- Fix a nasty regression since version 2.0.0 where recovery mode's
otacerts.zipmodifications were lost when using--prepatchedwith Magisk on some older devices, like the Pixel 4a (Issue #356, PR #357)- This affected older devices without
vendor_bootorrecoverypartitions. - This caused sideloading patched OTA updates from recovery mode to break on the affected devices. To fix the problem without wiping the device and starting fresh, please follow the steps in the PR.
- This affected older devices without
- Print a useful error message when trying to prompt for a passphrase without an interactive terminal (PR #336)
- Add a new
--zip-mode seekableoption to allow writing OTA zip files without data descriptors (Issue #328, PR #337) - Add new commands for packing and unpacking logical partition images (
super.img) (PR #342, PR #343) - Add new commands for packing and unpacking Android sparse images (PR #347)
- Allow
avbroot payload repackandavbroot payload infocommands to read delta payloads (PR #354) - Switch to passterm library for password prompts (PR #355)
- Add support for gzip compression when computing CoW size estimates (Issue #332, PR #333)
- This allows
--replaceto successfully replace dynamic partitions on legacy devices, like the Pixel 4a 5G
- This allows
- Minor code cleanup (PR #334, PR #335)
- Update all dependencies (PR #329)
- Add new unpack and pack commands for
payload.binfiles (Issue #328, PR #331)
- Fix (unreachable) minor error handling logic when attempting to use unsupported AVB signing algorithms (PR #311)
- Add support for performing signing operations with external programs (Issue #310, PR #312)
- See the linked issue for an example of how to sign with a Yubikey.
- Recompute CoW size estimate when replacing dynamic partitions (Issue #306, PR #307)
- Fixes out of space error when flashing a patched OTA that uses
--replaceto replace a dynamic partition (eg.system) with a larger or more incompressible image
- Fixes out of space error when flashing a patched OTA that uses
- Add
avbroot payload infosubcommand for inspectingpayload.binheaders (PR #309)
- Add prebuilt binary for Android (aarch64) (PR #304)
- Add new
--recompute-sizeoption toavbroot avb packto automatically recompute the image size for resizable images (Discussion #294, PR #296) - Add new
--output-infooption toavbroot avb packto write a newavb.tomlfile containing computed values (PR #297) - Add support for upcoming Magisk Canary 27003 (Issue #301, PR #268)
- Increase hash tree and FEC size limits to accommodate partition images up to 8 GiB (Issue #291, PR #293)
- Fix potential infinite loop when interrupting avbroot at the right moment to a bug in the bzip2-rs library (Issue #285, PR #287)
- Update all dependencies and fix new clippy lints (PR #288)
- Add support for adding the custom AVB public key to the list of trusted keys for DSU (booting signed GSIs) (Discussion #286, PR #289)
- Build universal binary for macOS (Issue #278, PR #279)
- Use
fastboot flashallfor initial setup to avoid needing to manually flash every partition (PR #253) - Remove binary test files in the git repo and generate them at runtime (Issue #265, PR #276)
- Fix portions of a couple error messages being incorrectly quoted (PR #277)
- Cache salted SHA-256 contexts for a small performance improvement (PR #257)
- Fix loading certificates that have extra text outside of the marker lines (PR #261)
- The
OEMUnlockOnBootmodule has been split out to a separate repo (Discussion #235, PR #246)- https://github.com/chenxiaolong/OEMUnlockOnBoot
- The new module supports the automatic update mechanism within Magisk/KernelSU
- Add support for Magisk v27.0 (PR #255)
- Switch to using a proper logging library (PR #251)
- Folks who want to see the juicy details during patching can use
--log-level debugor--log-level trace
- Folks who want to see the juicy details during patching can use
Behind-the-scenes changes:
Happy New Year! This release brings two major changes:
-
The OTA certificates (
otacerts.zip) in the system partition are now patched. Theclearotacertsmodule from avbroot (or thecustomotacertsmodule from Custota) are no longer needed and can be safely uninstalled.This makes it possible to use Pixel's new Repair Mode safely. To do so, follow the instructions in the documentation here.
-
Autodetection for boot partitions is now significantly more reliable. For KernelSU users or folks who have more obscure devices, the
--boot-partitionoption is no longer required (and is now ignored).
Full list of changes:
- Add support for AVB 2.0 format 1.3.0 (for Android 15) (PR #210)
- Add new
avbroot key decode-avbcommand for converting AVB-encoded public keys to the standard PKCS8-encoded format (PR #219) - Improve autodetection of boot images (Issue #218, PR #221, PR #237)
- Build precompiled executables as statically linked executables (Issue #222, PR #224, PR #227)
- Limit critical partition check to bootloader-verified partitions (Issue #223, PR #226)
- Improve patching performance by spliiting new partition images into chunks and compressing them in parallel (PR #228)
- Also verify whole-partition hashes when running
avbroot ota verify(PR #229) - Add support for patching
otacerts.zipon the system partition (Issue #225, PR #240, PR #244) - Document how to use Repair Mode safely (Issue #216, PR #243)
Behind-the-scenes changes:
- Fix lint warnings introduced in Rust 1.74.0 (PR #211)
- Temporarily silence RUSTSEC-2023-0071 warning in cargo-deny (PR #214)
- Add support for partially updating FEC data (PR #230, PR #231, PR #234)
- Fix hash tree calculation for images smaller than one block (PR #232)
- Refactor hash tree code and add tests, CLI commands, and support for partial updates (PR #233)
- Generate mock OTAs to use for end-to-end tests (PR #241)
- Update all dependencies (PR #245)
- Add support for XZ-compressed ramdisks (Issue #203, PR #207)
- Merge property and kernel command line AVB descriptors when replacing partitions (Issue #203, PR #208)
- Improve error messages when using
--replacewith an image that has the wrong AVB descriptor type (Issue #201, PR #202) - Automatically update legacy
dm=kernel command line descriptor when packing AVB images (Issue #203, PR #205) - Automatically promote insecure hash algorithms (eg. sha1) to sha256 when packing AVB images (Issue #203, PR #206)
- Mark Magisk 264xx as supported (PR #199)
- Fix missing
--helptext foravbroot avb unpack's--ignore-invalidoption (PR #183) - Group
avbroot ota patch --helpoutput into more readable sections (PR #184) - Add more checks to ensure that the OTA has a secure AVB setup (PR #188)
- OTAs with blatantly insecure or missing AVB configuration are now more likely to be rejected by avbroot to avoid providing a false sense of security.
- Allow
avbroot avb verifyandavbroot ota verifyto work for dm-verity partitions that use insecure SHA1 hashes (PR #190) - Add support for legacy Android 11 OTAs (Discussion #195, PR #196)
Behind-the-scenes changes:
- Bump maximum payload manifest size to 4 MiB (PR #182)
- Rework file handle reopen functionality to use traits instead of callbacks (PR #189)
- Don't set signature algorithm field for indirectly signed boot images (PR #191)
- Update dependencies (PR #197)
It's Android 14 release day! All versions of avbroot, including the old Python version, are compatible with Android 14 OTAs.
Changes:
- Add new unpack and pack commands for cpio archives (ramdisks) (PR #173, PR #178)
- Rename
header.tomltoboot.tomlfor the boot image unpack and pack commands (PR #175)- Also changes the file format a bit to make it more readable.
Behind-the-scenes changes:
- Add streaming CPIO reader and writer (PR #172)
- Update dependencies (PR #174, PR #181)
- Switch to prost for protobuf encoding/decoding (PR #176)
This release is all about hardening avbroot against untrusted (or corrupted) inputs. While all of avbroot's parsers are memory-safe, it's still possible for crashes to occur due to logic issues like allocating too much memory or dividing by zero. With this release, most of these potential issues have been fixed and fuzz tests have been added to help find more of these situations.
On the filesystem side of things, it is no longer possible for a nefarious program to cause avbroot to write to unintended locations by eg. swapping out an output directory or temp directory with a symlink while it is running.
Behind-the-scenes changes:
- Consolidate logic for handling
--pass-fileand--pass-env-var(PR #156) - cargo-deny: Block executables in dependencies (PR #133)
- Implement size limits for parsers to prevent allocating too much memory (Issue #157, PR #158, PR #159, PR #164, PR #168, PR #169, PR #170)
- Add fuzzers to help catch panics/crashes (Issue #160, PR #161, PR #162, PR #163, PR #165, PR #167)
- Use handle-based directory operations instead of path-based directory operations (Issue #166, PR #171)
- Add support for dm-verify FEC (forward error correction) (Issue #145, PR #146)
ota verifyandavb verifywill now check the FEC data.
- Print status and warning messages to stderr (PR #149)
- Add new
avb unpack,avb pack, andavb repackcommands for AVB images (Issue #144, Issue #148, PR #152)avb verifynow optionally accepts--repairto fix corrupted dm-verity images.
Behind-the-scenes changes:
- Remove unnecessary use of
Arc(PR #147) - Use bstr crate to escape mostly UTF-8 binary data (PR #150)
- Improve error fields and error contest (PR #153)
- Upgrade xz version in precompiled binaries (Issue #138, PR #139)
- This fixes the
ota extractandota verifycommands in some multithreaded situations.
- This fixes the
- Add
--versionoption to print out avbroot's version (Issue #138, PR #140)
- Fix
data_offsetbeing set for payload operations that don't need it (PR #136)- This fixes patched stock OnePlus images from being rejected when flashing.
Behind-the-scenes changes:
- Move full OTA check to CLI functions to allow library functions to parse delta OTAs (PR #135)
- Remove unnecessary use of
anyhowmacro (PR #137)
- Add support for Magisk 263xx (PR #132)
- Initial Rust release. The old Python implementation can be found in the
pythonbranch. (PR #130)