User Tools

Site Tools


doc:appunti:hardware:xiaomi_mi_a1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
doc:appunti:hardware:xiaomi_mi_a1 [2019/04/11 11:28] – [Upgrade Magisk and MagiskManager] niccolodoc:appunti:hardware:xiaomi_mi_a1 [2020/09/23 17:06] (current) – [August 2020 security update] niccolo
Line 1: Line 1:
 ====== Xiaomi Mi A1 Android Phone ====== ====== Xiaomi Mi A1 Android Phone ======
  
 +{{:img:star_full.png?nolink&28|}}
 +{{:img:star_full.png?nolink&28|}}
 +{{:img:star_full.png?nolink&28|}}
 +{{:img:star_full.png?nolink&28|}}
 +{{:img:star_full.png?nolink&28|}}
  
 ^ RAM              | 3.8 Gb  | ^ RAM              | 3.8 Gb  |
 ^ Internal Memory  | 32 Gb   | ^ Internal Memory  | 32 Gb   |
 ^ CPU              | Qualcomm Snapdragon 625 2.0GHz 8-core  | ^ CPU              | Qualcomm Snapdragon 625 2.0GHz 8-core  |
 +^ Architecture     | arm64-v8a  |
 ^ Screen           | 5.5 Inches, 1920 x 1080  | ^ Screen           | 5.5 Inches, 1920 x 1080  |
 ^ Connector        | USB Type C  | ^ Connector        | USB Type C  |
 ^ Audio jack       | 3.5 mm  | ^ Audio jack       | 3.5 mm  |
 +^ A/B (Seamless) System Updates  | Yes  |
 ===== How to Gain root Privileges ===== ===== How to Gain root Privileges =====
  
Line 16: Line 22:
  
   - Install on your PC the **adb** and **fastboot** command line tools.   - Install on your PC the **adb** and **fastboot** command line tools.
 +  - **Backup**.
   - **Unlock** the Bootloader.   - **Unlock** the Bootloader.
-  - **Backup**. 
   - Install a **custom Recovery** program (we used [[https://twrp.me/|TWRP]]).   - Install a **custom Recovery** program (we used [[https://twrp.me/|TWRP]]).
   - Install the **su** binary and an app to manage **superuser privileges** (we used [[https://www.xda-developers.com/what-is-magisk/|Magisk]]).   - Install the **su** binary and an app to manage **superuser privileges** (we used [[https://www.xda-developers.com/what-is-magisk/|Magisk]]).
Line 63: Line 69:
 <code> <code>
 adb shell adb shell
-tissot_sprout:/ find /dev -name 'by-name' 2> /dev/null +tissot_sprout:/ $ ls -/dev/block/bootdevice/
-/dev/block/platform/soc/7824900.sdhci/by-name +
-cd /dev/block/platform/soc/7824900.sdhci/by-name +
-ls -l+
 ... ...
 lrwxrwxrwx 1 root root 21 1970-07-10 05:23 boot_a -> /dev/block/mmcblk0p22 lrwxrwxrwx 1 root root 21 1970-07-10 05:23 boot_a -> /dev/block/mmcblk0p22
Line 73: Line 76:
 </code> </code>
  
-The meaning is: search into **/dev/** for a directory named "**by-name**", look for the names **boot_a** and **boot_b** and take note of the actual partition names. You can see also that the **recovery** name does not exists.+The meaning is: search into **/dev/block/bootdevice/** for symbolic links **boot_a** and **boot_b** and take note of the actual partition names. You can see also that the **recovery** name does not exists.
  
 Now we need to **boot** into an environment where we have **root privileges**, otherwise we cannot read the entire partitions. This means booting into the **Fastboot Mode** bootloader and load and run the TWRP Recovery program. Now we need to **boot** into an environment where we have **root privileges**, otherwise we cannot read the entire partitions. This means booting into the **Fastboot Mode** bootloader and load and run the TWRP Recovery program.
  
 <code> <code>
-adb reboot-bootloader+adb reboot bootloader
 </code> </code>
  
Line 109: Line 112:
  
 <code> <code>
-adb reboot-bootloader+adb reboot bootloader
 fastboot boot recovery-3.2.1-2-oreo.img fastboot boot recovery-3.2.1-2-oreo.img
 </code> </code>
Line 115: Line 118:
 Once that TWRP is started on the phone, swipe to allow writing to the partitions, then choose **Install** and browse to the **Twrp-recoveryInstaller-3.2.1-2-oreo.zip** archive. Once that TWRP is started on the phone, swipe to allow writing to the partitions, then choose **Install** and browse to the **Twrp-recoveryInstaller-3.2.1-2-oreo.zip** archive.
  
-After the installation, the procedure will ask us if we want to **install the TWRP App**. You can answer yes, but it is not strictly required, the TWRP Recovery is a stand-alone program, it runs when requested without an underlying Android system and it does not require any App. The TWRP App may be used to install or upgrade the TWRP Recovery and to backup the existing Recovery, but it seems that the current version (1.19) is not able to handle the **A/B system updates** mechanism, it searches for the **recovery partition**, which **does not exist** in Xiaomi Mi A1 Oreo 8.1.0. So it's best not to use it.+After the installation, the procedure will ask us if we want to **install the TWRP App**, we answered **no**.You can answer yes, but it is not strictly required, the TWRP Recovery is a stand-alone program, it runs when requested without an underlying Android system and it does not require any App. The TWRP App may be used to install or upgrade the TWRP Recovery and to backup the existing Recovery, but it seems that the current version (1.19) is not able to handle the **A/B system updates** mechanism, it searches for the **recovery partition**, which **does not exist** in Xiaomi Mi A1 Oreo 8.1.0. So it's best not to use it.
  
 Beware of this: Beware of this:
  
 {{ .:android:xiaomi-mi-a1-android-system-corrupt.jpg?direct&240|System Corruption, Factory Reset Needed}} {{ .:android:xiaomi-mi-a1-android-system-corrupt.jpg?direct&240|System Corruption, Factory Reset Needed}}
-  * **Do not swap Slot A and Slot B**. Some recipes found on the internet say to do that in TWRP (it is from the Reboot menu). I tried it and it was a nightmare! The Reboot menu was stating that the Slot B were active, so I switched to Slot A and installed TWRP. At the next reboot I got a non-working environment: plenty of pop-up with **Android Phone force close**, pop-up for **Factory reset**, boot loop, etc. May be the Slot A contained the boot code for Android 8.0.0, whereas my phone already had received 8.1.0. Fortunately enough I was able to ''adb reboot-bootloader'' and switch again to Slot B.+  * **Do not swap Slot A and Slot B**. Some recipes found on the internet say to do that in TWRP (it is from the Reboot menu). I tried it and it was a nightmare! The Reboot menu was stating that the Slot B were active, so I switched to Slot A and installed TWRP. At the next reboot I got a non-working environment: plenty of pop-up with **Android Phone force close**, pop-up for **Factory reset**, boot loop, etc. May be the Slot A contained the boot code for Android 8.0.0, whereas my phone already had received 8.1.0. Fortunately enough I was able to ''adb reboot bootloader'' and switch again to Slot B.
   * **Do not veryfy the ZIP archive**. The archive does not have the required info to check.   * **Do not veryfy the ZIP archive**. The archive does not have the required info to check.
-  * **Do not wipe the Dalvik cache after the install**. Don't know if it was the culprit, but after installing TWRP, I clicked the button to wipe Dalvik cache, at the next reboot I had a damaged system. The **home button did not work**, the Developer options were no longer availables (//**Developer options are not available for this user**//), the top **status bar did not swipe** down, etc. I had to **Factory reset** the phone!+  * **Do not wipe the Dalvik cache after the install**. Don't know if it was the culprit, but after installing TWRP, I clicked the button to wipe Dalvik cache, at the next reboot I had a damaged system. The **home button did not work**, the Developer options were no longer availables (//**Developer options are not available for this user**//), the top **status bar did not swipe** down, etc. I had to **Factory reset** the phone (see a possible fix for this problem here: [[xiaomi_mi_a1_home_key_problem]]).
  
 ==== Install Magisk, the SuperUser Tool ==== ==== Install Magisk, the SuperUser Tool ====
  
 {{ .:android:xiaomi-mi-a1-magisk-su-install.jpg?direct&200|Magisk Install from TWRP Recovery}} {{ .:android:xiaomi-mi-a1-magisk-su-install.jpg?direct&200|Magisk Install from TWRP Recovery}}
-When rooting an Android device we generally need the **su** binary program (the actual Unix tool used to switch from normal user to root), plus an **app to manage superuser permissions** granted (or denied) to other applications. Historically the most known app for this purpose was **SuperSU** by Chainfire, but something changed. Chainfire [[https://plus.google.com/+Chainfire/posts/6Sp6t9LxtQZ|retired from SuperSU development]] in October 2017 and new protecting schemas were introduced by Google into Android, mainly **[[https://developer.android.com/training/safetynet/|SafetyNet]]** and **[[https://source.android.com/security/verifiedboot/dm-verity|dm-verity]]**. The new leading-edge app for su management appears to be **Magisk**.+When rooting an Android device we generally need the **su** binary program (the actual Unix tool used to switch from normal user to root), plus an **app to manage superuser permissions** granted (or denied) to other applications. Historically the most known app for this purpose was **SuperSU** by Chainfire, but something changed. Chainfire [[https://plus.google.com/+Chainfire/posts/6Sp6t9LxtQZ|retired from SuperSU development]] in October 2017 and new protecting schemas were introduced by Google into Android, mainly **[[https://developer.android.com/training/safetynet/|SafetyNet]]** and **[[https://source.android.com/security/verifiedboot/dm-verity|dm-verity]]**. The new leading-edge app for su management appears to be **[[https://github.com/topjohnwu/Magisk/|Magisk]]**.
  
-The first step is to install the ZIP archive which provides the **su** binary, we already copied the **Magisk-v17.3.zip** file to the phone storag. Let's reboot into TWRP Recovery executing from the connected PC the following command:+The first step is to install the ZIP archive which provides the **su** binary, we already copied the **Magisk-v17.3.zip** file to the phone storage. Let's reboot into TWRP Recovery executing from the connected PC the following command:
  
 <code> <code>
Line 148: Line 151:
 When an app requires root privileges, the Magisk management app will show a pop-up on the phone, allowing to grant or deny the permission, so be sure that the phone is not in screen-locked mode. When an app requires root privileges, the Magisk management app will show a pop-up on the phone, allowing to grant or deny the permission, so be sure that the phone is not in screen-locked mode.
 ===== Recovery Mode ===== ===== Recovery Mode =====
 +
 +Android devices have a feature called **Android Recovery Mode**, which allows users to fix some problems. Technically, Recovery Mode refers to a special bootable partition, which contains a recovery application installed in it. The Xiaomi Mi A1 **does not actually have a recovery partition**, the recovery program is installed into the **boot A** and **boot B** partitions instead. You can use the Recovery from official **stock ROM**, or you can install a **custom recovery**, as the famous (and very rich in features) TWRP Recovery. 
 +
 +To enter the Recover mode you can follow one of this ways:
  
   * **Power Off** the phone.   * **Power Off** the phone.
   * Press **VolumeUp + Power**, wait about 3 seconds for the Mi logo screen.   * Press **VolumeUp + Power**, wait about 3 seconds for the Mi logo screen.
-  * Wait for the Broken Droid logo with the **No command** message+ 
 +If you have installed the TWRP Recovery, its main screen will appear. If you have the stock ROM Recovery you have to: 
 + 
 +  * Wait for the Broken Droid logo with the **No command** message.
   * Press **Power + VolumeUp** shortly, the Recovery menu will appear.   * Press **Power + VolumeUp** shortly, the Recovery menu will appear.
  
Line 157: Line 167:
 {{.:android:mi-a1-stock-recovery-api.jpg?direct&120|Recovery Supported API}} {{.:android:mi-a1-stock-recovery-api.jpg?direct&120|Recovery Supported API}}
  
-===== Fastboot Mode ===== +When the phone is booted in normal system, you can reboot in Recovery mode by issuing the following command from an attached PC:
- +
-Once in Recovery Menu, you can boot into the **Fastboot Mode** using the menu entry //Reboot to bootloader//. Otherwise you can execute the **adb** command on a PC when the phone is booted normally and connected via the USB cable (it is required to enable //USB debugging// on the phone and to authorize the PC on the phone pop-up, once connected):+
  
 <code> <code>
-adb reboot bootloader+adb reboot recovery
 </code> </code>
 +
 +
 +===== Fastboot Mode =====
 +
 +In Android, **fastboot** is a special diagnostic protocol that you can boot your Android device into. While in fastboot, you can modify the file system images from a computer over a USB connection.
 +
 +You can start fastboot mode in severl ways:
 +
 +  * Power off the phone, then press **VolumeDown + Power** buttons together, untill vibration.
 +  * Executing the **adb reboot bootloader** command on a PC when the phone is booted normally and connected via the USB cable. It is required to enable //USB debugging// on the phone and to authorize the PC on the phone pop-up, once connected.
 +  * From the **stock Recovery** menu, choosing the entry **Reboot to bootloader**.
 +  * From the **TWRP Recovery**, choosing **Reboot** menu, then **Bootloader**.
 +
 +The Xiaomi Mi A1 will show the following image when in fastboot mode:
  
 {{.:android:mi-a1-fastboot-log.jpg?direct&200|Mi-A1 Fastboot Logo}} {{.:android:mi-a1-fastboot-log.jpg?direct&200|Mi-A1 Fastboot Logo}}
 +
 +To control the fastboot mode of the phone, you have to install the **fastboot** command on your PC. On a Debian GNU/Linux install the **fastboot 8.1.0** package. **NOTICE**: Version 7.0.0 is not reccomended, e.g. the command ''fastboot set_active b'' does not work on the Mi A1.
 +
 +Here are some commands that can be used in fastboot mode:
  
 <code> <code>
-adb devices +fastboot help 
-List of devices attached +fastboot devices 
-574524d99913    device+fastboot boot recovery-3.2.1-2-oreo.img 
 +fastboot flash boot_b boot_b.img 
 +fastboot oem unlock 
 +fastboot set_active b 
 +fastboot reboot
 </code> </code>
  
Line 236: Line 266:
 ===== Upgrading Android maintaining root privileges ===== ===== Upgrading Android maintaining root privileges =====
  
-In April 2019 my phone still was running the following:+In November 2019 my phone still was running the following:
  
   * **Android 8.1.0** - Patch 2018-10-05   * **Android 8.1.0** - Patch 2018-10-05
Line 243: Line 273:
   * **TWRP 3.2.1-2**   * **TWRP 3.2.1-2**
  
-MagiskManager warns about the availability of **Magisk v18.1**, the operating system too warns about the availability of **Nov 2018 Android System Update**. Also **MagiskManager** can be upgraded to **v7.1.1** (but **don't upgrade it before upgrading Magisk**, the app must follow exactly the **su** binary package contained in Magisk).+MagiskManager warns about the availability of **Magisk v20.1**, the operating system too warns about the availability of **Nov 2018 Android System Update**. Also **MagiskManager** can be upgraded to **v7.4.0** (but **don't upgrade it before upgrading Magisk**, the app must follow exactly the **su** binary package contained in Magisk).
  
 ==== Upgrade Magisk and MagiskManager ==== ==== Upgrade Magisk and MagiskManager ====
  
-  - Copy the **[[https://github.com/topjohnwu/Magisk/releases/download/v19.0/Magisk-v19.0.zip|Magisk-v19.0.zip]]** archive to the smartphone. TWRP will search by default into the internal storage, so I copied it into **/data/media/0/Download/**, but you can use the microSD storage.+  - Copy the **[[https://github.com/topjohnwu/Magisk/releases/download/v20.1/Magisk-v20.1.zip|Magisk-v20.1.zip]]** archive to the smartphone. TWRP will search by default into the internal storage, so I copied it into **/data/media/0/Download/**, but you can use the microSD storage
 +  - Copy the **[[https://github.com/topjohnwu/Magisk/releases/download/manager-v7.4.0/MagiskManager-v7.4.0.apk|MagiskManager-v7.4.0.apk]]** app into the same **/data/media/0/Download/** directory, or into the microSD.
   - Reboot into TWRP recovery. I used the **adb reboot recovery** command from the PC, but you can use the **VolumeUp + Power** trick.   - Reboot into TWRP recovery. I used the **adb reboot recovery** command from the PC, but you can use the **VolumeUp + Power** trick.
-  - From the TWRP menu, choose **Install** and search for the Magisk-v19.0.zip archive.+  - From the TWRP menu, choose **Install** and search for the Magisk-v20.1.zip archive.
   - I choosed not to verify the zip archive and not to reboot the phone, so I had time to read the output of the command. Everything seemed OK, so I finally **rebooted**.   - I choosed not to verify the zip archive and not to reboot the phone, so I had time to read the output of the command. Everything seemed OK, so I finally **rebooted**.
-  - Once rebooted in normal system, I launched MagiskManager and let to upgrade itself. Actually it downloaded the **[[https://github.com/topjohnwu/Magisk/releases/download/manager-v7.1.1/MagiskManager-v7.1.1.apk|MagiskManager-v7.1.1.apk]]** archive and installed itthus requiring the install privileges.+  - Once rebooted in normal system, install **MagiskManager-v7.4.0.apk** from the file manager of your choice (it will require the permission //System// => //App// => <File manager> => //Unknown sources//). 
 + 
 +==== Upgrading the Operating System ==== 
 + 
 +The phone automatically warns about the availability of an **OTA (On The Air) Upgrade**. You can also check for upgrades availability by tapping //Settings// => //System// => //**System Updates**//
 + 
 +If you allow downloading and installing the upgrade, a check will be performed about the **integrity** of the **boot image** and the **system image**, before the actual install. The check will fail and the upgrade will be aborted if one or both of these two conditions is true: 
 + 
 +  - You have installed **Magisk SU** or **TWRP Recovery**. These software are installed into the boot partition, either **boot_a** or **boot_b** partition. The installation of Magisk patches only the active boot partition, whereas TWRP will patches (install itself) both boot partitions. 
 +  - You have used **su** to modify the **/system** partition. If you have **re-mounted** /system in **read/write** mode and you have altered itthe upgrade process will detect this and will refuse to proceed. 
 + 
 +The upgrade process will fail with a warning message **Couldn’t update - Installation problem** (in Italian: //Impossibile aggiornare - Problema di installazione//). 
 + 
 +To escape from the first condition, it is sufficient to **restore the boot partition** from the original backup. You will loose root and TWRP Recovery, but you can reinstall them after the upgrade. If you have just installed Magisk, uninstalling it should be sufficient and rather simple. Start the Magisk Manager app, disable and uninstall all the modules (if any) and reboot. Then run Magisk Manager again and choose to uninstall it completely. But if you have installed also TWRP you have to recover from a backup image. This is the recipe to run from a PC command line (supposing that **active partition is B** and that you have the original **boot_b.img** dump): 
 + 
 +<code> 
 +adb reboot bootloader 
 +fastboot flash boot_b boot_b.img 
 +fastboot reboot 
 +</code> 
 + 
 +Allowing automatic OTA upgrade after **tampering the /system partition** is more painful: you have to **restore system partition** by flashing it in fastboot mode. Obviously you need the original **system.img** file, either from your own backup or from factory ROM archive. Fortunately enough Xiaomi provides full stock ROM archives of the various versions. Look at this **[[https://forum.xda-developers.com/mi-a1/how-to/ota-official-fastboot-image-n2g47h-7-12-t3728929|forum post]]** and search for your version. 
 + 
 +Once you extracted the system.img file from the archive, boot in fastboot mode and execute the following from an attached PC (once again your **active partition is B**): 
 + 
 +<code> 
 +fastboot flash system_b system.img 
 +fastboot reboot 
 +</code> 
 +==== The OTA Update ==== 
 + 
 +When the phone downloads an OTA upgrade, it will save it into the **/data/ota_package/update.zip** file, but it will be removed after the installation and even if the installation fails. 
 + 
 +The file is actualy a Jar archive. The jar executable is provided by the Debian package **openjdk-8-jdk-headless** (or whatever version of Java you have), and you can use it in this way: 
 + 
 +<code> 
 +mkdir update 
 +cd update 
 +jar -xf ../update.zip 
 +</code> 
 + 
 +The main content is a **payload.bin**, in our case it was an incremental update (November 2018 Security patches), with size of about 66 Mb. It seems that there is a tool able to extract the content of that payload files, see **[[https://forum.xda-developers.com/android/development/extract-files-ota-payload-bin-diff-t3959161|Extract files from OTA payload.bin full and incremental]]**. 
 + 
 +===== March 2020 security update ===== 
 + 
 +In March 2020 Xiaomi released a new security update, according to this post **[[https://piunikaweb.com/2020/03/18/mi-a1-android-10-update-dream-keeps-fading-as-the-device-picks-up-march-security-patch/|Mi A1 Android 10 update dream keeps fading]]**, it is another **AndroidOne v.9** relase, build number **V10.0.19.0.PDHMIXM**. 
 + 
 +I performed the upgrade re-installing **TWRP** and **Magisk** afterward. The starting conditions were: 
 + 
 +  * A/B System Updates status: **Current Slot: B** (checked via TWRP => Reboot screen). 
 +  * Bootloader is **unlocked**. 
 +  * Installed O.S.: Android: 9, Build number: **PKQ1.180917.001.V10.0.14.0.PDHMIXM** (check from Impostazioni => Sistema => Informazioni sul telefono). 
 +  * From //Impostazioni// => //Sistema// => //Avanzate// => //Aggiornamento di sistema// we get informed about **Aggiornamento sistema disponibile**, **March 2020 security update** (1100.3 Mb). The file is already downloaded and the phone suggests to reboot to install. 
 +  * **Magisk** v20.1 and **TWRP** 3.3.0 were installed into **boot partition** (Slot B). 
 +  * **System partition** was the stock one: root privileges were never used to tamper the **/system** hierarchy. 
 + 
 +The system upgrade will **verify** the **boot** and the **system** partitions before attempting the installation, refusing to proceed if they were tampered. So I had to restore the stock boot image (loosing TWRP and Magisk). 
 + 
 +I restored the stock **boot_b.img** image (saved before TWRP and Magisk), using the ADB commands from a connected PC: 
 + 
 +<code> 
 +adb reboot bootloader 
 +fastboot flash boot_b boot_b.img 
 +fastboot reboot 
 +</code> 
 + 
 +I got **a problem** during this step: may be the **boot_b.img** was saved from version **9.6.8.0**, not from the currently installed **10.0.14.0**. Luckily enough, the only negative effect was that **the WiFi was not working**. This is a **logcat** excerpt: 
 + 
 +<code> 
 +android.hardware.wifi@1.0-service: finit_module return: -1: Required key not available 
 +android.hardware.wifi@1.0-service: Failed to load WiFi driver 
 +android.hardware.wifi@1.0-service: Failed to initialize firmware mode controller 
 +android.hardware.wifi@1.0-service: Wifi HAL start failed 
 +</code> 
 + 
 +I proceeded with the standard upgrade path, trusting that the boot partition would be recognized as original and therefore upgraded to the new one. Remember: the update ZIP archive were already downloaded into the phone, so I just launched the **reboot and install** action. After some minutes and a few reboots, the system was upgraded to **Android v.9** build number **PKQ1.180917.001.V10.0.19.0.PDHMIXM**. Fortunately enough the WiFi were recovered. 
 + 
 +To complete the upgrade: 
 + 
 +  Copy **twrp-installer-3.3.0-2-tissot.zip** and **Magisk-v20.1.zip** into the phone internal storage. 
 +  - Backup the stock boot partitions. 
 +  - Reinstall TWRP. 
 +  - Reinstall Magisk. 
 +  - Backup the rooted boot partitions. 
 + 
 +First of all **run the TWRP** recovery //fastbooting// the image directly from the PC hard disk (i.e. **without installing it into the phone**): 
 + 
 +<code> 
 +adb reboot bootloader 
 +fastboot boot twrp-3.3.0-2-tissot.img 
 +</code> 
 + 
 +From //TWRP// => //Reboot// menu, I verified that the **Current Slot** is **A**: it is normal that the upgrade procedure swaps the boot partition during the upgrade. Using ADB from the connected PC, I backed up the stock boot images: 
 + 
 +<code> 
 +adb pull /dev/block/mmcblk0p22 boot_a.img 
 +adb pull /dev/block/mmcblk0p23 boot_b.img 
 +</code> 
 + 
 +Now I installed the TWRP recovery into the boot partitions: from //TWRP// => //Install// => **twrp-installer-3.3.0-2-tissot.zip**. The installation warns about //Running boot image patcher on slot// A and B, and spit some harmless warnings about the **/vendor** mounting point. It is necessary to install TWRP before Magisk, otherwise TWRP will unroot the phone during its install. 
 + 
 +After a system reboot, and another boot into Recovery, I did //TWRP// => //Install// => **Magisk-v20.1.zip**. This will install //root// on the phone(the **su** program). Once again I got some harmless warnings about the /vendor mounting point. 
 + 
 +Finally I repeated the procedure to **backup** the patched **boot_a** and **boot_b** partitions. 
 + 
 +**NOTICE**: the ADB client required to perform the ''adb pull'' command is active when I boot TWRP using ''fastboot boot twrp-3.3.0-2-tissot.img''. If instead I boot TWRP from the phone, the ADB client is not active. 
 + 
 +Once rebooted the phone into normal system, I installed the root permissions manager: **MagiskManager-v7.5.1.apk**
 + 
 +===== August 2020 security update ===== 
 + 
 +This is a new update from Xiaomi, still featuring **AndroidOne v.9** relase, build **PKQ1.180917.001.V10.0.24.0.PDHMIXM**. The upgrade was downloaded nightly over the WiFi. It seems impossibile to prevent such automatic download: I did not find any settings to prevent automatic upgrade download. After downloading, the phone asks to reboot to complete the upgrade. 
 + 
 +The starting conditions were: 
 + 
 +  * A/B System Updates status: **Current Slot: ?** (may be it was **A**, because after installation it is **B**). 
 +  * Bootloader is **unlocked**. 
 +  * **Magisk** and **TWRP** were installed, but may be they were hidden by accident. Infact the installation of the upgrade went OK after a reboot, whereas it should fail because the boot sector is tampered with **Magisk su**. 
 +  * **System partition** was the stock one: root privileges were never used to tamper the **/system** hierarchy. 
 + 
 +After the upgrade, I did the following to get **root again**: 
 + 
 +  * adb reboot bootloader 
 +  * fastboot boot twrp-3.3.0-2-tissot.img 
 +  * Verified from TWRP => Reboot: **Current slot: B** 
 +  * adb pull /dev/block/mmcblk0p22 boot_a.img 
 +  * adb pull /dev/block/mmcblk0p23 boot_b.img 
 +  * TWRP ⇒ Install ⇒ **twrp-installer-3.3.0-2-tissot.zip**\\ Running boot image patcher on slot a and b. 
 +  * system reboot 
 +  * adb reboot bootloader 
 +  * fastboot boot twrp-3.3.0-2-tissot.img 
 +  * TWRP ⇒ Install ⇒ **Magisk-v20.4.zip**\\ Current boot slot: _b, unpacking, patching, repacking, flashing new boot image.
  
-FIXME Write how to complete the upgrade! 
 ===== Web References ===== ===== Web References =====
  
Line 259: Line 420:
   * [[https://forum.xda-developers.com/mi-a1/development/recovery-twrp-3-1-1-0-touch-recovery-t3688472|Xiaomi Mi A1 tissot TWRP 3.2.1-2 (Oreo) Recovery]]   * [[https://forum.xda-developers.com/mi-a1/development/recovery-twrp-3-1-1-0-touch-recovery-t3688472|Xiaomi Mi A1 tissot TWRP 3.2.1-2 (Oreo) Recovery]]
   * [[https://forum.xda-developers.com/mi-a1|Xiaomi Mi A1 Forum]]   * [[https://forum.xda-developers.com/mi-a1|Xiaomi Mi A1 Forum]]
 +  * [[https://forum.xda-developers.com/showpost.php?p=75545902&postcount=5|Help understanding A/B partitions]]
   * [[https://source.android.com/devices/tech/ota/ab/|A/B (Seamless) System Updates]]   * [[https://source.android.com/devices/tech/ota/ab/|A/B (Seamless) System Updates]]
   * [[https://forum.xda-developers.com/mi-a1/help/flash-twrp-partition-table-doesnt-exist-t3785354|Can't flash twrp.(partition table doesn't exist)]]   * [[https://forum.xda-developers.com/mi-a1/help/flash-twrp-partition-table-doesnt-exist-t3785354|Can't flash twrp.(partition table doesn't exist)]]
doc/appunti/hardware/xiaomi_mi_a1.1554974897.txt.gz · Last modified: 2019/04/11 11:28 by niccolo