• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][ANDROID 11][UNOFFICIAL] CalyxOS [beryllium]

Search This thread

TioCareca

Senior Member
With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.
I was thinking the same, that's why the question, the firewall and vpn was my selling point, but i think it can be done in all roms too...
Anyway thanks for the dev to give us another choice 😁👍
 

Dev_Mashru

Recognized Developer
Jan 26, 2016
579
670
What's the difference between this rom and lineage with microg?
True question 😉

With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.

I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
 
Last edited:

Retrial

Recognized Contributor
Jun 10, 2015
1,380
2,547
Athens
Samsung Galaxy S4
Xiaomi Poco F1
I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
Don't get me wrong. I like that POCO F1 has this ROM even unofficial. However all these features more or less can be achieved in other ROMs too. Having them ready out of the box is useful tho.

What I am trying to say is, all the hype about CalyxOS and GrapheneOS that makes them stands out is the locked bootloader which make them more secure. That's ofc unavailable for our device and I know you've tried to get it as close as you can.

With all that said, I would like to see this ROM staying alive for POCO F1 and to keep it up. Giving users more choices for ROMs is nice and I like to see people start thinking about privacy and security more.✌️
 
Last edited:

Zatsando

Member
Oct 16, 2017
15
8
Xiaomi Poco F1
After using it for the last couple of days it is indeed very all in one out of the box privacy respected rom. The individual apps are not something that you can't build them your self, or download the seperately but its a very good privacy package. So far only revolut can't run (due to root), riot games and audible. Sometimes it might delay a notification also...
 

kmr168401

Senior Member
Jul 2, 2016
265
68
OnePlus 6T
hi thanks for the rom now i have installed your rom, really some new things to try like microg for a change, i have format the data then installed firmware and rom, then again formatted the data, then rebooted to system, rom booted successfully. added screenshot to say i have installed the rom successfully
 

Attachments

  • Screenshot_20210828-191233.png
    Screenshot_20210828-191233.png
    132.3 KB · Views: 87
  • Screenshot_20210828-191302.png
    Screenshot_20210828-191302.png
    115.2 KB · Views: 88

TRKARTAL

Senior Member
Jun 21, 2017
162
28
İstanbul
Hello dear dev and other friends. Dear dev, why didn't you share other trees (especially device tree) of rom of device? Thanks.
 

Bandanaman

New member
Jul 31, 2019
3
0
CalyxOS is an Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal.

Learn more out CalyxOS.

Working:
  • Telephony (Calls and Data)
  • IMS (RCS, VoLTE and WiFi Calling)
  • WiFi
  • Bluetooth
  • Camera (and flashlight)
  • Audio (Record and Playback)
  • Video Playback
  • Sensors
  • GPS
  • Encryption (FBE)
  • DM-Verity Enabled
Bugs:
  • You tell me

Installation:
  • Wipe /system, /vendor, /cache
  • Format data
  • Flash calyxos zip

Notes:
  • Do NOT flash gapps
  • I do not work for or under the calyx institute
  • Poco F1 does not maintain the android security model as much as the officially supported devices. It does not have complete android verified boot, but dm-verity is enabled

Download:

Kernel Source:

If you like my work, please consider buying me a coffee.

Telegram support
I was using Calyx on a Pixel 5 and loved it until I developed PWM sickness and switched to LCD. Was so happy to see this Rom and grabbed a Poco f1 to install it. And I am happy to say it runs flawlessly! Connectivity, software, apps, firewall etc. Even my banking app works. Havent found 1 bug. Absolutely love it. To the developer - Thank you so much for your work, without people like you, people like me would be settling for the mainstream instead of enjoying the variety we're blessed with.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 13
    CalyxOS is an Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal.

    Learn more out CalyxOS.

    Working:
    • Telephony (Calls and Data)
    • IMS (RCS, VoLTE and WiFi Calling)
    • WiFi
    • Bluetooth
    • Camera (and flashlight)
    • Audio (Record and Playback)
    • Video Playback
    • Sensors
    • GPS
    • Encryption (FBE)
    • DM-Verity Enabled
    Bugs:
    • You tell me

    Installation:
    • Wipe /system, /vendor, /cache
    • Format data
    • Flash calyxos zip

    Notes:
    • Do NOT flash gapps
    • I do not work for or under the calyx institute
    • Poco F1 does not maintain the android security model as much as the officially supported devices. It does not have complete android verified boot, but dm-verity is enabled

    Download:

    Kernel Source:

    If you like my work, please consider buying me a coffee.

    Telegram support
    9
    What's the difference between this rom and lineage with microg?
    True question 😉

    With respect to the dev, tbh CalyxOS wihout the ability to relock the bootloader is pretty much useless for the nature of this ROM. (Bootloader can be locked only in Pixels and Xiaomi A2 devices)
    I guess the build in Firewall and App Lock it's something make it stands out, otherwise it's like a pure AOSP ROM with microG.

    I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
    1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
    2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
    3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

    Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

    Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
    5
    CalyxOS v2.7.0 is out. Get it here.

    Changelog:
    • Added APNs
    • Updated kernel to Ingenium v2.5
    • Source upstream (Updated to July patch)
    • More things I forgot
    5
    I am sorry, but I beg to differ. While i agree that being able to lock the bootloader would make it much more secure, i still think calyxos is more secure because of the following reasons:
    1. I have enabled DM-Verity which means that everything in the boot process is verified once the kernel is loaded, but if something before the kernel is loaded, it will probably be able to maintain that access. That said, it is definitely more difficult to get infected with something sophisticated that starts itself before the kernel than other more common attacks out that start after the kernel is loaded, which DM-Verity should prevent from happening.
    2. Microg for LOS enables signature spoofing for all system apps (according to the FAQ on their website), which means a malware that manages to get system privileges could potentially be able to misuse the permissions. On the other hand, calyxos sandboxes signature spoofing to only the microg apps with explicit whitelist, which makes much more difficult to be exploited.
    3. Lineageos builds are userdebug, while my builds are user builds. Userdebug builds have many debugging capabilities that "normally violate the android security model" (quoted from AOSP). Those debugging capabilities could also potentially add more attack surfaces making it less secure.

    Some might even find the other features like restricting unknown USB, making a signal/ WhatsApp call directly from the dialer and other such calyx features useful.

    Like I said in the beginning of this post, it is definitely not as secure as a device with a locked bootloader would be, but I have tried my best to make it as secure as possible.
    Don't get me wrong. I like that POCO F1 has this ROM even unofficial. However all these features more or less can be achieved in other ROMs too. Having them ready out of the box is useful tho.

    What I am trying to say is, all the hype about CalyxOS and GrapheneOS that makes them stands out is the locked bootloader which make them more secure. That's ofc unavailable for our device and I know you've tried to get it as close as you can.

    With all that said, I would like to see this ROM staying alive for POCO F1 and to keep it up. Giving users more choices for ROMs is nice and I like to see people start thinking about privacy and security more.✌️