Technical Details

Donations

Here comes official Magisk support for the Galaxy S10!Let's get Magisk to kick start the development of these Samsung devices!Google enforces all devices that ships with Android 9.0 to use system-as-root in part of "Project Treble", so Samsung finally introduced their own "flavor" of the implementation. More details regarding system-as-root can be found in the official Google dev site . Samsung is using the A-only system-as-root setup, meaning that its boot image will only contain the kernel binary without ramdisk included. Similar setup has already been deployed on many new devices, and the solutions for those devices are rather simple: add a new ramdisk section into the boot image and hexpatch the kernel to always use ramdisk as rootfs. However in Samsung's case, the bootloader simply does not load anything other than the kernel binary to the memory, meaning no matter what we do the kernel will always use the system partition as root directory. This leaves us no option but to install Magisk onto the recovery partition.Installing to the recovery partition have its own issues: first is that a service called "flash_recovery" will run when the system starts up, which will restore the recovery image back to stock on startup. This is unacceptable because not only does it uninstall Magisk in the process, the data encryption key will also be changed due to fact that Samsung's data encryption keys are tied to the bootloader status and boot/recovery image signatures, and thus causing the device unable to boot in following reboots unless factory reset. The solution to this problem is to simply repack the boot image to remove the binary integrity and also the signature of the partition. The second issue is that since Magisk and recovery shares the same partition, how can we actually boot into recovery? (e.g. to factory reset your device, or have custom recovery co-exist with Magisk) Fortunately a solution that detects button key presses is introduced, which details are already provided in instructions.To make matters even worse, Samsung introduced a "VaultKeeper" service, which adds another "lock" on top of the OEM lock of the bootloader. By default the service will "relock" the bootloader after data is wiped. Only after the initial setup will it verify the OEM lock option and changes the bootloader state accordingly. If you are running custom firmware with stock system, DO NOT try to wipe data or else you might end up bricking your device due to vaultkeeper locking your bootloader up, which will eventually lead to bootloader refusing to boot because unofficial partitions are detected.For custom ROM developers, the first few things you would want to remove is VaultKeeper to protect your users from bricking their devices. For stock ROM users, just make sure to always boot to Magisk after a data wipe, or never power off your device before finishing the initial setup and verify OEM lock is enabled.For those who don't know, I bought a Galaxy S10 just for adding Magisk support and for future Samsung related development.This particular release is extremely difficult. Tons of effort is poured in to figure out ways to workaround these Samsung crazy setups.If you appreciate my effort, show some love and support