[ROM] DivestOS 20.0 for mata

Search This thread
By:
Advanced…
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
Psk.It said:
@SkewedZeppelin sorry to be OT, I saw the build for Oneplus 9 / 9 pro
i did a couple of attempt starting from OOS and starting from Lieage19.1
also installing fastboot zip or sideloading the other zip file, i ran always on qualcomm crashdum
where can I found specific instruction?

thank you
Click to expand...
Click to collapse
github.com

OnePlus 9 Pro - Starting with a Fresh, Stock, Fully updated ROM to 12 - Getting Qualcomm Crash Dump screen · Issue #125 · Divested-Mobile/DivestOS-Build

So I've tried this a few times now. Just bought a brand new One Plus 9 Pro yesterday (New, unlocked, directly from OnePlus - upgrading from my trusty OnePlus 7 Pro) Updated the OOS to latest over t...
github.com github.com
 
foueddyf

foueddyf

Senior Member
Jul 6, 2010
200
62
Los Angeles, CA
Essential Phone
Just saw this month's update in the updater but there are 2 files. Is the smaller one (55mb) needed?

Screenshot_20220713-125934_Updater.png
 
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
foueddyf said:
Just saw this month's update in the updater but there are 2 files. Is the smaller one (55mb) needed?
Click to expand...
Click to collapse

The smaller one is a delta that downloads quicker. Contains the update just as the large one.

foueddyf said:
Also, I don't see mata anymore on DivestOS device list page:
https://divestos.org/index.php?page=devices&base=LineageOS#device-mata

Should we be worried? 🥺
Click to expand...
Click to collapse
There is a cache to the page, when builds are uploading I move the old ones to an old folder, and the new ones upload.
During the upload the page will be missing devices.

I rarely remove devices and I note it on the news page when I do.
 
  • Like
Reactions: foueddyf
foueddyf

foueddyf

Senior Member
Jul 6, 2010
200
62
Los Angeles, CA
Essential Phone
SkewedZeppelin said:
The smaller one is a delta that downloads quicker. Contains the update just as the large one.
Click to expand...
Click to collapse
Does the delta update only show up if it's safe to flash it?
In other words, say I was on the April 19.1 build, would this delta update show up?
I was always under the impression delta updates only work if you're 1 version behind and not more.

I guess, if in doubt, just get the full update.
Glad to hear mata is not going away 😊
 
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
foueddyf said:
Does the delta update only show up if it's safe to flash it?
In other words, say I was on the April 19.1 build, would this delta update show up?
I was always under the impression delta updates only work if you're 1 version behind and not more.
Click to expand...
Click to collapse
Deltas can be generated between any two images no matter how old.
The updater will only provide delta images that are compatible with the current installed image.
Furthermore it will only apply changes if it is validated to apply successfully by the update engine.
 
  • Like
Reactions: foueddyf
H

hedgecore44

Senior Member
Mar 9, 2016
168
35
SkewedZeppelin said:
If it doesn't work try disabling the content blocker in Settings > Security.

If that doesn't fix it, you can try the make sure the `Enable native code debugging` option above that is checked.

If that doesn't fix it, it may depend on Safetynet and not work.
Click to expand...
Click to collapse
Thanks for the quick response. None of those options got it working. It works on my other degoogled phone with GrapheneOS so I thought it would work here.. No problem, I will just use the browser.
 
N

nexuspb

Senior Member
Jul 9, 2014
58
1
Great ROM! Thank you for developing this as I wanted to try a secure ROM (harden malloc etc) like grapheneOS but do not have a pixel. I have a few questions about this since I'm very new to this stuff

1. Since mata does not have AVB, what exactly are we verifying in the verified boot? From what I found online, it will just check for a valid signature but not if it's signed by a vendor. Is this true?
2. I'm mostly afraid of bricking my device given that EDL mode recovery is not an option, would keeping the bootloader unlocked prevent any hard brick situations? Also, does an unlocked bootloader only protect against physical attacks (nothing remote)?
 
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
nexuspb said:
1. Since mata does not have AVB, what exactly are we verifying in the verified boot? From what I found online, it will just check for a valid signature but not if it's signed by a vendor. Is this true?
Click to expand...
Click to collapse
Verified boot on these non AVB devices from my understanding is that the ramdisk is trusted because it is there and locked, and everything after the ramdisk (/system, and /vendor) are verified by the kernel in the ramdisk against the keys in the ramdisk.

On AVB devices the ramdisk would be verified against the avb key partition.

nexuspb said:
2. I'm mostly afraid of bricking my device given that EDL mode recovery is not an option, would keeping the bootloader unlocked prevent any hard brick situations? Also, does an unlocked bootloader only protect against physical attacks (nothing remote)?
Click to expand...
Click to collapse
As long as you keep the option to `allow oem unlocking` in Settings, you should always be able to unlock from fastboot even if the system/recovery are non-functional.

And verified boot is not enforcing when the bootloader isn't locked. So yes any malware that tries to gain persistence via modifying a verity partition would be blocked. (although there are obviously other ways for persistence)
 
N

nexuspb

Senior Member
Jul 9, 2014
58
1
SkewedZeppelin said:
As long as you keep the option to `allow oem unlocking` in Settings, you should always be able to unlock from fastboot even if the system/recovery are non-functional.
Click to expand...
Click to collapse
Thank you for the quick reply! I really appreciate it. This might be unrelated, but how do other mata devices get hard bricked then? I saw on reddit/xda that people were getting hard bricked with unlocked & locked bootloaders? In what situation would fastboot not even work? Is this only when oem unlocking is disabled?

SkewedZeppelin said:
And verified boot is not enforcing when the bootloader isn't locked. So yes any malware that tries to gain persistence via modifying a verity partition would be blocked. (although there are obviously other ways for persistence)
Click to expand...
Click to collapse
Do you mean "modifying a verity partition wouldn't get blocked"?
 
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
nexuspb said:
This might be unrelated, but how do other mata devices get hard bricked then? I saw on reddit/xda that people were getting hard bricked with unlocked & locked bootloaders? In what situation would fastboot not even work? Is this only when oem unlocking is disabled?
Click to expand...
Click to collapse
Many devices *do* support locking as this project has proven, users saying locking is "guaranteed 100% brick" is just a wrong blanket statement given the device wasn't too mutilated by the vendor and that the OS you are flashing is signed correctly.

nexuspb said:
Do you mean "modifying a verity partition wouldn't get blocked"?
Click to expand...
Click to collapse
In the case the bootloader was unlocked, yes.
 
N

nexuspb

Senior Member
Jul 9, 2014
58
1
Thank you! I've been using this rom for a bit and really enjoy it.

I'm still struggling to understand the AVB 1.0 boot process for mata.
assets%2F-M5spcXCRu82SfMZIemU%2F-M5sphCby0TUlHRNiNkZ%2F-M5spq1RYzGbdgtAZq74%2Fimage12.png


In this case, how does DivestOS verify the boot partition? I see that the bootloader needs to verify the boot partition with it's OEM key which we don't have in this case? Or are you changing the OEM boot key?

Thank you for the help
 
SkewedZeppelin

SkewedZeppelin

Senior Member
Mar 19, 2021
308
306
divested.dev
@nexuspb
The bootloader appears to pin the keys of the boot partition after lock for future boots, if it is changed it should boot red.
The kernel itself then verifies the system and vendor image against its stored key.
 
N

nexuspb

Senior Member
Jul 9, 2014
58
1
SkewedZeppelin said:
@nexuspb
The bootloader appears to pin the keys of the boot partition after lock for future boots, if it is changed it should boot red.
The kernel itself then verifies the system and vendor image against its stored key.
Click to expand...
Click to collapse
So this means it will boot yellow? I would just need to ensure that the hash matches when I boot my phone to ensure no tampering?

I appreciate the help
 
You must log in or register to reply here.

Similar threads

invisiblek
[ROM][UNOFFICIAL] LineageOS 15.1 for the Essential PH-1 (mata)
Replies
2K
Views
264K
rophiroth
rophiroth
6
[STOCK][DUMPS][FIRMWARE] Essential stock firmware and rom dumps
Replies
1K
Views
241K
N
necross_o
R
[ROM][10][UNOFFICIAL] LineageOS 17.1 for the Essential PH-1 (mata)
Replies
331
Views
47K
robsonline
robsonline
O
[ROM][10.0][MATA][OFFICIAL] Evolution X 4.3 [05/05/2020]
Replies
410
Views
47K
G
guliver365
return.of.octobot
[MATA] [CAF] [UNIFIED] [EAS] [4.4.166] [CLANG 8.0] Neutrino Kernel (hercules)
Replies
520
Views
55K
Bobbaloo
Bobbaloo

Top Liked Posts

24 Hours All time

New posts