Hi i just installed this rom its great i read through all the posts to see if anyone else is having issues passing safety net with magisk ive tried everything and cant get it to pass had it pass basic once but not cts do i need an older version of magisk i dont know much tia for any help
Did you figure this out by now? This is a late reply but I'll post it for anyone else. All you need to do to ensure safetynet passes even with magisk 21.1 with manager 8.0.3 (314) or manager debug build aka canary, as well as with edxposed installed, and without having to format /data BUT be prepared to reset all of your Google apps and its account link in your device. You'll see why in the steps below.
Go boot into recovery and make a full nandroid backup then proceed to wipe /system, but to make it easier on you before you wipe be sure to have either in the phones external SD or a usb mountable drive your lineage rom zip, opengapps zip for 8.1 on arm64 with your choice of package type. And lastly have a copy of the latest stable magisk zip which will be installed LAST AND AFTER BOOTING TWICE INTO ROM. The order for this is absolutely crucial or you'll have to reset Google Play Services to not only get SafetyNet to pass but also be recognized as Play Certified.
Once /system is wiped, again no need to wipe /data, you'll need to run this command on the recovery terminal with /data mounted prior to running it. This is where you'll want to move any backups containing anything Google that may be in your internal storage and copy all of it unto any external drive. Then in the terminal type exactly as shown:
| find /data -iname '*google*' -exec rm -rf '{}' \; |
This will seek any and all files in data containing the term Google, so if you've got backups saved on internal storage with anything Google related, move them to your external drive BEFORE running this command. It should take a second or two for the command to execute and complete. No errors or warnings or any text should come up. If it does, inspect the whole command for mistyped characters. Once that finishes, REBOOT TO SYSTEM.
DO NOT INSTALL any gapps or magisk zip nor restore any boot or system images. The intention is to have a clean system without traces of Google app, framework, and play services remants that will either give you grief with nonstop 'x App Has Stopped' and the potential of majorly screwing the system with manual installations of Google play and framework apks which will assuredly be versions not fully compatible with the device and rom. You're better off starting with a clean slate and just delete all Google files from the phone then after booting once into lineage system, reboot back into recovery and now go ahead and install the openGapps zip. Personally I use the aroma package despite being the largest, for its graphical installer wizard while in recovery environment. Makes it easier to deal with what to install and what stock apps you want to keep or remove. The other packages allow the same customization but they require a text config file prior to installation. Your choice.
With opengapps installed, reboot again into the rom. Don't install magisk yet. You may install Magisk manager while in the rom though to get any of that set up but without magisk in boot image it won't do much yet. The idea is for Google to set up and gather that the system, though it is unofficial and flagged debuggable it is nonetheless "unrooted". With Google set up DO NOT LOG IN TO ANY APP YET, you may notice the play store reading the device as not certified. That's fine. But if you use Google Pay DO NOT LOG INTO IT TILL AFTER THE NEXT AND FINAL STEPS.
Lastly, and not too sure if the order for these final steps make any difference but go ahead and download and Magisk Hide Props Config module and any other module you might want to install when you boot back into recovery. This could include the latest Riru v23.1 and the edxposed framework v0.5.1.3 zips. Optional and again not sure if this was entirely crucial to install in recovery in a single sweep. I'm leaning towards it not being necessary. Anyway, boot into recovery and install the Magisk zip, once done swipe to wipe dalvik/cache and boot into the rom.
Install or make sure to set the play services and store and framework apps on magisk hide. Then install or set up the Magisk Hide Props Config module and set the fingerprint from the list (main menu option 1) to the LG TP260 (submitted by yours truly) and then ensure the sensitive props (main menu option 4) are all set to their safe counterparts and not their sensitive. This is done by magisk by default but from time to time any discrepancy may arise where maybe one such prop isn't properly hidden.
With that reboot once again into system rom and install Riru and edxposed, and edxposed manager (latest is pre v4.6.0) and after installed open and set the manager settings to enable Pass SafetyNet and Force client side verification. Then reboot again and make sure both magisk and edxposed managers are hiding Google Play Services, Play Store, Google Services Framework, and Google Pay. On magisk, you need to select to expand the app components in Magisk Hide to select all of the options which I believe is necessary. Otherwise it will merely select one or two components and there is a chance for any such component to leak out and determine the device as rooted.
This has worked for me and amazingly got Google Pay not detecting root, Play Store reading the device as certified, and with edxposed framework and accompanying modules, and all this without the HiddenCore module which only fakes SafetyNet status to magisk and a few other apps. I'm passing rootbeer fresh, SafetyNet check apps, and Google Pay among other annoying apps that check for root. Delicate process but very much possible.