 | Robotnix | 244 Members |
| Build Android (AOSP) using Nix | https://github.com/danielfullmer/robotnix | 75 Servers |
| Robotnix | 244 Members |
| Build Android (AOSP) using Nix | https://github.com/danielfullmer/robotnix | 75 Servers |
| Sender | Message | Time |
|---|---|---|
| 9 Jul 2021 | ||
 danielrf | Andreas Schrägle: So far it has been updated irregularly. | 16:38:07 |
| danielrf | It'd be nice to include LineageOS in the monthly updates that other flavors get, and they appear to merge the monthly source updates relatively quickly | 16:38:13 |
| danielrf | I'm just unsure how long to wait until most devices should be ready and working with the latest monthly updates | 16:38:33 |
 cde | danielrf: for this month you could wait till https://review.lineageos.org/c/LineageOS/android/+/313268 goes in | 16:56:52 |
| cde | it's usually merged the weekend of release, gives enough time to sort all issues out | 16:57:40 |
| cde | last one was the monday after because there a google commit broke a bunch of devices | 16:57:57 |
| 11 Jul 2021 | ||
 mvnetbiz joined the room. | 01:52:38 | |
| 12 Jul 2021 | ||
 khimaros joined the room. | 18:36:22 | |
| danielrf | Just pushed lineageos-2021.07.12.17 tag. Includes https://review.lineageos.org/c/LineageOS/android/+/313268 . Tested working on sunfish. | 19:05:03 |
| 17 Jul 2021 | ||
 jaen joined the room. | 12:00:05 | |
| jaen | Hi, I don't currently have a supported device, but I'm interested to know a) whether being able to lock the bootloader means that NFC payments would work? b) if so, does that extend to Pixels only, or would it work with devices supported by LineageOS?, c) if it works with LineageOS, then is there an easy way to add an additional device to the snapshot? (I can see some repose containing device/vendor trees and would like to see if they work) | 12:24:48 |
 samueldr | hi, not 100% positive on the answers, but here goes B: AFAIK re-locking the bootloader with user controlled yes (the important part) is only possible on Pixel hardware. Though there's not much documentation elsewhere about this on any other project than GrapheneOS. A: Not sure whether it helps with the "secure" operations like NFC payments, considering some devices+roms combos apparently can do it without user-controlled keys and locked bootloaders. But my knowledge about that is old; I know they changed a lot about security and device attestation(?) since in Android. C: the list of devices is taken from the LineageOS CI. There are ways to use other devices, but I don't know off the top of my head. Not sure this is 100% relevant, but this shows how to add a non-upstream ROM *without modifying Robotnix sources, manually: https://gist.github.com/danielfullmer/c9b785759fb3235418f2ed874c719bcd The main idea being you need to track down the few repositories being used by said device and add them to "known sources" (the | 18:56:34 |
 Robin | In reply to @samueldr:matrix.orgLocking the Bootloader with user controlled keys seems to be Possible with OnePlus Devices, which are newer than the 6t: https://forum.xda-developers.com/t/guide-re-locking-the-bootloader-on-the-oneplus-8t-with-a-self-signed-build-of-los-18-1.4259409/ Warning: this seems to be experimental/a proof of concept and is not used anywhere yet. | 19:34:45 |
| samueldr | yeah, maybe I should have said "known to work well" | 19:38:42 |
 hmenke | For NFC payment you need Google's device attestation called SafetyNet. There is an implementation in microG, but that never worked for me. The only times I've seen SafetyNet work correctly was on stock ROMs. | 19:56:23 |
| samueldr | yeah, safetynet is the "secure" part I was thinking about but couldn't remember the name... | 20:04:33 |
| samueldr | ... and is the one what received further "enhancements" | 20:04:46 |
| Robin | I found a good overview about relocking the bootloader with your own keys: "Oh, ok, but will it help me pass SafetyNet? Not really, SafetyNet is dependent on many things, including a locked bootloader. If you want to relock your bootloader for this reason I suggest you go no farther. Google can change SafetyNet requirements at any time and do so reasonably often" "isn't their an easier way? Or use an custom ROM that is specifically designed to be used with relocked bootloaders. There are a few around but they often have (for all the reasons stated above) very limited device support." https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/ | 22:33:07 |
| Robin | I think GrapheneOS with robotnix and a supported device is the best way to have a locked bootloader with custom keys. | 22:34:22 |
| 18 Jul 2021 | ||
| cde | https://hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot | 00:13:09 |
| 19 Jul 2021 | ||
 jack | grapheneos-2021.07.16.19 built and tested on redfin! | 18:53:06 |
| 18 Jul 2021 | ||
| cde | That gives a good overview of the whole bootloader locking situation | 00:13:28 |
| danielrf | Pushed grapheneos-2021.07.16.19 tag. Briefly tested working on sunfish and crosshatch. | 07:17:12 |
| 20 Jul 2021 | ||
 Andrea Pascal joined the room. | 03:36:56 | |
| 21 Jul 2021 | ||
| danielrf | Pushed grapheneos-2021.07.19.18 tag. Tested working on crosshatch. | 02:34:59 |
| jack | Works on redfin! | 22:46:44 |
| 23 Jul 2021 | ||
| Room Avatar Renderer. | 23:25:16 | |
| 24 Jul 2021 | ||
| jaen | Thanks for the reponses re: locking. So from what I understand this basically means "well, you could try locking the bootloader, but you will still probably have the same kind of issues like with unlocked bootloader/root, because SafetyNet doesn't care about supporting custom roms and if it perchance works, no guarantee it will keep to", is that a correct understanding? | 11:47:11 |
| cde | you can't just relock the bootloader on any device, and also can't just do it on any rom - it has to be built to support that. | 13:10:24 |
| samueldr | relocking the bootloader without enrolling custom keys generally means the OEM's keys are used, and the custom ROM won't be signed with those keys, so it won't boot | 19:18:03 |