[ROM][Unofficial][10.0][microG][signed]hardened LineageOS 17.1 Oneplus 7T Pro

Search This thread
The easiest way is to probably flash stock OOS recovery using fastboot and then flash OOS from recovery. Since TWRP isn't fully functional and fastboot flashing every partition manually is tedious.
Sounds logical - haven't tried (and most probably won't), so cannot confirm.
The bad side of not having a fully functional TWRP is the missing ability for a nandroid backup, which normally allows you to be quite "experimental" in regards of your device - but the 7T Pro is my daily driver, so I don't want to lose my data... ;)
 

pa.trick

Member
Nov 2, 2017
5
1
@MSe1969 : Thanks for the May update!

Am I the only one having trouble with Aurora?

After the update I am no longer able to connect to Aurora Store: First it says "no connection", upon hitting "try later" it fails to connect indefintely (before the update everything was working fine).

I didn't change anything in Aurora Store App + Aurora Services settings.

Wiping cache and user data in those two apps didn't help.

Any input for further troubleshooting would be much appreciated!
 
Last edited:
@MSe1969 : Thanks for the May update!

Am I the only one having trouble with Aurora?

After the update I am no longer able to connect to Aurora Store: First it says "no connection", upon hitting "try later" it fails to connect indefintely (before the update everything was working fine).

I didn't change anything in Aurora Store App + Aurora Services settings.

Wiping cache and user data in those two apps didn't help.

Any input for further troubleshooting would be much appreciated!
Hi,
Aurora sometimes can make trouble. If the things you've listed already (like "try again later", purge app/cache data and configure again) haven't helped, you may - in case you are using the 'iptables block script' - try disabling and directly re-enabling it.
Regards, M.
 
  • Like
Reactions: pa.trick

pa.trick

Member
Nov 2, 2017
5
1
Hi,
Aurora sometimes can make trouble. If the things you've listed already (like "try again later", purge app/cache data and configure again) haven't helped, you may - in case you are using the 'iptables block script' - try disabling and directly re-enabling it.
Regards, M.
That did the trick :) - thanks for your help!

Out of curiousity: the Google Play services displayed in the screenshot is actually microG in disguise, I suppose?

img1.png
 

RayfG

Senior Member
Jan 28, 2016
437
107
outa space
I have a big problem..... I can´t get magisk root. If I patch the boot.img I´ll get a pachted img in download folder on device. After copy on my computer, the command fastboot boot magisk_patched.img should do the job. After reboot my device hangs in boot animation very slow. After I reset the device, it boots normal, but no root.
Any help about this pls?!
 
I have a big problem..... I can´t get magisk root. If I patch the boot.img I´ll get a pachted img in download folder on device. After copy on my computer, the command fastboot boot magisk_patched.img should do the job. After reboot my device hangs in boot animation very slow. After I reset the device, it boots normal, but no root.
Any help about this pls?!
Did you try to flash Magisk the first time? Or did that work with an older release, but only now it won't ?

You may want to try fastboot flash boot magisk_patched.img - but if that leads to the same result, you have to flash the boot.img from the ROM zip file in the same way to restore.

EDIT: I myself do not use Magisk on this device, so my above proposal is a proposal to try, not an advice.
 

RayfG

Senior Member
Jan 28, 2016
437
107
outa space
@MSe1969
Thank u for ur reply.
Ok, I flashed magisk on every version. And it worked flawless. After update via updater i downloaded rom from link in first page. I extracted the boot.img from payload.bin and patched it with magisk. Then i have the patched version and copied it to my pc. last i installed it with fastboot boot magisk_patched.img. After that phone reboots and i use direct install via magisk. That used to wotk 3 times. now, it didn´t.
 
@MSe1969
Thank u for ur reply.
Ok, I flashed magisk on every version. And it worked flawless. After update via updater i downloaded rom from link in first page. I extracted the boot.img from payload.bin and patched it with magisk. Then i have the patched version and copied it to my pc. last i installed it with fastboot boot magisk_patched.img. After that phone reboots and i use direct install via magisk. That used to wotk 3 times. now, it didn´t.
As indicated before, the Magisk install instructions say 'fastboot flash boot magisk_patched.img', which really replaces the device's boot partition (afterwards, you need to manually reboot the device. e.g. via 'fastboot reboot'). 'fastboot boot magisk_patched.img' simply boots the patched kernel, without replacing the boot partition.

EDIT:
Normally, simply booting the patched boot.img shouldn't make the difference - maybe try to really get rid of any Magisk stuff on your device and start from scratch; maybe some module causes trouble?
 
Last edited:

RayfG

Senior Member
Jan 28, 2016
437
107
outa space
As indicated before, the Magisk install instructions say 'fastboot flash boot magisk_patched.img', which really replaces the device's boot partition (afterwards, you need to manually reboot the device. e.g. via 'fastboot reboot'). 'fastboot boot magisk_patched.img' simply boots the patched kernel, without replacing the boot partition.

EDIT:
Normally, simply booting the patched boot.img shouldn't make the difference - maybe try to really get rid of any Magisk stuff on your device and start from scratch; maybe some module causes trouble?
No way to get it run. Tried all... I have no more ideas-----------pffffff-------------
 
Apr 13, 2021
20
2
Hi! @MSe1969 Sorry to bother you but I ran into a stop and I am needing some help!
I compiled and signed successfully both the rom and the recovery.
I can boot in the user signed recovery (btw even the hardened recovery boots with no problem) then I sideloaded copy partitions and done the whole format, reboot etc..
when I try to sideload my rom I get to 22% then I am kicked out with a adb: failed to read command:Success
take note I can install of your rom seamlessly.
looks like my rom is broken somewhere but I don't really know where.
I tried to recompile without touching anything but no dice.
 
Hi! @MSe1969 Sorry to bother you but I ran into a stop and I am needing some help!
I compiled and signed successfully both the rom and the recovery.
I can boot in the user signed recovery (btw even the hardened recovery boots with no problem) then I sideloaded copy partitions and done the whole format, reboot etc..
when I try to sideload my rom I get to 22% then I am kicked out with a adb: failed to read command:Success
take note I can install of your rom seamlessly.
looks like my rom is broken somewhere but I don't really know where.
I tried to recompile without touching anything but no dice.
Hi, I had at the beginning exactly the same issue:
When I used the official recovery downloaded from LineageOS, same as when I used the recovery, which was build along with my ROM (hardened variant). What worked at the end was to build a "vanilla" LineageOS ROM (if you use my repos, as documented, with './switch_microg.sh default'), but with my signature, just to take the built recovery.img.
In fact, everytime, I test a new version of my ROM, I have to first flash my signed "vanilla" recovery, which is linked in the OP, before I am able to flash my ROM. If I try to sideload the ROM directly (which means that the recovery built along with the hardened ROM is active, exactly the same happens, what you describe).
If you say, that you are able to sideload my ROM - I would expect this only be possible, if you had flashed before my recovery...
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    but maybe other forum participants have some experience?
    If you compile the whole rom by yourself, after the repo sync and switch to hardened branch, but before the actual compile, you can replace the fakestore apk for a patched phonesky apk.
    get it from nanolx or somewhere trusted.
    if you just switch the file and rename the new one as fakestore. apk you can compile with no other modifications.
    if, instead, you want to add other apks or other fine tunes, you have to modify /add something more in the base configuration files.
    if you read the readme in the microg prebuilts repository you will understand what you have to add/modify.
    1
    This ROM looks like the perfect fit. Is there a 18.1 version planned ?
    Not in the near future, but eventually, maybe in a couple of months, yes.
    To quote myself from a post here some weeks back (scroll back...):
    "Frankly, I do not see any "killer" features, which would make me switch as soon as possible.
    To me, besides some nitty-critty details (bubbles, prio chats, use location only once), the only effective difference would be to have the ultimate pleasure to see "Android 11" when picking "about phone" in the Settings app."
    1
    New build with June ASB patches available

    Hi all,
    a new build is available and will later today also be offered via the Updater app. For manual download and flashing, see here:
    • ASB Security string 2021-06-05
    • Bromite System Webview and Browser updated to 91.0.4472.102
    • Upstreamed microG (0.2.19211515-9)
    • Kernel WLAN driver (qcacld-3.0) patched to include mitigations against "Frag" vuln.
    Regards, M.
    1
    Not sure, what went wrong and needless to discuss.
    Thank you!
    ...Make sure you understand theit commands and do not simply execute them blindly.
    Surely! I always take notes during my adventures, I am learning a lot, mostly thanks to people like you!
    1
    都快一个月了,还以为是零件有问题,检查后一切正常
    English, please! (see forum rules)
    I used "Google translate" to get the following translation:
    "It's almost a month, I thought it was a problem with the part, and everything was normal."

    My post, which you have quoted, was to answer @bestouff 's described bootloop issue after flashing my ROM.
    In my post before, I had answered to you, that this ROM is not suitable for your 5G device (HD1925).
  • 11
    This thread is dedicated to provide hardened Lineage-OS 17.1 builds with microG included for the OnePlus 7T Pro (hotdog) with current security patches.

    Features of this ROM
    Download here
    • Pre-installed microG and F-Droid like LineageOS for microG project (own fork)
    • Pre-installed AuroraStore
    • OTA Support
    • eSpeakTTS engine
    • Bromite as default browser
    • Additional security hardening features listed below:
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
    • Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
    • Firewall UI (under Trust)
    • Increased max. password length of 64
    • No submission of IMSI/phone number to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView
    • Extra control of sensor access for additionally installed user apps (Special access under app permissions)
    • Kernel kept up to date with ASB patches of Google kernel/common 'android-4.14-q-release' branch
    • Debloated from Oneplus blobs for Soter and IFAA
    • Hardened bionic lib and constified JNI method tables


    Current release levels
    Security string: 2021-06-05
    AOSP tag: 10.0.0_r41
    Bromite System Webview: M91


    Source-code and build instructions
    Kernel: https://github.com/lin17-microg/android_kernel_oneplus_sm8150/tree/lin-17.1-mse
    Build manifest: https://github.com/lin17-microg/local_manifests/tree/lin-17.1-hmalloc


    Installation Instructions

    YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!

    Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.

    Pre-Requisites
    • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
    • An unlocked bootloader (see e.g. LineageOS install instructions)
    • If you come from Stock ROM, make sure to upgrade your device to the latest offered software version
    • Know, how to boot into fastboot mode (with powered off device press [Power]+[Vol.down]+[Vol.up])

    Please read carefully:
    I refer in general to the LineageOS install instructions, but there are some deviations!
    It is recommended to really go through the instructions once, before doing anything. You have been warned.


    Install the dedicated Lineage recovery for this ROM
    For the Oneplus 7T Pro (hotdog), there is currently no official TWRP available! The unofficial TWRP did not work for me.
    Please download the specific Lineage revocery for this build. It has been built using this ROM's signing key, because the official Lineage recovery did not work either for me (the official Lineage recovery works with the official build, this one works for this specific build).
    Flash this specific recovery with the below commands:
    Code:
    fastboot flash recovery_a lineage-17.1-20210118-recovery-microG-signed-hotdog.img
    fastboot flash recovery_b lineage-17.1-20210118-recovery-microG-signed-hotdog.img
    Reboot now into recovery from fastboot (follow the menu options) - DO NOT boot into your OS yet.

    If you come from Stock ROM, sideload the "copy partitions" script referred and described in the LineageOS install instructions.
    Please note, that you may get error messages stating
    Partition product_b dd: /dev/block/dm-1: write error: No space left on device
    Partition vendor_b dd: /dev/block/dm-2: write error: No space left on device
    You can ignore those, as long as it is product or vendor.

    Continue as described in the LineageOS installation instructions with formatting /data and sideloading the ROM ZIP.
    It is normal, that you observe at 47% progress a longer break, followed by a step 1/2 and finally 2/2 before a success message appears.

    DO NOT flash Gapps!
    This ROM comes with pre-installed microG. So don't attempt to flash Gapps.


    Update Instructions

    This ROM offers OTA updates through the Updater app. Therefore, normally, no further activities necessary.
    You can however also manually update the ROM by sideloading a newer version of this ROM via recovery.
    IMPORTANT:
    If you would like to manually update by sideloading the ROM, you need to first flash the linked recovery image (see install instructions) again via fastboot! Recovery is always updated when flashing a new ROM version, and that updated recovery can't sideload this ROM version. Don't ask me, why. I will have to find out, how to solve that issue.


    Dealing with signed builds
    Please note, that this builds is signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You have to perform a "clean flash".


    Bug reports:
    If you have a problem, please create a post with these informations:
    Original Kernel shipped with this rom:
    Build Date:
    And try to get log as described here
    Please note that I can't and won't support issues with builds using a different kernel or Xposed.
    In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.

    Credits
    AOSP project
    LineageOS project
    microG project
    Graphene OS project
    csagan5 (Bromite)
    WhyOrean (Aurora)
    5
    Change log

    2021-06-13

    • ASB Security string 2021-06-05
    • Bromite System Webview and Browser updated to 91.0.4472.102
    • microG 0.2.19211515-9
    • Kernel WLAN driver (qcacld-3.0) patched to include mitigations against "Frag" vuln.

    2021-05-10
    • ASB Security string 2021-05-05
    • Bromite System Webview and Browser updated to 90.0.4430.204
    • Upstreamed microG (no new version)
    • Update: AuroraServices 1.1.1

    2021-04-10
    • ASB Security string 2021-04-01
    • Bromite System Webview and Browser updated to 90.0.4430.59
    • F-Droid updated to 1.12
    • Update: AuroraStore 4.0.4 with AuroraServices 1.1.0

    2021-03-08
    • Security string 2021-03-05
    • Kernel slightly patched
    • Bromite System Webview updated to 88.0.4324.207
    • Bromite Browser updated to 88.0.4324.207
    • F-Droid 1.11
    • microG 0.2.18.204714

    2021-02-05
    • Security string 2021-02-05
    • Kernel slightly patched
    • Bromite System webview updated to 88.0.4324.141
    • Bromite Browser updated to 88.0.4324.141
    • F-Droid 1.10-alpha-234
    • microG 0.2.17.204714-5
    2021-01-22 - Initial build
    • Security string 2020-01-05
    • Pre-installed microG (0.2.16.204713-10) and F-Droid like the LineageOS for microG project (own fork)
    • Pre-installed AuroraStore
    • Bromite as default browser (87.0.4280.106)
    • eSpeak TTS engine (FOSS TTS solution)
    • Additional security hardening features listed below:
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
    • Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
    • Firewall UI (under Trust)
    • Increased max. password length of 64
    • No submission of IMSI/phone number to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView (87.0.4280.131)
    • Extra control of sensor access for additionally installed user apps (Special access under app permissions)
    • Constified JNI method tables and hardened bionic lib
    5
    Security Hardening Features - Details

    1. Pre-installed microG and F-Droid

    same as the LineageOS for microG project

    2. Pre-installed AuroraStore
    works w/o having to enable the "unknown sources feature"

    3. Extra control of sensor access for additionally installed user apps
    Special access under app permissions

    4. Cloudflare (instead of Google) default DNS
    Cloudflare DNS has a better privacy policy than Google Public DNS and has DNS-over-TLS and DNS-over-HTTPS. In the deafult DNS settings (as fallback) and network diagnostics, the Cloudflare DNS adresses 1.1.1.1 and 1.0.0.1 are specified as defaults (instead of Google's 8.8.8.8 and 8.8.4.4)

    5. Privacy-preferred default settings
    When newly installed, the below settings are defaulted, different from standard LineageOS 17.1 (all settings can be changed at any time later):
    • Anonymous LineageOS statistics disabled (proposal during Setup)
    • The standard browsing app does not get the location runtime permission automatically assigned
    • Sensitive information is hidden on the lock screen
    • Camera app: Location tagging disabled by default
    Further, when a lock screen protection is set (PIN, pattern, password), the Nfc, Hotspot and airplane mode tiles require authentication and cannot be set without

    6. Optional blocking of Facebook- and Google-Tracking
    Settings => Network & Internet (scroll down)
    When activated, all outgoing connection attempts to Facebook servers will be suppressed.
    Same applies to Google, but certain apps on an internal exception list will still be able to connect (AuroraStore, microG, or e.g. NewPipe, if installed)

    7. Optional disable captive portal detection and to select Captive portal server URL provider
    Settings => Network & Internet (scroll down)
    When deactivated, the system will not ping a specific Google server any longer when establishing a WiFi connection to determine, whether a captive portal is being used. Further, the captive portal URL provider can be set (default is GrapheneOS and not Google; Settings - Network & Internet)

    8. No submission of IMSI or phone number to Google when GPS is in use
    GPS also works fine, if no SIM card is present, so there obviously is no benefit for the phone holder (different from other involved parties :rolleyes:) to provide this data . . .

    9. Default hosts file with many blocked ad/tracking sites
    The system's hosts file redirects a comprehensive list of URLs known to be adware, tracking, etc. to 127.0.0.1 (ipv4) and ::1 (ipv6)

    10. Privacy-enhanced Bromite SystemWebView
    Instead of the default Chromium System Webview component, the Bromite SystemWebView is used offering more privacy, more ad blocking and less Google tracking.

    11. Bromite as shipped Browser
    A chromium based browser with many privacy features.

    12. Firewall UI
    Settings => Privacy - Firewall
    Lists all apps and allows to restrict Internet access per app in regards to WiFi, mobile network or VPN
    This per-app feature is a standard feature in LineageOS, but the UI to show all apps is an Extra (taken from a topic in LineageOS's Gerrit - it may, or may not, become part of the official LineageOS one day)

    13. Maximum password length increased to 64
    4
    Thank you for your support here. Everything works very fine. Last but not least i need root access for the rom.
    is it too late now for root because all is set up now or can i root the phone after all this? If yes, can you point me to the correct img or what ever and explane how to root.
    Sorry for getting on your nerves....
    If I may offer my step-by-step guide to root a fresh installation. I am not so sure whether that works in Linux (so I keep an old computer with Windows for this purpose). You won't lose any data or customization.

    1. You need to extract the boot.img from the rom you are using.
    You can find many guides for payloading a boot image, essentially you have to:
    - Install python for windows, and extract the payload dumper tool into that python folder.
    - Change into the python installation folder.
    - Unpack the rom and copy the payload.bin file into the python folder.
    - Open a command prompt in that folder, use these two commands to install dependencies and extract the payload.bin file:
    # python -m pip install -r requirements.txt
    # python payload_dumper.py payload.bin
    - In the python folder there is a subfolder called "output", in this you will find the extracted boot.img.

    2. Patch the boot.img.
    - Download and install the latest MagiskManager, and change the channel to "beta".
    - Copy the boot.img file to your device (e.g. via adb).
    - In MagiskManager chose "Magisk - install - chose file and patch", chose your boot.img, this will put a magisk_patched.img in your Download-folder on the device.

    3. Root your phone.
    - Copy the magisk_patched.img to your computer.
    - Open a command prompt and reboot your device to bootloader.
    - Type:
    # fastboot boot magisk_patched.img
    - Your phone will reboot after that and is rooted.
    - Don't forget the last step: In Magisk Manager chose "direct install" - this will flash the boot.img and gain permanent root.

    -------------------------------------------

    @MSe1969 - I hope you don't mind me posting this here. I could also remove it if you think it is off-topic for this rom.