolinov
vpolinov
vpolinov
Junior Member
23
20-05-2021, 06:20 PM
#1



In this thread:

https://www.hovatek.com/forum/thread-389...#pid213654

we've come to conclusion the reason for me not being able to flash magisk-patched boot.img is most probably the enforced AVB.
According to magisk patch log (file's attached), my device has AVB 1.0 activated. Let's hope this is a trustworthy information and my phone indeed uses AVB 1.0, not AVB 2.0.

I read this thread several times already: https://www.hovatek.com/forum/thread-32719.html
There is no 'verify' string in my stock boot.img.

Vbmeta partition does exist in my device but it is filled with all zeroes. Also, there is some info in i-net explaining that AVB 1.0 does not deploy vbmeta mechansm. And, finally, these lines from rawprogtam0.xml in my ROM also testify to the fact that is it useless to explore vbmeta since this partition is not supposed to be flashed when flashing stock ROM:

<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmeta" ...
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="vbmetabak" ...

So, in the nutshell, what options do I have to deactivate AVB 1.0?

P.S. As a reminder, bootloader is unlocked:

(bootloader) unlocked:yes
(bootloader) secure:yes
(bootloader) Verity mode: true
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: true
This post was last modified: 06-06-2021, 05:17 AM by vpolinov. Edit Reason: correcting errors
Attached Files
.txt
boot.014.patched.23.0.txt
Size: 4.09 KB / Downloads: 11
X3non
X3non
X3non
Recognized Contributor
22,062
21-05-2021, 11:37 AM
#2
(20-05-2021, 06:20 PM)vpolinov ...

is there a vbmeta.img within your stock firmware though? and if yes, zip and upload just the vbmeta alone then post the link here
This post was last modified: 21-05-2021, 11:38 AM by X3non.
vpolinov
vpolinov
vpolinov
Junior Member
23
21-05-2021, 06:26 PM
#3
No, there is no vbmeta.img in the stock ROM.
X3non
X3non
X3non
Recognized Contributor
22,062
22-05-2021, 12:20 PM
#4
(21-05-2021, 06:26 PM)vpolinov No, there is no vbmeta.img in the stock ROM.

see steps 1 - 11 @ https://www.hovatek.com/forum/thread-31475.html ; if you can load partition manager then check the list if vbmeta exists on the phone itself
vpolinov
vpolinov
vpolinov
Junior Member
23
22-05-2021, 04:16 PM
#5



(22-05-2021, 12:20 PM)X3non
(21-05-2021, 06:26 PM)vpolinov No, there is no vbmeta.img in the stock ROM.

see steps 1 - 11 @ https://www.hovatek.com/forum/thread-31475.html ; if you can load partition manager then check the list if vbmeta exists on the phone itself

I do know that vbmeta partition exists on the phone and it consists of ALL zeroes.

I tried to flash "empty" vbmeta from method 3 mentioned here: https://www.hovatek.com/forum/thread-32719.html but to no avail: flashing magisk-patched boot.img is still impossible.

I also tried to create vbmeta by using this command:

avbtool make_vbmeta_image --flags 2 --padding_size 4096 --output vbmeta_disabled.img

as mentioned here: https://wiki.postmarketos.org/index.php?...iew_mobile

and such vbmeta also did not help me in any way.

I think, it's a wide-known fact that devices with AVB 1.0 do not employ vbmeta tool. Only AVB 2.0 devices do it.

In inet one can find references to that AVB 1.0 is based on DM-verity mechanism built in somewhere in boot image...

Also, it is interesting that people often say that dm-verity flags can be found in fstab.qcom file. I seached my whole device by:

QK1713:/ # find / -name "fstab.qcom"

and have this file found: /system/vendor/etc/fstab.qcom. Unfortunately, it does not have any "verify" flags in it, file's attached just in case.
This post was last modified: 23-05-2021, 05:29 PM by vpolinov.
Attached Files
.zip
fstab.zip
Size: 825 bytes / Downloads: 3
X3non
X3non
X3non
Recognized Contributor
22,062
23-05-2021, 06:19 PM
#6
(22-05-2021, 04:16 PM)vpolinov ...

you boot.img doesn't seem to have anything verify related, try unpacking and repacking stock boot.img without making any modification or deleting any files
flash the repacked image and confirm if the device can still boot into homescreen
vpolinov
vpolinov
vpolinov
Junior Member
23
24-05-2021, 05:47 PM
#7
(23-05-2021, 06:19 PM)X3non ...try unpacking and repacking stock boot.img without making any modification or deleting any files
flash the repacked image and confirm if the device can still boot into homescreen

For re-packing task I used carliv_image_kitchen-v1.3-x64 tool. Exactly as you instructed: just unpacked boot.img and re-packed it immediately not amending anything.

I still cannot boot. However(!) the result is different now as compared to situation with magisk-patched boot.img. The boot.img I re-packed using carliv leads not to Red State but to fastboot mode. Not sure if this is any progress forward...



Also, is the following a bad sign for me:

QK1713:/ # getprop ro.boot.veritymode
enforcing

?
This post was last modified: 24-05-2021, 06:26 PM by vpolinov.
X3non
X3non
X3non
Recognized Contributor
22,062
25-05-2021, 12:18 PM
#8
(24-05-2021, 05:47 PM)vpolinov For re-packing task I used carliv_image_kitchen-v1.3-x64 tool. Exactly as you instructed: just unpacked boot.img and re-packed it immediately not amending anything.

retry this but use android image kitchen latest version for unpack / repack


(24-05-2021, 05:47 PM)vpolinov I still cannot boot. However(!) the result is different now as compared to situation with magisk-patched boot.img. The boot.img I re-packed using carliv leads not to Red State but to fastboot mode. Not sure if this is any progress forward...

i won't say that's any progress seeing as it still doesn't boot



(24-05-2021, 05:47 PM)vpolinov Also, is the following a bad sign for me:

QK1713:/ # getprop ro.boot.veritymode
enforcing

?

magisk hide sets this to enforcing as well so it's all good. refer to https://github.com/topjohnwu/Magisk/blob...cy.cpp#L12
vpolinov
vpolinov
vpolinov
Junior Member
23
25-05-2021, 05:00 PM
#9
Latest version of AIK, as far as I understand, is 3.8, so I used it.

I noticed that AIK produces two resulting *.img files. One is signed, another - unsigned, judging by file names.

Screen of AIK packing is attached.

Results of flashing are different:
- flashing signed boot.img resulted in Red State - same as with magisk-patched boot.img
- flashing unsigned boot.img resulted in my phone booting directly to fastboot - same as with carliv_image_kitchen
This post was last modified: 25-05-2021, 05:00 PM by vpolinov.
Attached Files
.png
boot-repacking.png
Size: 49.17 KB / Downloads: 5
vpolinov
vpolinov
vpolinov
Junior Member
23
31-05-2021, 05:45 AM
#10



Hi, am I right no more ideas?
Pages (3): 1 2 3 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram