Topics

3D Printing Android Auto Android Mods Android TV Apps & Games Themes Wear OS Smartwatches Windows 11 XDA Computing

[CLOSED]Rooting Android 12 on SD765G and Tensor Pixels

Thread starter V0latyle
Start date Oct 29, 2021

Status: Not open for further replies.

Search This thread

Oswald Boelcke

Senior Moderator / Moderator Committee

Staff member

Dec 15, 2021

Thread closed on request of OP @V0latyle

Reactions: Clark Joseph Kent and V0latyle

Status: Not open for further replies.

Facebook Twitter Reddit WhatsApp Email Link

Similar threads

[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3

Snoop05
Dec 29, 2013

101 102 103

Replies: 2K

Views: 7M

Apr 11, 2024

فكري الشراعي

[TOOL]Minimal ADB and Fastboot [2-9-18]

shimp208
Jun 10, 2013

48 49 50

Replies: 982

Views: 5M

Mar 21, 2024

sinommo

[UTIL][WIN][MT65xx] MTK Droid Root & Tools | MediaTek Android Smartphone

bovirus
Feb 22, 2013

115 116 117

Replies: 2K

Views: 3M

Feb 22, 2024

allyalla

Poll

[Android][Guide]Hacking And Bypassing Android Password/Pattern/Face/PI

piraterex
Jan 22, 2014

9 10 11

Replies: 201

Views: 1M

Feb 15, 2024

insomniacno1

★ [MOD] ◢ PurePerformances™X ◣ | Golden Edition | Scary performances on Android

Jeeko
Jul 12, 2013

120 121 122

Replies: 2K

Views: 1M

Nov 9, 2022

canvamodapk

Top Liked Posts

24 Hours All time

There are no posts matching your filters.
21
V0latyle
Update 12/15/21: Magisk Canary 23016 includes a fix for the vbmeta header that addresses this issue. Requesting mods close this thread.

***This is not a guide, please refer to your device forum for root instructions! Do not ask support questions here!***

Users of the Pixel 4a 5g, 5, 5a, and 6 series have all discovered a similar issue: Permanent root on Android 12 seems to require a data wipe.

Some points of note:

Previously, on Android 11 and prior, root was simple. Patch the boot image with Magisk, then flash it. No other steps were required.

However, when the Android 12 Beta launched, users of the Pixel 4a 5g, 5, and 5a discovered that Magisk patched boot images caused a "failure to load/verify boot images" message in bootloader.
This was successfully avoided on 12 Beta by disabling DM-verity and vbmeta verification, accomplished by flashing /vbmeta with these flags:

Code:

fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

With the 12 Stable release, we have found a new issue:
If verity and verification are disabled on an existing system, the device will boot into Rescue Party, with the message "Can't load Android system. Your data may be corrupt". At this point, the user must either reflash both /boot and /vbmeta to stock, or perform a factory reset. A patched boot image can be live booted as long as both partitions are stock; this can be used for temporary root.

Alternatively, a clean install performed with the factory image, either via Android Flash Tool, or via ADB using the following command:

Code:

fastboot update -w --disable-verity --disable-verification update codename-image.zip

will also allow successful boot of a patched boot image.

If /vbmeta is reflashed without disable flags at any point, and the device is allowed to boot, disabling it again will cause the device to boot into Rescue Party.

So, it would seem users of Android 12 on the Snapdragon 765G and Tensor devices have a choice after upgrading to Android 12:

Retain data and either go without root, or use temporary root

Wipe data for permanent root

Both the verified boot issue as well as the data wipe issue affect the Pixel 6 /P6 Pro as well.

As mentioned above, a patched boot image can be live booted for temporary root even if verity/verification are not disabled and /boot is stock.

Reference threads:
Verified Boot information
Update + Magisk thread
OTA sideload thread
Upgrade results and discussion thread
Pixel 6 Pro root thread
Oct 29, 2021 View
7
ipdev
V0latyle said:

@ipdev does this mean that we may potentially have to wipe /data every single time vbmeta is flashed, unless we follow the OTA sideload method? As far as that goes, why does it only seem to succeed after the OTA is sideloaded?

I mean this is better than not having a workaround.

Click to expand...

Click to collapse

I have been waiting for the November update to test updating Android 12.
We will find out in a few days when it is released.

Currently I think we have a good chance to update from the Android 12 October build to the November build without having to wipe data.
As long as you disabled verity, verification and wiped data when initially updating to (or clean flash) Android 12.

I have mentioned before (in a different thread), I update using the full factory image and modify the flash-all script.

This is what I plan to try.

Code:

fastboot --disable-verity --disable-verification --skip-secondary --skip-reboot update image-redfin-NameOfUpdate.zip fastboot reboot bootloader

The skip-reboot option will leave the device in fastboot_d so I add a reboot to bootloader.
If nothing else needs to be flashed after the update, I just fastboot reboot.

Long (still continuing) story short.

Once Android 12 is installed, verity and verification are disabled and data is wiped.

You can flash the boot partition as much as you want on Android 12.

You can dirty-flash Android 12 again using the above fastboot command without having to wipe data again.
The --skip-secondary is not needed, I just included it to speed up the flash a bit.

I still do not know what the trigger is for the corruption error.

---

As I mentioned in the post you quoted.

The corruption issue has to do with verifying the boot partition on Android 12.
Unless data is wiped after disabling verity and verification.

Since Magisk lives in boot, it unpacks, modifies, repacks and flashes the modified boot image to the boot partition.

It is not Magisk itself that triggers the corruption error, it is simply just a different boot image installed.

The same happens with a repacked (non modified) version of the stock boot image.

I used AIK to unpack and repack the stock boot image with no modification.

Cheers.

PS.
@osm0sis
I know you are aware of this issue with Magisk but, it also affects AIK and probably AK3.
Basically anything that modifies the installed boot partition.

Code:

[ip@lost AIK-Linux]$ ./unpackimg.sh redfin-sp1a.210812.015-boot.img Android Image Kitchen - UnpackImg Script by osm0sis @ xda-developers Supplied image: redfin-sp1a.210812.015-boot.img Setting up work folders... Image type: AOSP Signature with "AVBv2" type detected. Splitting image to "split_img/"... ANDROID! magic found at: 0 BOARD_KERNEL_CMDLINE BOARD_PAGE_SIZE 4096 BOARD_OS_VERSION 12.0.0 BOARD_OS_PATCH_LEVEL 2021-10 BOARD_HEADER_VERSION 3 BOARD_HEADER_SIZE 1580 Unpacking ramdisk (as root) to "ramdisk/"... Compression used: lz4-l 4937 blocks Done! [ip@lost AIK-Linux]$ ./repackimg.sh --original --origsize Android Image Kitchen - RepackImg Script by osm0sis @ xda-developers Repacking with original ramdisk... Getting build information... kernel = redfin-sp1a.210812.015-boot.img-kernel ramdisk = redfin-sp1a.210812.015-boot.img-ramdisk.cpio.lz4 cmdline = os_version = 12.0.0 os_patch_level = 2021-10 header_version = 3 Building image... Using format: AOSP Padding to original size... Done!

Also the modified boot image can not boot into fastboot_d while failing verification.
We are droped back to bootloader or recovery's Rescue Party when verification fails.
As noted above, the only way to disable verity and verification includes wiping data.

PPS.
Quick note for those trying to following along.
fastboot_d is part of the boot image (not the bootloader) and is the boot mode used to flash critical partitions.

The successor to fastboot flashing unlock_critical
Nov 1, 2021 View
5
ipdev
hfam said:

Thanks @ipdev and @V0latyle for the great posts, this looks like you've sorted this issue out as a solid workaround!

I'm on a Pixel 5a 5G/A11/Magisk 23, and want to go to A12. Since the Pixel 2 I too did all my updates via full system image and flash-all (del -w) using platform-tools and don't know much about OTA while maintaining root, I never needed it. @ipdev post gives me some hope because I understand that approach using the flash-all and full system images for updates because it's very familiar.

That said, can you confirm I have fully grasped the way forward based on your posts and code above?

- using latest platform-tools, update from A11 to A12 with full system image with supplied stock flash-all, leave in -w to allow the data wipe, and let it finish, of course removes root and is essentially a clean A12 (Is this correct or do I need to use the OTA for A12 instead? Do I need any disable flags on this first run?)

- using platform-tools, install the same full system image (because we don't have a newer monthly yet, so same image) again only this time use the edits in flash-all @ipdev shared (modified with the correct image name) which does a dirty full system flash (without -w, preserving /data), sets the appropriate disable flags, and will then allow using Magisk 23 to patch boot.img from the system image, and proceed to reflash it to boot as we used to do before A12 without failing.

- from that point forward, for the monthlies we can continue to update using full system image using the edited fastboot lines in @ipdev example (has no -w flag) to apply the monthly update in a way that will keep A12 from rejecting the patched boot.img to regain root.

Sorry for the lengthy post, but I really want to get this right, and I'm pretty excited and relieved that it appears we can do this all using full system images as I always have, no OTAs are required. I'm extremely grateful for this thread and the quick work of @ipdev @V0latyle @osm0sis and all the good folks working to get this sorted out.

Thanks all,
hfam

Click to expand...

Click to collapse

Hi.

You need to wipe data once after disabling verity and verification on Android 12.

After that, you can update Android 12 without wiping data as long as you keep verity and verification disabled.

I only use the full factory images to update.
Same as I have since the Nexus days.
Factory Images for Nexus and Pixel Devices - WebSite - developers.google - Link

I am not sure what works using the incremental (OverTheAir) updates.

---

To clean flash a12 and disable both verity and verification add the disable flags.

Code:

fastboot -w --disable-verity --disable-verification update image-redfin-sp1a.211105.003.zip

The fastboot options control how the fastboot command(s) work.
-w Wipe userdata. (This is done at the end of update).
--disable-verity Sets disable-verity when flashing vbmeta.
--disable-verification Sets disable-verification when flashing vbmeta.

After the initial install and wipe, you can update (dirty flash) without the -w option.

Code:

fastboot --disable-verity --disable-verification update image-redfin-sp1a.211105.003.zip

You can add..
--skip-reboot Don't reboot device after flashing.
This will leave you in the last boot mode.

fastboot_d on newer devices.
I mentioned somewhere, I use this option and add a reboot to bootloader to the flash-all script.

If you just want to manually reboot the device or modify something before boot.
Example booting a Magisk patched boot image.

--skip-secondary Don't flash secondary slots in flashall/update.
This will only flash the update to the current (active) slot.

Since the introduction of virtual A/B I have not noticed any advantage to flashing the opposite slot.
Only true A/B has saved me from bad flashes.

When testing and trouble shooting, I still flash to both slots on virtual A/B devices.
Just incase.

Hope it helps more than confuse.

Cheers.
Nov 3, 2021 View
4
ipdev
V0latyle said:

View attachment 5446899

We finally figured it out.

Turns out that once dm-verity and vbmeta verification are disabled, you CANNOT let the system boot with them enabled. If /vbmeta gets flashed, such as during an OTA or a factory image, and you let it boot into system, disabling verity/verification is going to require a wipe.

Unfortunately, for those of you upgrading from Android 11, there is simply no way around this - for permanent root, verity/verification must be disabled, and to disable verity/verification, /data must be clean.

I will be updating my guides shortly.

Click to expand...

Click to collapse

This is what I was referring to in my previous post.

ipdev said:

As long as you disabled verity, verification and wiped data when initially updating to (or clean flash) Android 12.

Click to expand...

Click to collapse

ipdev said:

This is what I plan to try.

Code:

fastboot --disable-verity --disable-verification --skip-secondary --skip-reboot update image-redfin-NameOfUpdate.zip fastboot reboot bootloader

Click to expand...

Click to collapse

ipdev said:

Once Android 12 is installed, verity and verification are disabled and data is wiped.

You can flash the boot partition as much as you want on Android 12.
You can dirty-flash Android 12 again using the above fastboot command without having to wipe data again.
The --skip-secondary is not needed, I just included it to speed up the flash a bit.

Click to expand...

Click to collapse

Just to clerify this last quote. I was dirty-flashing the full factory image disabling verity and verification during the update flash.
This only worked because I had already wiped data when I initially installed Android 12 clearing the the trigger.

Cheers.

Edit:
PS.
I had no issues updating to redfin-sp1a.211105.003.

Modified flash-all script.

Bash:

#!/bin/sh # Copyright 2012 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. if ! [ $($(which fastboot) --version | grep "version" | cut -c18-23 | sed 's/\.//g' ) -ge 3103 ]; then echo "fastboot too old; please download the latest version at https://developer.android.com/studio/releases/platform-tools.html" exit 1 fi fastboot flash bootloader bootloader-redfin-r3-0.4-7617468.img fastboot reboot-bootloader sleep 5 fastboot flash radio radio-redfin-g7250-00147-210811-b-7631450.img fastboot reboot-bootloader sleep 5 # fastboot -w update image-redfin-sp1a.211105.003.zip fastboot --disable-verity --disable-verification --skip-secondary --skip-reboot update image-redfin-sp1a.211105.003.zip fastboot reboot bootloader
Nov 2, 2021 View
4

osm0sis

AIK not yet supporting hdr_v4 aside, it also can't AVBv2 sign anything (yet...), so thar also be dragons trying to flash anything unsigned on a device that wants all partitions signed.

Nov 1, 2021 View

New posts

How To Guide [12R/Ace 3] EDL DownloadTool to restore your device to OxygenOS/ColorOS
- Latest: Canuck Knarf
- A moment ago
OnePlus 12R / OnePlus Ace 3
Development TWRP for m12 U3 and U2
- Latest: physwizz
- A moment ago
Samsung Galaxy M12
SPAM Reporting Thread: This thread is to be used in reporting any and all found Spam.
- Latest: Dayuser
- 3 minutes ago
About XDA developers
Question OnePlus Ace 3 Genshin Impact Edition
- Latest: Canuck Knarf
- 11 minutes ago
OnePlus 12R / OnePlus Ace 3
A
Question Question about the most recent (April) official Google security updates
- Latest: adblacklidge
- 15 minutes ago
Google Pixel 8