Menu
This question is related to device-mapper-verity (dm-verity) kernel feature, which provides transparent integrity checking of block devices. dm-verity helps prevent persistent rootkits that can hold onto root privileges and compromise devices.
The following command working fine to disable or enable verity on userdebug builds.
adb disable-verity
adb enable-verity
But these command are not working on user builds. is there any alternative on user builds?
393
Android verified boot As dm-verity is a kernel feature, in order for the integrity protection it provides to be effective, the kernel which the device boots needs to be trusted. On Android, this means verifying the boot partition, which also includes the root file system RAM disk and the verity public key.
Open a TWRP root shell and type: Code: surya:/ # avbctl get-verity verity is disabled. surya:/ # avbctl get-verification verification is disabled.
In short I can't give you a solution to this yet.
However here are some useful hints: That's the error I got:
C:\Users\Test>adb remount
dm_verity is enabled on the system and vendor partitions.
Use "adb disable-verity" to disable verity.
If you do not, remount may succeed, however, you will still not be able to write to these volumes.
remount of system failed: Permission denied
remount failed
(^Some exact text is also important for people that search in google to find here^)
When reverse engineering/Decompiling '\sbin\adbd' with IDA Hex-rays I notice That the relevant adbd source code that outputs this error is in net:
void remount_service(int fd, void *cookie)
{
char buffer[200];
char prop_buf[PROPERTY_VALUE_MAX];
bool system_verified = false, vendor_verified = false;
property_get("partition.system.verified", prop_buf, "0");
if (!strcmp(prop_buf, "1")) {
system_verified = true;
}
property_get("partition.vendor.verified", prop_buf, "0");
if (!strcmp(prop_buf, "1")) {
vendor_verified = true;
}
if (system_verified || vendor_verified) {
// Allow remount but warn of likely bad effects
bool both = system_verified && vendor_verified;
snprintf(buffer, sizeof(buffer),
"dm_verity is enabled on the %s%s%s partition%s.\n",
system_verified ? "system" : "",
both ? " and " : "",
vendor_verified ? "vendor" : "",
both ? "s" : "");
write_string(fd, buffer);
snprintf(buffer, sizeof(buffer),
"Use \"adb disable-verity\" to disable verity.\n"
"If you do not, remount may succeed, however, you will still "
"not be able to write to these volumes.\n");
write_string(fd, buffer);
}
if (remount("/system", &system_ro)) {
snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
write_string(fd, buffer);
}
if (hasVendorPartition()) {
if (remount("/vendor", &vendor_ro)) {
snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno));
write_string(fd, buffer);
}
}
if (!system_ro && (!vendor_ro || !hasVendorPartition()))
write_string(fd, "remount succeeded\n");
else {
write_string(fd, "remount failed\n");
}
adb_close(fd);
}
http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c btw the adb deamon I used to decomile is from Android 5.1.1.
So the essential points here are the partition.vendor.verified and partition.system.verified. If they set to "1" you'll get the error.
Well next will be to hunt down the why and how these are set ... and how to prevent that.
However all what adb remount does is remounting /system (and maybe /vendor). You can also do this your own:
adb shell su mount -o remount /system
That little line usually help me out and accomplished the same. The su - that'll do the trick. (But yes the su command will only be there if your device is 'rooted'.)
191
adb disable-verity will work only with adb version 1.0.33 and above. so upgrade your adb version
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
