Kirisakura-Kernel for the Rog Phone 3
Hello everyone,
To keep it short: Here is Kirisakura - Kernel for the Rog Phone 3 aka OBIWAN.
I would appreciate if everybody that flashes the kernel, reads at least once through this opening post and the following ones.
Kirisakura - Kernel is designed to bring a handful of beneficial features to the device, while ensuring excellent performance and smoothness to get you safely through the day!
This project aims to keep most of the subsystems updated, way ahead of the stock kernel, thereby improving security and performance, while keeping stability as the foucs during testing! This includes Linux-Stable, CAF-Upstream and kernel/common.
Kernel Control Flow Integrity (Kernel-CFI), which is achieved by linking the kernel with LLD and Link Time Optimization (LTO), more precisely ThinLTO, are quite unique security features. In fact this, alongside Kirisakura-Kernel for the OnePlus 8 Pro, may be (and probably is) the first 4.19 msm kernel with a fully working Kernel-CFI implementation and CFI-Violations fixed on a smartphone.
The only kernels made by OEMs offering this security feature are the ones for the Pixel 3 and Pixel 4 devices.
The recently released Kirisakura-Kernel for the OnePlus 8 Pro was featured on the XDA-Portal due to the inclusion of CFI. The featured article explains CFI in great details, is easy to understand and definitely worth to read.
Another security feature is Shadow Call Stack (SCS). Similar to CFI, only the Pixle 3 and 4 Kernel use this security feature.
SCS is another security patchset that is aimed at preventing attacks via return oriented programming (ROP).
ROP is a technique where the attacker gains control of the kernel stack to overwrite function return addresses and redirect execution to carefully selected parts of existing kernel code.
If you´re interested here are a few good links:
Google Security Blog explaining SCS.
LLVM doc about SCS
Android DOCs documenting SCS
If reading about upstream in the paragraph above got you curious,have a read about Linux-Stable and why it is important here. The stable-process is not the same for every subsystem, but the general idea, rule of thumb and benefits are applicable for other subsystems as well.
Quick explanation of CAF-Upstream. CAF is short for Codeaurora-Forums. This is the place where development from Qualcomm for their SoCs happens. This includes the Snapdragon 865/+ that´s built into the different SKUs of the Rog Phone 3.
The kernel-bases available on the Codeaurora-Forums, are basically the foundations OEMs use, to build their own kernel additions on top for devices featuring Qualcomm SoCs.
The Qualcomm developers push regular updates to the bases of the different SoCs, a bit similar to how Linux-Upstream works. OEMs usually stop updating the initial base after the phone is released.
This kernel focuses amongst the other features to provide the latest CAF-Updates merged in a regular manner, to provide updates, improvements and enhancements for SoC specific drivers and subsystems! This might take a while, because a lot of device specific testing is done on my end to ensure stability.
The kernel includes a lot of improvements and contributions from other developers as well. Without this kernel would not exist.
I´d like to mention @tbalden ´s excellent CleanSlate features at this place. They improve usability by a big margin for me personally. The highly customizable sweep to sleep implementation (adjustable to different navigation settings), long tap to bring down status bar (very useful on a big device), backlight dimmer and notification reminder are very useful features that I use personally every day.
Another big part of improvements originate from @arter97´s, @kdrag0n´s and @Sultanxda´s work. Many others contributed in some way or another to this kernel.
A big thanks to all of them at this place!
Now lets continue with a list of features in the next paragraph!
Main Features:
- Based on latest kernel sources from Asus for Android 12 and intended for use on the latest Asus Stock-Firmware
- compiled with Clang 13.0.1 and built with -O3 speed optimizations
- Linux-Stable-Upstream included to 4.19.240
- CAF base for the Snapdragon 865/+ (SD865/+) updated to upstream CAF
- Kernel Control-Flow-Integration (CFI) andLink-Time-Optimization (LTO) ported from 4.19 kernel/common and Pixel 4/XL Kernel
- Shadow Call Stack (SCS) Security-Feature
- Use ThinLTO which was first used in the Pixel 4 XL Android R-Preview Kernel instead of full LTO for full program visibility (needed by CFI)
- fix CFI-Violations found in various subsystems like Asus/device specific drivers and qualcomm drivers
- Link the kernel with LLD and use RELR-Relocation
- include important fixes/improvements from kernel/common
- Flashing the kernel will keep root!
- Cleanslate Features included! See @tbaldens´s CleanSlate Thread for more information
- Flashable via EXKM, FKM or TWRP on a rooted system!
- Anykernel zip is based on the Anykernel3 release from @osm0sis
- disable various debugging configs, that are not needed in a perf build kernel according to google.
- disable selinux auditing (we don´t have to adress selinux denials running a stock rom)
- display tweaks to reduce power consumption on statically rendered images
- tweak display to allow better visibility of black levels/colours on low brightness ( example pictures )
- allow experimental 165hz refresh rate for the panel. (use with caution)
EAS related features:
- EAS implementation patched up to latest CAF state
- disable autogroups and use cgroups for more efficient task placement!
- updates from kernel/common
- scheduler updates from Googles Pixel kernel
CPU related features:
- Change various drivers (WLAN, MM, audio, charger, power, thermal, glink etc) to user power efficient workingqueues. This compliments EAS
- include cpuidle patches from CAF
- improvements to cpufreq/times/stats
- improve memory allocations in binder driver
- use s2idle for deepsleep, as pixel 4/5
- vdso32 patches as found on Google Pixel devices (brief documentation here)
- enable lse atomics
- arm64: lse: Prefetch operands to speed up atomic operations, thanks @kdrag0n
- implement fast refcount checking
GPU related features:
- GPU driver updated to latest CAF-State
- remove POPP functionality from GPU driver to avoid constant fight about downscaling with msm-adreno-tz
- don´t wake the gpu on touch input, instead wake when receiving an ioctl
- don´t copy fence names by default to save a bit of cpu-time (explanation)
- msm: kgsl: Stop slab shrinker when no more pages can be reclaimed
- gpu/kgsl improvements from pixel 4/pixel 5 kernel
File System related features:
- improve memory allocations in sdcardfs
- improve eventpoll logging to stop indicting timerfd (improves kernel wakelock readability)
- improve memory allocations in kernfs
- writeback: hardcode dirty_expire_centisecs=3000 based on this commit
- f2fs-stable upstream, that includes ATGC
- ufs improvements from pixel 4/ pixel 5 kernel
UI/UX/Usability related features from CleanSlate:
- CleanSlate features made by @tbalden
- Disclaimer: All CleanSlate features can be controlled via the free companion and config app found on CleanSlate thread here on the ROG 3 Forums on XDA. Please consider buying the premium versions if you enjoy using the CleanSlate features, to give a little something back to @tbalden.
- Flashlight Notification/Call blinking
- Vibrating Notification Reminder
- Sweep to Sleep touchscreen gesture - highly customizable
- DoubleTap on Sweep2Sleep's area gestures - new way to pull down android Notification Area
- Face down screen off - new gesture
- Backlight Dimmer - possibility to use lower panel brightness
- Force FPS Level on Low Brightness
- Squeeze Control
- advanced notification LED control, chromatic charge LED, pulsating LED, LED dimming
Network related features:
- Wireguard Support (Details)
- advanced TCP algorithms enabled
- includes new bbr and bbr2
- fix CVE-2020-14386
Memory related features:
- Speculative Page Faults left enabled (1. 2) (CAF default)
- various fixes for PSI-Monitor, which is used by the userspace lowmemorykiller-daemon
- Fix various memory leaks in different subsystems
- improved mm with patches from mainline
- various other changes from mainline
- included zstd as an option for ZRAM-algorithm (lz4 is probably the best all around, so only change it if you know why and what you are doing)
- improve memory allocations in various subsystems
- ported per process reclaim from Pixel 5 kernel, instead of using outdated CAF implemenation
Security related features:
- Control-Flow-Integration (CFI) and Link-Time-Optimization (LTO) ported from 4.19 kernel/common and Pixel 4/XL Kernel
- Use ThinLTO which was first used in the Pixel 4 XL Android R-Kernel instead of full LTO
- Shadow Call Stack (SCS) Security-Feature
- fix various CFI-Violations found in various subsystems like Asus/device specific drivers and qualcomm drivers
- enable init_on_alloc for even more security, more information can be found in the commit message
- Backport mainline Selinux commits, thanks @arter97 (you must be on magisk 21.0, otherwise the kernel won´t boot)
Misc Features:
TCP Congestion Algorithms:
- advanced algorithms enabled, enable them with your favorite kernel manager
- includes new bbr2
Wakelock Blocker:
- advanced wakelock blocker with the ability to block any wakelocks (dangerous, use with caution)
- please read [URL="https://arstechnica.com/gadgets/2018/08/p-is-for-power-how-google-tests-tracks-and-improves-android-battery-life/"]this for further info
- blocking a kernel wakelock should only be done in case of firmware incompatabilities (WiFi network at work (can´t be changed) causes deep sleep to not work on the phone.) That´s the only use case I see for this feature. The kernel does not features this to improve battery life!
Other features:
- disable logging and debugging to make the kernel more lightweight in various places (includes binder, mm, vma, gpu, ipa etc)
- fix several coding issues detected by newer Clang-Toolchains
- add support for steam controller
- add support for nintendo switch controller
- ufs improvements from pixel 4/ pixel 5 kernel
- gpu/kgsl improvements from pixel 4/pixel 5 kernel
- display tweaks to reduce power consumption on statically rendered images
Feature section for the "non visible" but perceptible improvements:
- updated binder section (responsible for interprocess communication)
- updated sdcardfs ; have a read about it here:
Flashing Guide, Download and Changelog
A description how to flash the kernel, links for download and a changelog can be found in the second post!
Contributors
Freak07
Source Code: https://github.com/freak07/Kirisakura_OBIWAN
Version Information
Status: Stable
Hello everyone,
To keep it short: Here is Kirisakura - Kernel for the Rog Phone 3 aka OBIWAN.
I would appreciate if everybody that flashes the kernel, reads at least once through this opening post and the following ones.
Kirisakura - Kernel is designed to bring a handful of beneficial features to the device, while ensuring excellent performance and smoothness to get you safely through the day!
This project aims to keep most of the subsystems updated, way ahead of the stock kernel, thereby improving security and performance, while keeping stability as the foucs during testing! This includes Linux-Stable, CAF-Upstream and kernel/common.
Kernel Control Flow Integrity (Kernel-CFI), which is achieved by linking the kernel with LLD and Link Time Optimization (LTO), more precisely ThinLTO, are quite unique security features. In fact this, alongside Kirisakura-Kernel for the OnePlus 8 Pro, may be (and probably is) the first 4.19 msm kernel with a fully working Kernel-CFI implementation and CFI-Violations fixed on a smartphone.
The only kernels made by OEMs offering this security feature are the ones for the Pixel 3 and Pixel 4 devices.
The recently released Kirisakura-Kernel for the OnePlus 8 Pro was featured on the XDA-Portal due to the inclusion of CFI. The featured article explains CFI in great details, is easy to understand and definitely worth to read.
Another security feature is Shadow Call Stack (SCS). Similar to CFI, only the Pixle 3 and 4 Kernel use this security feature.
SCS is another security patchset that is aimed at preventing attacks via return oriented programming (ROP).
ROP is a technique where the attacker gains control of the kernel stack to overwrite function return addresses and redirect execution to carefully selected parts of existing kernel code.
If you´re interested here are a few good links:
Google Security Blog explaining SCS.
LLVM doc about SCS
Android DOCs documenting SCS
If reading about upstream in the paragraph above got you curious,have a read about Linux-Stable and why it is important here. The stable-process is not the same for every subsystem, but the general idea, rule of thumb and benefits are applicable for other subsystems as well.
Quick explanation of CAF-Upstream. CAF is short for Codeaurora-Forums. This is the place where development from Qualcomm for their SoCs happens. This includes the Snapdragon 865/+ that´s built into the different SKUs of the Rog Phone 3.
The kernel-bases available on the Codeaurora-Forums, are basically the foundations OEMs use, to build their own kernel additions on top for devices featuring Qualcomm SoCs.
The Qualcomm developers push regular updates to the bases of the different SoCs, a bit similar to how Linux-Upstream works. OEMs usually stop updating the initial base after the phone is released.
This kernel focuses amongst the other features to provide the latest CAF-Updates merged in a regular manner, to provide updates, improvements and enhancements for SoC specific drivers and subsystems! This might take a while, because a lot of device specific testing is done on my end to ensure stability.
The kernel includes a lot of improvements and contributions from other developers as well. Without this kernel would not exist.
I´d like to mention @tbalden ´s excellent CleanSlate features at this place. They improve usability by a big margin for me personally. The highly customizable sweep to sleep implementation (adjustable to different navigation settings), long tap to bring down status bar (very useful on a big device), backlight dimmer and notification reminder are very useful features that I use personally every day.
Another big part of improvements originate from @arter97´s, @kdrag0n´s and @Sultanxda´s work. Many others contributed in some way or another to this kernel.
A big thanks to all of them at this place!
Now lets continue with a list of features in the next paragraph!
Main Features:
- Based on latest kernel sources from Asus for Android 12 and intended for use on the latest Asus Stock-Firmware
- compiled with Clang 13.0.1 and built with -O3 speed optimizations
- Linux-Stable-Upstream included to 4.19.240
- CAF base for the Snapdragon 865/+ (SD865/+) updated to upstream CAF
- Kernel Control-Flow-Integration (CFI) andLink-Time-Optimization (LTO) ported from 4.19 kernel/common and Pixel 4/XL Kernel
- Shadow Call Stack (SCS) Security-Feature
- Use ThinLTO which was first used in the Pixel 4 XL Android R-Preview Kernel instead of full LTO for full program visibility (needed by CFI)
- fix CFI-Violations found in various subsystems like Asus/device specific drivers and qualcomm drivers
- Link the kernel with LLD and use RELR-Relocation
- include important fixes/improvements from kernel/common
- Flashing the kernel will keep root!
- Cleanslate Features included! See @tbaldens´s CleanSlate Thread for more information
- Flashable via EXKM, FKM or TWRP on a rooted system!
- Anykernel zip is based on the Anykernel3 release from @osm0sis
- disable various debugging configs, that are not needed in a perf build kernel according to google.
- disable selinux auditing (we don´t have to adress selinux denials running a stock rom)
- display tweaks to reduce power consumption on statically rendered images
- tweak display to allow better visibility of black levels/colours on low brightness ( example pictures )
- allow experimental 165hz refresh rate for the panel. (use with caution)
EAS related features:
- EAS implementation patched up to latest CAF state
- disable autogroups and use cgroups for more efficient task placement!
- updates from kernel/common
- scheduler updates from Googles Pixel kernel
CPU related features:
- Change various drivers (WLAN, MM, audio, charger, power, thermal, glink etc) to user power efficient workingqueues. This compliments EAS
- include cpuidle patches from CAF
- improvements to cpufreq/times/stats
- improve memory allocations in binder driver
- use s2idle for deepsleep, as pixel 4/5
- vdso32 patches as found on Google Pixel devices (brief documentation here)
- enable lse atomics
- arm64: lse: Prefetch operands to speed up atomic operations, thanks @kdrag0n
- implement fast refcount checking
GPU related features:
- GPU driver updated to latest CAF-State
- remove POPP functionality from GPU driver to avoid constant fight about downscaling with msm-adreno-tz
- don´t wake the gpu on touch input, instead wake when receiving an ioctl
- don´t copy fence names by default to save a bit of cpu-time (explanation)
- msm: kgsl: Stop slab shrinker when no more pages can be reclaimed
- gpu/kgsl improvements from pixel 4/pixel 5 kernel
File System related features:
- improve memory allocations in sdcardfs
- improve eventpoll logging to stop indicting timerfd (improves kernel wakelock readability)
- improve memory allocations in kernfs
- writeback: hardcode dirty_expire_centisecs=3000 based on this commit
- f2fs-stable upstream, that includes ATGC
- ufs improvements from pixel 4/ pixel 5 kernel
UI/UX/Usability related features from CleanSlate:
- CleanSlate features made by @tbalden
- Disclaimer: All CleanSlate features can be controlled via the free companion and config app found on CleanSlate thread here on the ROG 3 Forums on XDA. Please consider buying the premium versions if you enjoy using the CleanSlate features, to give a little something back to @tbalden.
- Flashlight Notification/Call blinking
- Vibrating Notification Reminder
- Sweep to Sleep touchscreen gesture - highly customizable
- DoubleTap on Sweep2Sleep's area gestures - new way to pull down android Notification Area
- Face down screen off - new gesture
- Backlight Dimmer - possibility to use lower panel brightness
- Force FPS Level on Low Brightness
- Squeeze Control
- advanced notification LED control, chromatic charge LED, pulsating LED, LED dimming
Network related features:
- Wireguard Support (Details)
- advanced TCP algorithms enabled
- includes new bbr and bbr2
- fix CVE-2020-14386
Memory related features:
- Speculative Page Faults left enabled (1. 2) (CAF default)
- various fixes for PSI-Monitor, which is used by the userspace lowmemorykiller-daemon
- Fix various memory leaks in different subsystems
- improved mm with patches from mainline
- various other changes from mainline
- included zstd as an option for ZRAM-algorithm (lz4 is probably the best all around, so only change it if you know why and what you are doing)
- improve memory allocations in various subsystems
- ported per process reclaim from Pixel 5 kernel, instead of using outdated CAF implemenation
Security related features:
- Control-Flow-Integration (CFI) and Link-Time-Optimization (LTO) ported from 4.19 kernel/common and Pixel 4/XL Kernel
- Use ThinLTO which was first used in the Pixel 4 XL Android R-Kernel instead of full LTO
- Shadow Call Stack (SCS) Security-Feature
- fix various CFI-Violations found in various subsystems like Asus/device specific drivers and qualcomm drivers
- enable init_on_alloc for even more security, more information can be found in the commit message
- Backport mainline Selinux commits, thanks @arter97 (you must be on magisk 21.0, otherwise the kernel won´t boot)
Misc Features:
TCP Congestion Algorithms:
- advanced algorithms enabled, enable them with your favorite kernel manager
- includes new bbr2
Wakelock Blocker:
- advanced wakelock blocker with the ability to block any wakelocks (dangerous, use with caution)
- please read [URL="https://arstechnica.com/gadgets/2018/08/p-is-for-power-how-google-tests-tracks-and-improves-android-battery-life/"]this for further info
- blocking a kernel wakelock should only be done in case of firmware incompatabilities (WiFi network at work (can´t be changed) causes deep sleep to not work on the phone.) That´s the only use case I see for this feature. The kernel does not features this to improve battery life!
Other features:
- disable logging and debugging to make the kernel more lightweight in various places (includes binder, mm, vma, gpu, ipa etc)
- fix several coding issues detected by newer Clang-Toolchains
- add support for steam controller
- add support for nintendo switch controller
- ufs improvements from pixel 4/ pixel 5 kernel
- gpu/kgsl improvements from pixel 4/pixel 5 kernel
- display tweaks to reduce power consumption on statically rendered images
Feature section for the "non visible" but perceptible improvements:
- updated binder section (responsible for interprocess communication)
- updated sdcardfs ; have a read about it here:
Flashing Guide, Download and Changelog
A description how to flash the kernel, links for download and a changelog can be found in the second post!
Contributors
Freak07
Source Code: https://github.com/freak07/Kirisakura_OBIWAN
Version Information
Status: Stable
Last edited:
