DivestOS: long term device support with enhanced privacy and security

Samsung Galaxy S7 SM-G930F (herolte)

divestos_herolte

DivestOS Mobile build divested-14.1-20200723-dos-herolte could not be tested with my SM-G930F

The DivestOS installed with TWRG 3.3.1-0 did not start, which means that the device booted and stopped immediately after the Samsung Galaxy S7 logo was visible. No boot loop, nothing. Just standstill.

I did not even try the DOS-herolte-recovery, nor do I remember my experiences with the S5 SM-G900F.



Hej @SkewedZeppelin,
since November 2019 Google has not released any security patches for Android 7.1.2. How do the latest Android security patches get into the build divested-14.1-20200723-dos-herolte?

FYI, I have 3 problems with the latest update/version on shamu. (1) When powered off for shutdown, it immediately powers back on (another reason for removable battery). (2) It takes 2 “boot cycles” (from Google logo to Pin entry screen) to start up. (3) People on calls still cannot “hear me now.” #1 freaks me out. :smiley:

Hello, Divest Computing Group representative!
I’m somewhat frilled to see the new custom ROM on the scene, whose authors reasonably recommend rather neat app collection (like, Loop Habit Tracker), refer to some advanced projects (like, GrapheneOS), and overall deliver an integral message (like, “choose your computing and networking environment wisely”).

Okay, here’s a humble request and a couple of user feedback messages:


SkewedZeppelin, can you, please recommend some simple Android smartphone to use as a daily driver, that is already used by any of the core development team.


And there’re some issues with

  • Samsung S3 i9300 and
  • Nexus 10 manta:


Samsung S3 recovery from
divested-14.1-20200723-dos-i9300-recovery.img
a) can’t mount data partition when formatting /data
b) can’t install the divested-14.1-20200723-dos-i9300.zip
as it complains that it “failed to map file” note,
although twrp 3.0.2 can do the trick.


Samsung S3 experience is the most fluid I’ve ever got with other S3 ROMs, though these browsers

  • Mull,
  • Tor Browser
  • Bromit
  • (Ungoogled) Chromium
  • Fennec
  • FOSS Browser

won’t work:
they’ll just crash after briefly loading a blank screen,
though

  • Privacy Browser
  • Lightning
  • GMaps WV

are working just fine.


As for the Nexus 10, the
divested-14.1-20200723-dos-manta.zip
can be installed and booted (tried via twrp),
though it persistently crashes at the greetings screen after a couple of seconds.

It’s not a big deal, if the problems are too tedious to correct, as I’ll just use some other ROMs, but nevertheless be glad if it can be helped.

Respectfully,
m1k.

@anon46495926

several times before eventually starting properly

That is concerning

takes 2 “boot cycles”

Can you clarify this? Like step by step.

When powered off for shutdown, it immediately powers back on

I’ve seen this with thor, I know it was likely related to the defconfig hardener but my thor broke last month.

@fossys

Yes, my SM-G900F “klte” boots now

I will make some testing kernels when I can that have different things disabled to see if we can narrow down what breaks boot.

Google has not released any security patches for Android 7.1.2

LineageOS team manually merges in applicable security patches to all of their branches from the Android Security Bulletin.
The limitations of this is that they cannot update vendor blobs and in most cases do not apply kernel patches.
They also do not implement patches from the Qualcomm Security Bulletin or the Google Pixel Security Bulletin.
So when possible it is best to have a device with a recent kernel and having the latest version of LineageOS (currently 17.1).
DivestOS partially migtigates the blobs by removing as many as possible and partially mitigates the kernel patches by patching many known CVEs. But it is only a patch.

@m1k

Divest Computing Group representative!

It is just me :wave::slightly_smiling_face:

refer to some advanced projects (like, GrapheneOS)

I wouldn’t be here if it wasn’t for Micay.

although twrp 3.0.2 can do the trick.

Did you ever use a partition resizer script?

they’ll just crash after briefly loading a blank screen

So no browsers work? That is very concerning. And strange, can you get a trace from logcat?

though it persistently crashes at the greetings screen after a couple of seconds.

I suspect there might be some selinux denial causing a service to crash.
I’ll have to make a testing build.

2 “boot cycles” (from Google logo to Pin entry screen) to start up.

clarify this? Like step by step.

Hit power button, select power off. Watch it shutdown. Wait a few seconds.
Google logo appears, DivestOS logo appears, Pin entry screen appears.
Enter pin.
Watch previous step repeat (G logo, D logo, pin screen).
Enter pin.
See normal/launcher screen.

Samsung Galaxy S7 SM-G930F (herolte)

@SkewedZeppelin,
you have marked the Samsung Galaxy S7 SM-G930F (herolte) as “broken” on their website.

DOS-Herolte_broken

It’s a pity that you don’t have more to say about it.

Well, today I started a second attempt, and - even if only with your trick³ - got my “herolte” to start. This time I was also able to document the error message “A error has occurred” in a screenshot.


³As boot.img, I used a lineage-14.1-20200725-UNOFFICIAL ROM with kernel version 3.18.14x by exodusnick, which in turn gets its source code from the highly regarded developer Ivan Meler.

Hello, Divest Group,

Only one lad(y) - whoa!

Impressed++

Although a bit scared and unsure of resizing partitions on an Android device (without a spare device on hand that is).

As for the i9300 logs, here they are:

Mull - i9300_mull.log.zip (26.0 KB)

Bromite - i9300_bromite.log.zip (9.9 KB)

(used pidcat to get logcat for a selected app)

Respectfully,
m1k

DOS_fdroid-repos

F-Droid Repos

We have two repos for F-Droid, one for apps we created/maintain and another for unofficial builds of other FOSS applications that aren’t available elsewhere. These are already included in DivestOS, and are only here for other F-Droid users.

DOS_fdroid-repos_broken-link

No! Since I got to know DivestOS Mobile here two months ago, the two “F-Droid Repos DivestOS Official & DivestOS Unofficial” are not available to me.

I think its actually normal for repos to return 403 forbidden if you attempt to access them with an ordinary browser. Those URLs are intended for the F-Droid client.

There is no directory listing or a start page. You can see that it works if you put the URL in the F-Droid client. You can also check in your browser if the index-v1.jar is available:
https://divestos.org/fdroid/official/index-v1.jar

for older indexes there is the index.xml
Often there is also an index-v1.json which you can directly search in the browser:
https://divestos.org/fdroid/official/index-v1.json

Well, I know I don’t know anything, and I know I’m not flawless.Nevertheless I assume from normal user, if I am offered Links on the DivestOS website, that I should click on them with my PC Browser and my FOSS browser to be able to see the content.

As shown above and here the screenshot of the Phone FOSS Browser. The FOSS browser shows the identical error message.

0_repo 2_repo 1_repo

The How to Add a Repo to F-Droid I could work from. I noticed two hints (once at the top, once at the bottom of the picture with a red border).



Thanks @marzzzello,
but can you please show me how to enter the URL into the F-Droid client anyway. Right now my brain cells are blocked.

In the end I still don’t know what is behind the link “DivestOS Official”.

#Briar Messenger shows on its website how easy the installation via F-Droid can be.

how to enter the URL into the F-Droid client anyway.

On mobile browser, long press the repo link/URL on the extras webpage, hit Copy link.

Start f-droid, Settings, Repositories, +. Repo URL and fingerprint magically appear in form, hit Add. Walla.

@anon46495926,
thanks for the foolproof step-by-step guide. It is basically the same as " How to Add a Repo to F-Droid". It enabled me to reproduce what I did this morning, what I did last night. I got to see “The repo URL and the fingerprint appear as if by magic in the form”. This was followed by the hints in the F-Droid client, which I have shown above in picture 2 + 3.


My DOS builds do not have a browser after the initial installation.

So I installed the FOSS Brower. The screenshot shows that the FOSS Brower does not offer the option “copy URL” (fig. 2) and therefore cannot complete the steps you have shown. Only with another browser (fig. 3) I could tap “Copy link text” and repo URL and fingerprints appeared as if by magic.

5_repo 6_repo 4_repo

Somewhere in this whole scenario I read that behind the DivestOS Official link there should be seven apps. Still I can’t verify this and so a limited user experience remains.

Nevertheless, I want to emphasize in public that you completely misjudge my forum participation.

I’m not “very aggressive”, I am just passionate about my work. Despite all criticism I try to make a constructive contribution and avoid empty phrases.

Mod Edit: Removed a user mention that did no longer want to be involved in the discussion.

1 Like

behind the DivestOS Official link there should be seven apps. Still I can’t verify this

Look in Categories tab in f-droid app, or search for apps listed at DivestOS website. Or search Divested or Divest maybe.

copy/paste issues: Torbrowser (download apk available from guardian project) works. Or copy from URL bar of browser with earlier “not permitted” display. Or “share” (in screenshot) to another app and copy from there. Install Farmer’s basic text editor from f-droid and share there, if no other app comes to mind.

@SkewedZeppelin Can you add support for POCO F1 please? It is having an official build on LOS 17.1. Thanks!

1 Like

Galaxy S5 SM-G900F (klte)

Starting point was firmware divested-16.0-20200724-dos-klte with LOS 16.0 boot.img

Via TWRP > ‘Clean install’ was installed divested-16.0-20200809-dos-klte

Galaxy S5 starts up to the Samsung S5 logo and reboots in a continuous loop.

Per TWRP the boot.img from lineage-16.0-20200809-nightly-klte-signed installed later.

DivestOS shows its animated logo and needs a lot of time to get it inizialized.

In the meantime I have some practice in capturing the very short error message.

Summary: Without the LOS 16.0 boot.img the DivestOS ROM for ‘klte’ is not functional.

@ SkewedZeppelin, I’m wondering: If you want your Mull, Extirpator and Hypatia apps to be more widely used, why not put them in F-Droid’s repo? Or is there something about them that prevents it?

@SkewedZeppelin Thanks for bring in POCO F1 support. Can you please tell me when the build will be available for testing?