/* * Your warranty is now void. * * I am not responsible for bricked devices, dead SD cards, * thermonuclear war, or you getting fired because the alarm app failed. Please * do some research if you have any concerns about features included in this ROM * before flashing it! YOU are choosing to make these modifications, and if * you point the finger at me for messing up your device, I will laugh at you. */
This is tested on my SM-T976B, but I think the same should work on other models as well.
1. WARNING AND DISCLAIMER
Just unlocking the bootloader will not trip the warranty bit yet, so you can still go back at this point.
The warranty bit will be tripped (0x1) as soon as you actually try flashing something unofficial via Odin. YOU HAVE BEEN WARNED.
Make sure you back up all the important files in your internal storage, as you need to disable encryption with Multi-Disabler in order to let TWRP access the data partition, which would require you to format the data partition (wiping everything in the process). Additionally, keep a few nandroid backups with you so you can recover yourself in case something goes wrong.
- Bootloader unlocked
- ianmacd's TWRP
- Neutralized vbmeta*
- vendor.img from Android 10 stock FW (I used ATK3, but any A10 vendor should do)
* An empty vbmeta is not recommended. You need to patch the vbmeta of the stock FW you're currently on.
Since this device uses dynamic partitions. Flashing system images is not as straightforward as before but not impossible.
azteria2000's GSI Flasher provided a good example on how to use dd/simg2img to flash dynamic partitions using just recovery. This is extremely helpful, as TWRP currently doesn't support fastbootd, which would make flashing even easier.
(1). Extracting Android 10 vendor.img
While you can boot recent GSIs with Android 11 vendor, Magisk currently doesn't work with it. Android 10 vendor is required for Magisk to work properly.
The Android 10 vendor can be extracted from the factory image's super.img. You need to unsparse the image using simg2img then use lpunpack to extract it, and you'll obtain the vendor.img.
(2). Flashing GSI and Android 10 vendor.img
The entire flashing process can be done from TWRP.
NOTE: If you're still on Android 10 (ATK3 or earlier), you can skip flashing vendor and only flash GSI system image.
The corresponding block devices for system and vendor are as follows:
/dev/block/dm-0 - system /dev/block/dm-1 - vendor
# blockdev --setrw /dev/block/dm-0 # blockdev --setrw /dev/block/dm-1
# dd if=<GSI image here> of=/dev/block/dm-0 bs=1m # dd if=<vendor image here> of=/dev/block/dm-1 bs=1m
The vendor.img you obtain from super.img is not sparsed and can be flashed directly using the dd command above.
# simg2img <sparsed GSI image here> /dev/block/dm-0
Android 10 vendor flashed this way will work even if you have upgraded past BUC1 (which blocked the downgrade to Android 10).
It's advised to reboot recovery before trying to access system and vendor, to avoid potential issues.
NOTE: If you flashed vendor in this step, DO NOT REBOOT TO SYSTEM JUST YET.
(3). Flashing Multi-Disabler
You need to flash Multi-Disabler to disable encryption of internal storage so TWRP could access it.
If you flashed the vendor.img when flashing GSI, you MUST flash Multi-Disabler again if you have already disabled encryption with it before.
After flashing Multi-Disabler, you can now try booting to see if the GSI of your choice works.
4. Important Notes
(1). Neutralizing Software (Platform) Watchdog
There's a software (platform) watchdog that by default doesn't get fed while running GSI, causing system to reboot about 100 seconds after boot due to "platform watchdog bite". See this issue and this issue for details.
It's possible to disable this watchdog after boot, by executing the following command using a root shell.
# echo 'V' > /dev/watchdog
EDIT: I've filed an issue regarding the matter here. After some testing, it seems /dev/watchdog0 is the real culprit for our device. Disabling either /dev/watchdog or /dev/watchdog0 will work this around.
(2). Uncertified Device
Since phh-AOSP v303 and onwards, the device is considered uncertified which will prevent you from logging in to your Google account.
Manually registering the device is required for using Google Play Services, but for some reasons that didn't work for me, so I recommend using NanoDroid with microG if applicable (requires Magisk).
(3). Offline Charging Icon
With some GSIs, when powered off, plugging in the charger would make the tablet enter a screen with a white charging battery icon in the middle, that I couldn't easily get out of by pressing POWER button alone. Although I did manage to get out of that screen and boot to the system, I don't really know which button combination is required, and how long I should be holding them. So for now, charging while powered off is not advised...
5. Working Stuffs
- 120 fps working (by forcing FPS using Phh-Treble Settings).
- Wi-Fi and Bluetooth work fine.
- S-Pen works as a pointer device.
- Alternate Audio Policies (from Phh-Treble Settings) is needed to get audio out through USB Type-C.
- Front and rear camera appears working.
6. Untested Stuffs
- MTP does not appear to work properly for some reasons. You'll need ADB for transferring files.
7. Untested Stuffs
- Haven't tested telephony-related stuffs as I'm not using a SIM card on the tablet yet.
- Haven't tested fingerprint sensors as I'm not using it.
There are still some functionalities I haven't tested yet, but anyone is free to test if you want to use a GSI.
Special thanks to: ianmacd, phhusson, Bushcat, Vntnox, azteria2000 and many more...
Original GSI progress issue: here