[ROM][ANDROID 11][UNOFFICIAL] CalyxOS [beryllium]

Search This thread

Dev_Mashru

Recognized Developer
Jan 26, 2016
597
712
Xiaomi Poco F1
What's the difference between this rom and lineage with microg?
True question 😉

With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.

I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
 
Last edited:

Retrial

Recognized Contributor & Translator
Jun 10, 2015
4,074
11,951
Athens
Samsung Galaxy S4
Sony Xperia L
I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
Don't get me wrong. I like that POCO F1 has this ROM even unofficial. However all these features more or less can be achieved in other ROMs too. Having them ready out of the box is useful tho.

What I am trying to say is, all the hype about CalyxOS and GrapheneOS that makes them stands out is the locked bootloader which make them more secure. That's ofc unavailable for our device and I know you've tried to get it as close as you can.

With all that said, I would like to see this ROM staying alive for POCO F1 and to keep it up. Giving users more choices for ROMs is nice and I like to see people start thinking about privacy and security more.✌️
 
Last edited:
After using it for the last couple of days it is indeed very all in one out of the box privacy respected rom. The individual apps are not something that you can't build them your self, or download the seperately but its a very good privacy package. So far only revolut can't run (due to root), riot games and audible. Sometimes it might delay a notification also...
 

kmr168401

Senior Member
Jul 2, 2016
370
116
OnePlus 6T
hi thanks for the rom now i have installed your rom, really some new things to try like microg for a change, i have format the data then installed firmware and rom, then again formatted the data, then rebooted to system, rom booted successfully. added screenshot to say i have installed the rom successfully
 

Attachments

  • Screenshot_20210828-191233.png
    Screenshot_20210828-191233.png
    132.3 KB · Views: 118
  • Screenshot_20210828-191302.png
    Screenshot_20210828-191302.png
    115.2 KB · Views: 119

Bandanaman

New member
Jul 31, 2019
3
0
CalyxOS is an Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal.

Learn more out CalyxOS.

Working:
  • Telephony (Calls and Data)
  • IMS (RCS, VoLTE and WiFi Calling)
  • WiFi
  • Bluetooth
  • Camera (and flashlight)
  • Audio (Record and Playback)
  • Video Playback
  • Sensors
  • GPS
  • Encryption (FBE)
  • DM-Verity Enabled
Bugs:
  • You tell me

Installation:
  • Wipe /system, /vendor, /cache
  • Format data
  • Flash calyxos zip

Notes:
  • Do NOT flash gapps
  • I do not work for or under the calyx institute
  • Poco F1 does not maintain the android security model as much as the officially supported devices. It does not have complete android verified boot, but dm-verity is enabled

Download:

Kernel Source:

If you like my work, please consider buying me a coffee.

Telegram support
I was using Calyx on a Pixel 5 and loved it until I developed PWM sickness and switched to LCD. Was so happy to see this Rom and grabbed a Poco f1 to install it. And I am happy to say it runs flawlessly! Connectivity, software, apps, firewall etc. Even my banking app works. Havent found 1 bug. Absolutely love it. To the developer - Thank you so much for your work, without people like you, people like me would be settling for the mainstream instead of enjoying the variety we're blessed with.
 
Last edited:

z4ck1n

Senior Member
Jan 10, 2012
94
21
With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.
Calyos features are themself are the difference. eg.. MicroG integration is more hardened is Calyos.

I am not sure purpose of discussing pocof1 relock abilities, afaik no custom rom can achieve this for poco.

For PocoF1 users, looking for security & privacy ...this is the best comprised option you have.

@Dev_Mashru thanks
 
Last edited:

Retrial

Recognized Contributor & Translator
Jun 10, 2015
4,074
11,951
Athens
Samsung Galaxy S4
Sony Xperia L
Calyos features are themself are the difference. eg.. MicroG integration is more hardened is Calyos.

I am not sure purpose of discussing pocof1 relock abilities, afaik no custom rom can achieve this for poco.

For PocoF1 users, looking for security & privacy ...this is the best comprised option you have.

@Dev_Mashru thanks
Can you elaborate me how is difference? The only change they have made it's not on microG itself but on signature spoofing the ROM comes with, to allow only one program (the microG) and not other.

About relock, bootloader I think I already mentioned that here and that's the main reason I've made the post about CalyxOS.

Believe what you want, but it's already behind at security patches, and that's a security and privacy issue, don't you think?

With all that said, I am not against the ROM nor the Dev if it's actively maintained it, since it has some privacy apps by default to choose to save you few clicks.
But let's be honest CalyxOS and other similar ROMs like GrapheneOS(which is the best) are made for devices which bootloader can be relock (Pixel devices, Xiaomi Mi A2).

P.S: I don't want to defame the ROM or the Dev since I already said that it's good to have it on POCO F1 even like that. I just replied to you, because you chose to specific quote my post.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 14
    CalyxOS is an Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal.

    Learn more out CalyxOS.

    Working:
    • Telephony (Calls and Data)
    • IMS (RCS, VoLTE and WiFi Calling)
    • WiFi
    • Bluetooth
    • Camera (and flashlight)
    • Audio (Record and Playback)
    • Video Playback
    • Sensors
    • GPS
    • Encryption (FBE)
    • DM-Verity Enabled
    Bugs:
    • You tell me

    Installation:
    • Wipe /system, /vendor, /cache
    • Format data
    • Flash calyxos zip

    Notes:
    • Do NOT flash gapps
    • I do not work for or under the calyx institute
    • Poco F1 does not maintain the android security model as much as the officially supported devices. It does not have complete android verified boot, but dm-verity is enabled

    Download:

    Kernel Source:

    If you like my work, please consider buying me a coffee.

    Telegram support
    9
    What's the difference between this rom and lineage with microg?
    True question 😉

    With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
    I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.

    I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
    1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
    2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
    3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

    Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

    Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
    6
    CalyxOS v2.7.0 is out. Get it here.

    Changelog:
    • Added APNs
    • Updated kernel to Ingenium v2.5
    • Source upstream (Updated to July patch)
    • More things I forgot
    5
    I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
    1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
    2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
    3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

    Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

    Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
    Don't get me wrong. I like that POCO F1 has this ROM even unofficial. However all these features more or less can be achieved in other ROMs too. Having them ready out of the box is useful tho.

    What I am trying to say is, all the hype about CalyxOS and GrapheneOS that makes them stands out is the locked bootloader which make them more secure. That's ofc unavailable for our device and I know you've tried to get it as close as you can.

    With all that said, I would like to see this ROM staying alive for POCO F1 and to keep it up. Giving users more choices for ROMs is nice and I like to see people start thinking about privacy and security more.✌️