CalyxOS 3.x (Android 12) with Magisk

Calyx3-Magisk.md

CalyxOS 3.x (Android 12) with Magisk with working signed images and AVB Verity

This idea was inspired by this post topjohnwu/Magisk#509 (comment)

I got this working with CalyxOS 3.3.1 (Android 12) with full AVB Verity enabled and was able to lock the bootloader after flashing and still have su. The OTA update zip generated was also tested against the Calyx 2.11.0 version (with Magisk) and it works well.

Create a working build

First, make sure you can build and sign a proper CalyxOS for your device. This is probably the hardest part.

Prepare Magisk files for rooting

Second, prepare a magisk directory outside your build directory as follows:

mkdir magisk24304
cd magisk24304/
wget https://cdn.jsdelivr.net/gh/topjohnwu/magisk-files@a17271415ec0b3b34fbb5715d92893a1f8c529d0/app-debug.apk
unzip app-debug.apk

Replace the apk URL with whatever version is latest or works best for you. For Android 12, v24+ is a must. The URL for the latest version can be found in the Magisk files repo. https://github.com/topjohnwu/magisk-files

We then need a few helper scripts in the same directory. cat > root-img.sh

#!/bin/bash

SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"

export PATH=$PATH:$SCRIPT_DIR

export BOOTMODE=true
export KEEPVERITY=true

cp $SCRIPT_DIR/lib/x86/libmagiskboot.so $SCRIPT_DIR/assets/magiskboot
cp $SCRIPT_DIR/lib/arm64-v8a/libmagisk64.so $SCRIPT_DIR/assets/magisk64
cp $SCRIPT_DIR/lib/armeabi-v7a/libmagisk32.so $SCRIPT_DIR/assets/magisk32
cp $SCRIPT_DIR/lib/arm64-v8a/libmagiskinit.so $SCRIPT_DIR/assets/magiskinit

. $SCRIPT_DIR/assets/boot_patch.sh $*

chmod 755 root-img.sh

Make sure magiskinit is correct for your target in root-img.sh.

cat > dos2unix

#!/bin/bash
cat $*

chmod 755 dos2unix

cat > getprop

#!/bin/bash
echo $*

chmod 755 getprop

That's all for preparing magisk.

Prepare signing step

Now we need to intercept avbtool to root the boot.img file just before it's hashed/signed.

In the last step of building the OS, the target files are zipped up and moved into a signing directory, along with the signing keys and binaries. In the bin directory, you should find avbtool which will be used during signing. We're going to replace it with a script that detects boot images, roots them and then continues with the real avbtool.

cd bin
mv avbtool avbtool.real

cat > avbtool

#!/bin/bash

# change this to whereever you created the magisk directory:
MAGISK_DIR=/media/work/magisk24304

echo "%%%%%%%%%%" `date` Running avbtool with "$*" >> $MAGISK_DIR/avbtool-invokes.txt

SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
IMG_NAME=`realpath $3`

if [[ $1 == add_hash_footer ]] && [[ $7 == boot ]] ;
then
        echo starting to root $3 >> $MAGISK_DIR/rooting.txt
        $MAGISK_DIR/root-img.sh $IMG_NAME >> $MAGISK_DIR/rooting.txt 2>&1
        cp $MAGISK_DIR/assets/new-boot.img $IMG_NAME
fi

$SCRIPT_DIR/avbtool.real $*

chmod 755 avbtool

We'll do something similar for toybox to avoid an error in the build.

mv toybox toybox.real

cat > toybox

#!/bin/bash

SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
echo "%%%%%%%%%%" `date` Running toybox with "$*" >> $SCRIPT_DIR/toybox-invokes.txt

if [[ $1 == cpio ]] && [[ $2 == -F ]] ;
then
        echo ignoring toybox error >> $SCRIPT_DIR/toybox-invokes.txt
        $SCRIPT_DIR/toybox.real $* >> $SCRIPT_DIR/toybox-invokes.txt 2>&1
        exit 0
fi

$SCRIPT_DIR/toybox.real $*

chmod 755 toybox

Now, sign the target files again. If all goes well, that should create a rooted boot.img with the correct signatures. You can check the avbtool-invokes.txt and rooting.txt files to see if everything went well. You can apply the factory image (which will wipe the phone), or the OTA update (no wipe) if you have a previous OS with the same keys.

Interesting, that could work. I'd prefer it if Magisk just worked though. I would also be concerned about how I would update if this maintainer decides to stop working on ZygiskNext.

I just found a build for this PR that may fix the issue once and for all:

topjohnwu/Magisk#7464

Artifacts at:

https://github.com/topjohnwu/Magisk/actions/runs/6675654022

I'm compiling a signed image with this included as we speak. I'll report back if it works. If it seems stable, then whenever the next version of Magisk is released, presumably 26.4, then that would be the time to write instructions for including this with Android 14.

Alright. Sadly with this build I still do not have a navigation bar. I guess we will have to wait for a proper fix.

@mohrezaei If you want to get a head start on testing this new process, a recently built commit of Magisk solves the Zygisk issues I described:

https://github.com/topjohnwu/Magisk/actions/runs/6725604108

More discussion:

topjohnwu/Magisk#7448 (comment)

I would expect the next stable release of Magisk to include this fix, and probably a Canary build much sooner.

But as far as I can see, I've got a ROM built with Magisk, Zygisk enabled, and everything is working.

@ubergeek77 thanks. I'll wait a bit longer till this stuff is more stable.

Has anybody gotten this to work for Android 14? I got it to work with 13, but no luck with 14 just yet.

I've been waiting for a new release of canary, which includes the changes ubergeek77 mentioned as required. The release yesterday (26403) might work, so I'm going to try it soon (probably during the holidays). Any earlier release is highly unlikely to work, and you'll need ubergeek's improved script above.

@dvdmle Yes, I have. Have you tried this with the fixes I mentioned were needed for Android 14?

https://gist.github.com/mohrezaei/69dae8c7d43c543b38ee5d33f67400b5?permalink_comment_id=4743126#gistcomment-4743126

Use the latest Canary build, updated just yesterday. It should work:

https://github.com/topjohnwu/magisk-files/blob/canary/app-release.apk

If you did all this, do you have logs or something that might point out what the issue is?

Alright, good to know. I should also note that I constantly get this prompt, but any time I do what it tells me to do it bricks my phone.

I have a Pixel 5a.

Did you ensure PREINITDEVICE is correct? The correct value is metadata on at least the Pixel 6 Pro and the Pixel 8 Pro, but I have no idea what it's supposed to be for the 5a.

Beyond that, I'm not sure what to suggest, apologies.

I knew something was up with those args! As for PREINITDEVICE, it should just be 'boot,' right? Since boot.img has been what's been being modified all along? Wait, I've got it wrong. I have no idea what it's supposed to be.

@dvdmle Read the comment I put in the script ;)

Just to provide some feedback: I got it working today on a Google Pixel 8 shiba with CalyxOS 5.3.2 and Magisk 26.4 (26400).
I used the newer script version by ubergeek77 which worked flawlessly. I got this popup on the first boot, but after I executed the requested reboot, it never popped up again. Root is working; I did not try Zygisk though.

For anyone using this method: Don't use the updater in the Magisk App. If you have OEM Unlocking disabled, this will brick your phone pretty badly (failing to boot, unable to reflash via fastboot due to locked bootloader, neither recovery, nor fastbootd working anymore). I had to learn the hard way. My advice is to always enable OEM Unlocking while tinkering with the bootloader.