!HAtZDvZTkJkkIlBTqk:grapheneos.org

GrapheneOS Public Development

1318 Members
Official GrapheneOS public development chat room. Join #grapheneos:grapheneos.org for the main room, #testing:grapheneos.org for providing feedback on Beta releases and #community:grapheneos.org for the space. Formerly known as CopperheadOS. Due to relentless misinformation and harassment from CalyxOS and Techlore supported by their leadership and project members, we apply stricter rules to users from those communities.122 Servers

Load older messages


SenderMessageTime
28 Sep 2022
@maade93791:matrix.orgmaade93791you dont need sudo09:30:40
@maade93791:matrix.orgmaade93791if your not building with root09:31:19
@DzzzzzzR:matrix.orgdazinism
In reply to @omori:tchncs.de
files that are deleted are not recoverable, see https://grapheneos.org/faq#encryption

jbnm: costco cow wholesale As I understand it, it is possible to use special recovery software/techniques to recover files in a user profile if you are able to unlock the profile. As it is flash storage the only way to reliably make files unrecoverable is to delete a secondary user profile (or factory reset for the main profile). This reliably flushes the encryption keys for all data in that user.

Alternatively you could create and keep files in an app which use the Titan security chip/strongbox to encrypt files and supports deleting the keys from strongbox (i think that, depending on app design, this may take clearing storage on the app). Would have to be careful to only use said file with other apps that dont end up creating a copy of it (eg. some gallery apps may create a thumbnail)

Although its beta/not mature this app uses strongbox and makes it possible to create files & take photos within its encrypted storage
https://github.com/Secure-File-Manager/Secure-File-Manager/wiki/Frequently-Asked-Questions/_edit#how-are-my-files-encrypted

A better app design would use Storage Access Framework. This would provide the possibility to work on encrypted files with other apps while keeping them encrypted.

09:34:06
@DzzzzzzR:matrix.orgdazinism* jbnm: costco cow wholesale As I understand it, it is possible to use special recovery software/techniques to recover files in a user profile if you are able to unlock the profile. As it is flash storage the only way to reliably make files unrecoverable is to delete a secondary user profile (or factory reset for the main profile). This reliably flushes the encryption keys for all data in that user. Alternatively you could create and keep files in an app which use the Titan security chip/strongbox to encrypt files and supports deleting the keys from strongbox (i think that, depending on app design, this may take clearing storage on the app). Would have to be careful to only use said file with other apps that dont end up creating a copy of it (eg. some gallery apps may create a thumbnail) Although its beta/not mature this app uses strongbox and makes it possible to create files & take photos within its encrypted storage https://github.com/Secure-File-Manager/Secure-File-Manager/wiki/Frequently-Asked-Questions/_edit#how-are-my-files-encrypted A better app design would comply with the Storage Access Framework and act as a document provider. This would provide the possibility to work on encrypted files with other apps while keeping them encrypted.09:35:24
@steadfasterx:binbash.rockssteadfasterX
In reply to @maade93791:matrix.org
if your not building with root
I wanted to have it installed for all users thats why. but it does not matter as I completely uninstalled it and installed as user and still the same error
09:36:39
@DzzzzzzR:matrix.orgdazinism* jbnm: costco cow wholesale As I understand it, it is possible to use special recovery software/techniques to recover files in a user profile if you are able to unlock the profile. As it is flash storage the only way to reliably make files unrecoverable is to delete a secondary user profile (or factory reset for the main profile). This reliably flushes the encryption keys for all data in that user. Alternatively you could create and keep files in an app which use the Titan security chip/strongbox to encrypt files and supports deleting the keys from strongbox (i think that, depending on app design, this may take clearing storage on the app). Would have to be careful to only use said file with other apps that dont end up creating a copy of it (eg. some gallery apps may create a thumbnail) Although its beta/not mature this app uses strongbox and makes it possible to create files & take photos within its encrypted storage https://github.com/Secure-File-Manager/Secure-File-Manager/wiki/Frequently-Asked-Questions/_edit#how-are-my-files-encrypted A better app design would comply with the Storage Access Framework (SAF) and act as a document provider. This would provide the possibility to work on encrypted files with other apps, which also properly support SAF, while keeping them encrypted.09:38:04
@DzzzzzzR:matrix.orgdazinism

jbnm costco cow wholesale
Could also create and keep files in other encrypt storage apps that dont use strongbox. The possibility to recover files deleted from such storage would likely also be difficult but likely not such a strong guarantee as if the app used strongbox.

Safest/easiest way is to delete the user profile. Would then be certain that you had also deleted any copies other apps that accessed the file could have made

09:54:43
@DzzzzzzR:matrix.orgdazinism The Gallery app / thumbnail example I used isnt great. Better example is -
Some text editing apps may hold their own copy of text they are editing to guard against data loss if the app crashes/device runs out of power.
10:05:39
@candidlurker:matrix.orgcandidlurker
In reply to @candidlurker:matrix.org

Hi, do the kernel build scripts for 6th gen Pixels at some point forcefully set LTO=thin?

I'm asking because I compiled the kernel with full LTO (LTO=full BUILD_KERNEL=1 ./build_bluejay.sh) out of curiosity. Then I generated deltas and deployed the update to my P6a via my local update server. To my surprise the update went smooth and the device rebooted just fine. On the device under settings I see the build number I used for this specific build. So I assume the newly built kernel did boot... 🤔

I reviewed my build process and set EXTRAVERSION = -FullLTO in the kernel Makefiles. After installing the update I can see the custom version in the output of adb shell cat /proc/version. So I think my P6a is running the kernel built with FullLTO just fine.
10:05:40
@maade93791:matrix.orgmaade93791can you zcat /proc/config.gz10:07:20
@candidlurker:matrix.orgcandidlurkerSure, is it ok to paste the entire output here, or shall I apply some grepping?10:09:17
@maade93791:matrix.orgmaade93791you can save output to a file10:09:57
@candidlurker:matrix.orgcandidlurkerDownload p6a_proc_config.gz.txt10:10:19
@maade93791:matrix.orgmaade93791yep, seems to be working10:12:09
@maade93791:matrix.orgmaade93791Screenshot_20220928-131148.png
Download Screenshot_20220928-131148.png
10:12:24
@pixip:matrix.orgpixip

Trying to rebuild the latest stable bluejay (pixel 6A) release here. I get an error of a missing abl.img file when running "m target-files-package".
Here's a log:
++++ radio ++++
Traceback (most recent call last):
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/internal/stdlib/runpy.py", line 196, in _run_module_as_main
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/internal/stdlib/runpy.py", line 86, in _run_code
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/main.py", line 12, in <module>
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/internal/stdlib/runpy.py", line 196, in _run_module_as_main
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/internal/stdlib/runpy.py", line 86, in _run_code
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/add_img_to_target_files.py", line 1098, in <module>
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/add_img_to_target_files.py", line 1090, in main
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/add_img_to_target_files.py", line 1006, in AddImagesToTargetFiles
File "/home/user/grapheneos-13/out/host/linux-x86/bin/add_img_to_target_files/add_img_to_target_files.py", line 628, in CheckAbOtaImages
AssertionError: Failed to find abl.img
10:24:50 ninja failed with: exit status 1

failed to build some targets (02:26 (mm:ss))

I can't find abl.img in any of the ota/factory images of bluejay. What am I doing wrong?

10:26:46
@candidlurker:matrix.orgcandidlurker m vendorbootimage target-files-package 10:29:30
@candidlurker:matrix.orgcandidlurker* `m vendorbootimage target-files-package`?10:29:52
@pixip:matrix.orgpixipyes I did. m vendorbootimage completes ok.10:30:36
@pixip:matrix.orgpixipis abl.img something that I extract from the factory/ota images or is it generated locally?10:36:28
@candidlurker:matrix.orgcandidlurker For me it's in ./vendor/google_devices/bluejay/firmware/abl.img. So it's vendor file related. 11:11:36
@abchanchu:matrix.orgAbchanchu changed their profile picture.11:17:37
@maade93791:matrix.orgmaade93791re-extract vendor11:21:11
@aza:matrix.krasserscheiss.coolaZa joined the room.11:38:37
@pixip:matrix.orgpixipwill try to reextract. I only have bootloader and radio.img in that folder. really weird.12:01:27
@steadfasterx:binbash.rockssteadfasterX pixip: what is your distro and version? 12:13:09
@pixip:matrix.orgpixipusing Ubuntu 22.04.1 LTS12:30:41
@pixip:matrix.orgpixipIt's a new clean vm only for this build.12:31:07
@pixip:matrix.orgpixipI started from scratch now. new resync and everything and following the build doc to the letter. Will let you know.12:32:26
@pixip:matrix.orgpixipRestarting all from scratch seems to have fixed the problems. I must have made a mistake somewhere earlier. Now I have the abl.img. The build is fine now. I apologize for the noise. 14:08:41

There are no newer messages yet.


Back to Room List