Indicate if firmware is included in /e/os

chrisatronic · June 15, 2024, 8:34am

Few days ago google warned about security issue CVE-2024-32896 affecting all their pixel smartphones (some people pointed out that this CVE affects also devices from other vendors). Google provides the patch via firmware update, so I wanted to know if /e/os updates also include firmware updates. Unfortunately, it’s not that easy to find out, but it seems that the answer is no. Some ROMs like iodé or divestos clearly state on their website for each device whether the software contains the firmware or not. Maybe /e/os could do it in a similar way?
By the way, I tried to update the firmware manually on my pixel 7 by flashing the latest android 13 vendor.img from google https://developers.google.com/android/drivers?hl=de, but the device wouldn’t start anymore. Had to re-install e os to make it work, no data lost.
With my previous xiaomi mi8 on /e/os, I also had to update the firmware manually. This usually worked well.

piero · June 15, 2024, 1:59pm

[Walkthrough] Extract eRecovery and boot images using payload-dumper-go

$ ./payload-dumper-go -o OutputFolder -p dtbo,vbmeta,recovery e-1.15-t-20230919331436-dev-instantnoodlep.zip
Please wait while extracting payload.bin from the archive.
payload.bin: /tmp/payload_185369925.bin
Payload Version: 2
Payload Manifest Length: 115665
Payload Manifest Signature Length: 267
Found partitions:
abl (225 kB), aop (205 kB), bluetooth (455 kB), boot (101 MB), cmnlib (401 kB), cmnlib64 (520 kB), devcfg (57 kB), dsp (67 MB), dtbo (25 MB), featenabler (90 kB), hyp (451 kB), imagefv (1.2 MB), keymaster (266 kB), logo (9.6 MB), modem (193 MB), multiimgoem (16 kB), odm (375 MB), product (450 MB), qupfw (57 kB), recovery (101 MB), storsec (25 kB), system (1.5 GB), system_ext (371 MB), tz (3.2 MB), uefisecapp (127 kB), vbmeta (8.2 kB), vbmeta_system (4.1 kB), vendor (901 MB), xbl (4.0 MB), xbl_config (94 kB)

[Walkthrough] Extract eRecovery and boot images using payload-dumper-go

This post Will answer if firmware is present but not its release date.
…
One the /e/ download page, is a link to /e/ release notes, it indicate the date of the CVE included.

aibd · June 15, 2024, 2:17pm

… but not this one which is not a regular Android SPL, but a quite recent June, I think, (Pixel specific, I read at one source, but only a quick read) Vendor firmware SPL.

GabrielT · June 15, 2024, 4:22pm

From what I know, only FairPhones, murena One/Two Phones and Teracube 2e phone have received firmware updates through /e/ os updates.

I agree that we would need clearer information on which phone has its firmware updated or not as it may sometimes be very important or at least valuable.

chrisatronic · June 15, 2024, 6:37pm

My pixel 7 on /e/os 2.1 indicates baseband version g5300g-230323-230525-B-10200345. I think it’s still the latest version for Android 13, despite that it was released around June 2023. Newer baseband versions were only released for Android 14, so I guess that a firmware patch would also only available for Android 14. Therefore, if /e/os doesn’t include the firmware and I’d like to install the latest firmware manually, I guess that /e/os needs to upgrade to android 14 first anyway.

I don’t understand what the problem is, but grapheneos say that CVE-2024-32896 affects other devices (from other vendors) too. The patch was introduced in AOSP and rolled out as part of Android 14 QPR3. I’m just a user and find this all confusing, to be honest.
https://x.com/GrapheneOS/status/1801222333761225020

system · August 14, 2024, 8:34am

This topic was automatically closed after 60 days. New replies are no longer allowed.