How to disable dm-verity on `Treble` , `system-as-root` device?
4
votes
1
answer
4341
views
**Background:** Please check following links
1. How to disable dm-verity on Android with “user” build type ROM?
2. Stuck in boot-loop when unpack and pack
system.img?
**Update:** So, I am trying to disable dm-verity on my Samsung S10 5G device to successfully flash an unpack, unmodified and then packed system.img.ext4.lz4 file(with another ROM files) using Odin.
I have tried the following things:
1. Removed avb flag from boot.img with following commands:
# magiskboot dtb boot.img print -f
> #345900: fstab
│ [compatible]: [android,fstab]
├── #345940: vendor
│ [compatible]: [android,vendor]
│ [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│ [type]: [ext4]
│ [mnt_flags]: [ro,barrier=1,discard]
│ [fsmgr_flags]: [wait,slotselect,avb]
│ [status]: [ok]
└── #346156: vm-linux
#343692: fstab
│ [compatible]: [android,fstab]
├── #343732: vendor
│ [compatible]: [android,vendor]
│ [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│ [type]: [ext4]
│ [mnt_flags]: [ro,barrier=1,discard]
│ [fsmgr_flags]: [wait,slotselect,avb]
│ [status]: [ok]
└── #343948: vm-linux
# magiskboot dtb boot.img patch
# magiskboot dtb boot.img print -f
> #345900: fstab
│ [compatible]: [android,fstab]
├── #345940: vendor
│ [compatible]: [android,vendor]
│ [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│ [type]: [ext4]
│ [mnt_flags]: [ro,barrier=1,discard]
│ [fsmgr_flags]: [wait,slotselect]
│ [status]: [ok]
└── #346152: vm-linux
#343692: fstab
│ [compatible]: [android,fstab]
├── #343732: vendor
│ [compatible]: [android,vendor]
│ [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│ [type]: [ext4]
│ [mnt_flags]: [ro,barrier=1,discard]
│ [fsmgr_flags]: [wait,slotselect]
│ [status]: [ok]
└── #343944: vm-linuxavb and verify flags from dtbo.img with following commands:
# magiskboot dtb dtbo.img print -f
> #126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
#126596: fstab
├── #126608: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]# magiskboot dtb dtbo.img print -f
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126796: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor
# magiskboot dtb dtbo.img patch
# magiskboot dtb dtbo.img print -f
> #126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126792: vendor
#126596: fstab
├── #126608: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126788: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126792: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126792: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126792: vendor
#126600: fstab
├── #126612: product
│ [compatible]: [android,product]
│ [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│ [type]: [ext4]
│ [mnt_flags]: [ro,errors=panic]
│ [fsmgr_flags]: [wait,]
└── #126792: vendorramdisk.cpio with following commands:
# magiskboot cpio ./initrd 'patch false true'
Loading cpio: [./initrd]
Patch with flag KEEPVERITY=[false] KEEPFORCEENCRYPT=[false]
Found fstab file [etc/recovery.fstab]
Dump cpio: [./initrd]
# magiskboot cpio ./initrd extract
# cat etc/recovery.fstab
> # Copyright (c) 2013, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
/dev/block/bootdevice/by-name/boot /boot emmc defaults recoveryonly
/dev/block/bootdevice/by-name/recovery /recovery emmc defaults recoveryonly
/dev/block/bootdevice/by-name/system / ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/userdata /data ext4 defaults wait,length=-16384
/dev/block/bootdevice/by-name/cache /cache ext4 defaults recoveryonly
/dev/block/mmcblk0p1 /sdcard vfat defaults recoveryonly
/dev/block/bootdevice/by-name/sec_efs /efs ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/sec_efs /sec_efs ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/carrier /carrier ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/hidden /preload ext4 defaults recoveryonly
# FOTA
/dev/block/bootdevice/by-name/apnhlos /modem emmc defaults recoveryonly
/dev/block/bootdevice/by-name/modem /mdm emmc defaults recoveryonly
/dev/block/bootdevice/by-name/dsp /dsp emmc defaults recoveryonly
/dev/block/bootdevice/by-name/vendor /vendor ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/product /product ext4 defaults recoveryonly
# Add misc for GOTA
/dev/block/bootdevice/by-name/misc /misc emmc defaults recoveryonly
# Samsung ODE
/dev/block/bootdevice/by-name/keydata /keydata ext4 defaults recoveryonly
/dev/block/bootdevice/by-name/keyrefuge /keyrefuge ext4 defaults recoveryonly
#Auto-generated code by FOTA Portal
/dev/block/bootdevice/by-name/dtbo /dtbo emmc default recoveryonlydtbo.img to dtbo.img.lz4 using lz4 compression tool and created new recovery.img image with patched initrd file.
After that. I have tried to flash magisk_patched.tar file with AP contents as one of the following:
- Overwritten all three patched file in points 1, 2 and 3 above.
-> Stuck at splash screen when trying to go to recovery after successfully flash with Odin. Download mode is appearing on splash screen.
- Overwritten 1.boot.img and 2.dtbo.img.lz4 above.
-> Successfully rooted but when trying to edit the system_root partition then I am facing the following problem:
D:\>adb shell
beyondxq:/ $ su
beyondxq:/ # mount -o rw,remount /system
beyondxq:/ # cd system
beyondxq:/system # echo "Test /system mounting" > temp.txt
beyondxq:/system # cat temp.txt
Test /system mounting
beyondxq:/system # cd ..
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # echo "Test /system_root mounting" > temp.txt
/system/bin/sh: can't create temp.txt: Read-only file system ---> Error here
1|beyondxq:/ # cat system/temp.txt
Test /system mounting
beyondxq:/ # cat system_root/temp.txt
cat: system_root/temp.txt: No such file or directory ---> Verify: File not created
1|beyondxq:/ # exit
1|beyondxq:/ $ exit
D:\>adb remount
Not running as root. Try "adb root" first.
D:\>adb root ---> It didn't work as the next command is not working
D:\>adb remount
Not running as root. Try "adb root" first.
D:\>adb shell
beyondxq:/ $ su
beyondxq:/ # ls sdcard
Alarms Android DCIM Download Movies Music Notifications Pictures Podcasts Ringtones Samsung selinux_policy_modified
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # cp sdcard/selinux_policy_modified /system_root/sepolicy
cp: /system_root/sepolicy: Permission denied ---> Permission Denied here
1|beyondxq:/ #boot.img and 2.dtbo.img.lz4 above with unpack and packed system.img.ext4.lz4
-> The result is boot-loop after successful flashing.
Please suggest what went wrong or am I missing any step.
Asked by Vatish Sharma
(1101 rep)
Nov 14, 2019, 12:24 PM
Last activity: Oct 27, 2024, 07:03 PM
Last activity: Oct 27, 2024, 07:03 PM