-
Notifications
You must be signed in to change notification settings - Fork 655
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Samsung Tab A 10.5 (2018) | SM-T590] Bootloop #157
Comments
I'm guessing this is the same issue as on Galaxy A/J phones, which do have
a TWRP, and I've got a log of it somewhere...
Well until then you can try to disable keymaster (that's almost always the
issue...).
To do that, list keymaster Hal: ls /vendor/lib64/hw/key*
Then to disable them, edit system.img's bin/rw-system.sh, and add before
the set -e, mount -o bind /system/phh/null /vendor/lib64/hw/...
Then flash the modified system.img and try to boot
Le mar. 28 août 2018 à 19:55, Dave Heineman <notifications@github.com> a
écrit :
… Hello,
I have the new Samsung Tab A (2018) and attempted to flash some treble
images on it following the steps on xda
<https://www.xda-developers.com/flash-generic-system-image-project-treble-device/>.
Unfortunately it did not work.
Initially i booted the device on the stock firmware, enabled developer
settings and switched "OEM Unlock" on. After a forced factory reset and
reboot it now shows "bootloader has already been unlocked"
I then rebooted to recovery, reset to factory settings, booted to the
bootloader and ran:
heimdall flash --SYSTEM <image>
After that the tablet rebooted and got stuck in a bootloop, It just shows
the *Samsung Tab A, Secured by Knox, Powered by android* logo and then
reboots.
I was able to get back to recovery and the bootloader and flash the
system.img extracted from the stock firmware with the same heimdall
command to restore the tablet to working order (recovery with odin also
works).
I am not quite sure how to get a log from the system when it is booting (adb
-d logcat just keeps saying "waiting for device") so help with this would
be appreciated.
p.s. The device is not rooted and does not have custom recovery
Tested images:
- phhtreble_8.1_arm64_aonly_gapps_su.img (v23)
- phhtreble_9.0_arm64_aonly_vanilla_nosu.img (v102)
Device Information:
Model number: SM-T590
<https://www.devicespecifications.com/en/model/f2864bba> (gta2xlwifi)
Treble support: Yes, A only
Stock Software Information *Android version*: 8.1.0
*Samsung Experience version*: 9.5
*Kernel version*:
3.18.71-13907827 (gcc version 4.9.x 20150123 (prerelease) (GCC))
***@***.*** #1
Wed Jul 18 23:01:44 KST 2018
*Build number*: M1AJQ.T590XXU1ARG7
*SE for android status*:
Enforcing
SEPF_SM-T590_8.1.0_0002
Wed Jul 18 23:14:38 2018
*Knox version*:
Knox 3.2
Knox API level 26
TIMA 4.1.0
*Service provider SW ver.*:
SAOMC_SM-T590OXM_PHN_OO_0011
19400676
PHN//
*Security software version*:
ASKS v1.4 RELEASE 180410ADP v1.0 Release 180525
SMR Jun-2018 Release 1
*Android security patch level*: June 1, 2018
Additional resources
getprops.txt
<https://github.com/phhusson/treble_experimentations/files/2329186/getprops.txt>
(serial redacted)
boot.img.zip
<https://github.com/phhusson/treble_experimentations/files/2329161/boot.img.zip>
(obtained from the T590XXU1ARG7_T590OXM1ARG7_PHN stock image downloaded
from sammobile. other parts, or the entire file is available on request)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#157>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAOOmkZja8Mv9Do_bliG0f66PnapbWrks5uVYQfgaJpZM4WQGyt>
.
|
@phhusson After attempting to list those hals and not finding the lib64 folder i realized that this tablet is arm and not arm64 😳 thus i retried with the arm images but still not success. So following your steps and modified the system.img (for both 8.1 & 9.0) but alas no change. I did notice something during flashing which i had not noticed before (i could have missed it). On the
Any more ideas? For reference, the steps i executed to modify the Phh-Treble system images: adb shell
gta2xlwifi:/ $ ls -la /vendor/lib/hw/key*
-rw-r--r-- 1 root root 16188 2008-12-31 16:00 /vendor/lib/hw/keystore.mdfpp.so
-rw-r--r-- 1 root root 67792 2008-12-31 16:00 /vendor/lib/hw/keystore.msm8953.so simg2img system.img system.raw.img
sudo mount --rw system.raw.img android
sudo nano android/bin/rw-system.sh #!/system/bin/sh
+ mount -o bind /system/phh/null /vendor/lib/hw/keystore.mdfpp.so
+ mount -o bind /system/phh/null /vendor/lib/hw/keystore.msm8953.so
set -e
... sudo umount android
img2simg system.raw.img system_custom.img 4096 |
Oops my bad. It's system/phh/empty, not phh/null. |
no problem, i remade the custom images with the correct mount and tried to flash those but no success. So i patched the stock boot.img with magisk and flashed that with the custom system.img. Whilst neither image would boot, the boot screen now showed a phhtreble_8.1_arm_aonly_vanilla_nosu_custom_boot.log I reflashed stock and now have root access so if you need any more logs or files let me know. |
Can you try the same thing with 64bits image instead of 32bits? |
Erm, I should explain why Having HAL running 32bits is totally possible |
Thanks for the explanation, based on the specs i also assumed the tablet was 64bit. I modified the arm64 images i initially tried with the bind mounts and flashed those and although they did not fully boot to android there are some new things of note. 1. The bootloader does not automatically reboot the tablet after flashing the image and heimdall gives the following log message:
2. On both the 8.1 & 9.0 image the system does not seem to bootloop anymore. I tried to download /sys/fs/pstore and/or /proc/last_kmsg (you mentioned them in another issue). But i am hit with a Below are the boot logs. p.s. i attempted the 8.1 trice (as i though it failed until i checked adb shell) and the log sizes seemed to vary between 1 and 11 mb. p.p.s Somewhere along the line i also got the blue |
Okay. It looks like scripts run in my SELinux context are broken. Could you
redo the logcat with -b all? (Or was it already the case?)
Could be because of magisk, could be because of Samsung.
Can you check the value of the environment LD_CONFIG_FILE?
Should be ld.config.26.txt
The current issue is surfaceflinger not finding an opengl implementation.
To debug that, run the command "stop" to stop android from trying to run.
Then do a strace of it:
strace -f -s 300 -o /data/local/tmp/str surfaceflinger
And retrieve the str file
My guess is that the OpenGL implementation requires additional libs in
vndk-sp that are not present in standard vndk-sp.
Another way to debug that is to retrieve the gl lib (in vendor/lib64/egl)
and check its dependencies with readelf -a |grep NEEDED
Le mer. 29 août 2018 à 23:58, Dave Heineman <notifications@github.com> a
écrit :
… Thanks for the explanation, based on the specs i also assumed the tablet
was 64bit.
I modified the arm64 images i initially tried with the bind mounts and
flashed those and although they did not fully boot to android there are
some new things of note.
1. The bootloader does not automatically reboot the tablet after flashing
the image and heimdall gives the following log message:
...
Uploading SYSTEM
100%
SYSTEM upload successful
Ending session...
ERROR: Failed to receive session end confirmation!
Releasing device interface...
2. On both the 8.1 & 9.0 image the system do *not* seem to bootloop
anymore.
It starts, shows the *Samsung Tab A* screen and then turns to black. The
logcat command finishes and i am able to access a adb shell but it seems to
be in an incomplete state as i could not open /sdcard.
I tried to download /sys/fs/pstore and/or /proc/last_kmsg (you mentioned
them in another issue). But i am hit with a Permission denied running and adb
root also gives a adbd cannot run as root in production builds and as
installing adbd Insecure does not seem likely any ideas around that?
Below are the boot logs.
phhtreble_8.1_arm64_aonly_gapps_su_custom_boot.log
<https://github.com/phhusson/treble_experimentations/files/2333844/phhtreble_8.1_arm64_aonly_gapps_su_custom_boot.log>
phhtreble_9.0_arm64_aonly_vanilla_nosu_custom_boot.log
<https://github.com/phhusson/treble_experimentations/files/2333800/phhtreble_9.0_arm64_aonly_vanilla_nosu_custom_boot.log>
p.s. i attempted the 8.1 trice (as i though it failed until i checked adb
shell) and the log sizes seemed to vary between 1 and 11 mb.
Somewhere along the line i also got the blue
<https://i.ytimg.com/vi/Ox_p3cXYlP4/maxresdefault.jpg> An error has
occurred while update the device software... screen but i was able to
recover from it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#157 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAOOgsu0Iix-bJWyxIg9PryDTaOjoiDks5uVw6egaJpZM4WQGyt>
.
|
Here are the new logs for the 8.1 image now with phhtreble_8.1_arm64_aonly_gapps_su_custom.log The Environment variable contained And whilst is was unable to execute the stop command (permission denied) i was able to pull the egl files and ran a readelf on them. I can do the same for the new 9.0 v103 image tonight if needed. |
Well you need to call su before doing stop or the strace |
I think i tried that but it waited for a little while before also giving me something along the lines of permission denied. I thought it might be because i can not approve the request for root on the tablet. (previously when i tried that on stock the os prompted me to approve or deny the request). But i can try again tonight. |
Try running "phh-su" instead perhaps. It should fallback to my su instead of magisk, which doesn't ask for permission when coming from adb shell |
I tried running phh-su in adb shell but i does not seem to work. The command just "gets stuck" and never responds. |
Could you try with my latest 8.0 AOSP? |
Sure no problem, i can download and test it tonight. Do note that the tablet came stock with android 8.1 will downgrading it even be possible? |
Oh, excellent point. Could you send me a dump of your vendor partition? |
Would the vendor.img.ext4.lz4 (link valid untill 7 September, 2018) |
Yup that's fine, thanks. |
OKAY. I'm stupid, I should have checked that. I'll make you an image to test that. |
That's not perfect, but we'll with this: I'm expecting it will still not boot, but I could be wrong so first test that. You can do it before flash like you did before, or simpler: (if this works, I'll integrate binder version binder bitness auto-detection inside the "arm" image) |
A boot with the system.img got stuck on the "Samsung Galaxy Tab A, powered by android" screen but i can get a shell. After pushing the two .so files it has started bootlooping again but i now occasionally get a android screen before it reboots. included is a log from a boot with the android screen showing up checking out the log, the reboot seems to be caused by keymaster/cryptfs:
|
Ok, the Android logo means it got working GL, good.
Now we can see keymaster errors, so add again the two mount -o bind to
rw-system
Le ven. 31 août 2018 à 18:24, Dave Heineman <notifications@github.com> a
écrit :
… A boot with the system.img got stuck on the "Samsung Galaxy Tab A, powered
by android" screen but i can get a shell.
After pushing the two .so files it has started bootlooping again but i now
occasionally get a a android
<https://helloworldhelp.files.wordpress.com/2018/03/android-boot-logo.jpg?w=700&h=400&crop=1>
screen before it reboots.
included is a log from a boot with the android screen showing up
boot_with_android.log
<https://github.com/phhusson/treble_experimentations/files/2340815/boot_with_android.log>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#157 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAOOpJ0Duk54EK012-sk3fZibcn2hVxks5uWWMngaJpZM4WQGyt>
.
|
Does not seem like it changed anything steps for reference:
#!/system/bin/sh
+ mount -o bind /system/phh/empty /vendor/lib/hw/keystore.mdfpp.so
+ mount -o bind /system/phh/empty /vendor/lib/hw/keystore.msm8953.so
set -e
|
Could you give a try without magisk? |
Mounted the test image in ubuntu copied the .so files and modified rw-system.sh to create a custom image (as the steps above will require root and not work on original boot)
The After this it was just bootloops in every way i tried to flash it (i even tried flashing the full stock package with odin3) but no success. I reflashed rooted_boot.img after which it booted again (on stock system.img) so it seems like the tablet is completely refusing to start on stock boot. |
Perhaps try to simg2img the system.img before flashing it? |
Flashing the (non sparse) patched_system.raw.img did work, but as before booting on the stock boot.img does not; and as i have no root i do not get any logs. After this i reflashed rooted_boot.img and booted it got stuck on the Samsung Galaxy tab A screen again but based on the log it got stuck in some different kind of loop. I cut it off a some point as the logs seem to be repeating but i have included the file. Something (i believe) of note is that it seems like in this case it did at least run rw-systems.sh (or made an attempt)
rooted-boot_patched_system.log p.s. i hope these logs and debug information is still helpful to you, i think it is already awesome you are helping out to such an extend. |
Without magisk, what's the precise behaviour? Reboot straights to download mode? recovery? Stuck? I guess that your next thing to try is to remove /vendor/lib/hw/key*. Android will fallback to software keymaster |
Booting the device on stock boot.img without magisk with whatever system.img (including stock) will result in the tablet continuously rebooting directly after the Samsung Galaxy Tab A screen occasionally flashing a black screen, Booting with a magisk patched boot.img and v23 arm system will do the same but also produce a log. Using the test image from comment 417681968 the tablet will get stuck on the Samsung Galaxy Tab A screen with a never ending log and the same goes for the patched image (log) I am not quite sure what is going on because even without the .so patches i am not seeing the openGL errors in the logs anymore and i am not able to get back to the "android logo" boot screen. Is it now crashing before even getting to this point or is some file or configuration staying behind even after flashing boot & system and factory resetting the device between every flash? I can also no longer access a root shell with the test image on the device as after executing a Currently the only way to boot the tablet in a working android system is with a magisk patched boot image and the stock system image. side note: i noticed a keymaster.mbn file in the stock image files. Could be completely unrelated or unhelpful but given it's name i though can't do any harm to include it. |
Some new (Samsung...) devices surfaced with 32bits software, 64bits binder, and also various annoying stuff that might be related to what you get. |
Hi, Just letting you know that I tried flashing resurrection remix GSI on my tab 10.5 and it does not work. It gives the galaxy tab A screen and goes into bootloop. No resurrection logo, no sign of any life. I really would like to help but I have no idea on how to get a adb via original stock recovery. Building it myself wouldn't work either. I'm living in poor little belgium where I have a 200GB data limit which is almost not enough for me alone. File flashed: system-190406-arm32binder64-aonly-vanilla-nosu.img |
Sorry for reviving this old topic, but did someone found a problem about it? I got the same problem with Samsung Galaxy Tab S4.
... |
OK, seems like removing /vendor/lib64/hw/keystore.* did the job. Sadly, it might lose encryption by hardware. Not expert on this. |
hello guys, i have an Tab A t590, and im trying to flash the firmware but no luck, the OEM its locked and i cant acces the settings tab ...not passing after logo....i need help please !! |
Hello,
I have the new Samsung Tab A (2018) and attempted to flash some treble images on it following the steps on xda. Unfortunately it did not work.
Initially i booted the device on the stock firmware, enabled developer settings and switched "OEM Unlock" on. After a forced factory reset and reboot it now shows "bootloader has already been unlocked"
I then rebooted to recovery, reset to factory settings, booted to the bootloader and ran:
heimdall flash --SYSTEM <image>
After that the tablet rebooted and got stuck in a bootloop, It just shows the Samsung Tab A, Secured by Knox, Powered by android logo and then reboots.
I was able to get back to recovery and the bootloader and flash the
system.img
extracted from the stock firmware with the same heimdall command to restore the tablet to working order (recovery with odin also works).I am not quite sure how to get a log from the system when it is booting (
adb -d logcat
just keeps saying "waiting for device") so help with this would be appreciated.p.s. The device is not rooted and does not have custom recovery
Tested images:
Device Information:
Model number: SM-T590 (gta2xlwifi)
Treble support: Yes, A only
Stock Software Information
Android version: 8.1.0Samsung Experience version: 9.5
Kernel version:
3.18.71-13907827 (gcc version 4.9.x 20150123 (prerelease) (GCC))
dpi@21HH1D11 #1
Wed Jul 18 23:01:44 KST 2018
Build number: M1AJQ.T590XXU1ARG7
SE for android status:
Enforcing
SEPF_SM-T590_8.1.0_0002
Wed Jul 18 23:14:38 2018
Knox version:
Knox 3.2
Knox API level 26
TIMA 4.1.0
Service provider SW ver.:
SAOMC_SM-T590OXM_PHN_OO_0011
19400676
PHN//
Security software version:
ASKS v1.4 RELEASE 180410ADP v1.0 Release 180525
SMR Jun-2018 Release 1
Android security patch level: June 1, 2018
Additional resources
getprops.txt (serial redacted)
boot.img.zip (obtained from the
T590XXU1ARG7_T590OXM1ARG7_PHN
stock image downloaded from sammobile. other parts, or the entire file is available on request)The text was updated successfully, but these errors were encountered: