3

I'm trying to implement the incremental OTA update process for my custom Android ROM based on Android 7.0 Nougat. I've managed to build the first and second(modified) version of the firmware, so I have the first and second target_files.zip.

I've created the incremental OTA zip following the official guide (https://source.android.com/devices/tech/ota/tools), more exactly using this command: ./build/tools/releasetools/ota_from_target_files -i PREVIOUS-tardis-target_files.zip dist_output/tardis-target_files.zip incremental_ota_update.zip # make incremental from the older version

I installed the first firmware version on a device and tried to update it with the incremental_ota_update.zip with these steps:

  1. created the "command" file inside /cache/recovery folder with the following text inside it: --update_package=/cache/Update.zip

  2. manually copied the incremental_ota_update.zip inside the /cache folder

  3. ran the following command from my system app, which is a launcher app: RecoverySystem.installPackage(context, new File("/cache/incremental_ota_update.zip"));

The device restarts itself, arrives in the recovery menu with two options: restart device and restart with bootloader, I hit the "restart device" option. It restarts but no changes are made, the incremental update is not installed.

I checked the log file and it says:

Opening update package...
I:read key e=3 hash=20
I:1 key(s) loaded from /res/keys
Verifying update package...
I:comment is 1738 bytes; signature 1720 bytes from end
I:signature (offset: 0x3cfdfe, length: 1714): 308206ae06092a864886f70d010702a082069f3082069b020101310b300906052...[    2.849059] I:whole-file signature verified against RSA key 0
Update package verification took 0.1 s (result 0).
Error: Invalid OTA package, missing scatter
E:install package error, result = 1
Update.zip is not correct
Installation aborted.
nand type is emmc

After this I copied the ota_scatter.txt from the second target_files.zip and put it inside the incremental_ota_update.zip and retried the update process and now I get the following error:

Opening update package...
I:read key e=3 hash=20
I:1 key(s) loaded from /res/keys
Verifying update package...
E:footer is wrong
Update package verification took 0.0 s (result 1).
E:signature verification failed
E:install package error, result = 7
Signature verification failed
Installation aborted.
nand type is emmc

I don't know what I'm doing wrong, if anyone can help me out I will greatly appreciate it!

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Alexandru Spasenie
  • 43
  • 2
  • 5
  • Which recovery do you use? I would recommend to test in TWRP or in LOS recovery, and check logs there too, may be there will be more info. Are keys consistent between recovery and main ROM? Do you have the same issue with full updates, or incremental only? – Mixaz Jul 17 '19 at 08:42
  • @Mixaz I don't use TWRP or LOS(I looked them up to see what they mean). The keys are consistent(the firmware signature keys I assume). The full OTA works fine with the same technique, only the incremental one gives the error. – Alexandru Spasenie Jul 17 '19 at 09:53
  • anyway I would have tried TWRP to see if it's OTA package issue or recovery one. But what recovery do you use then? (sorry to ask you again)) – Mixaz Jul 17 '19 at 12:18
  • @Mixaz How can I verify which recovery do I use? I use the command: RecoverySystem.installPackage(context, new File("/cache/incremental_ota_update.zip")); this is found in the native Android SDK. I don't know which Recovery you're referring to. – Alexandru Spasenie Jul 17 '19 at 13:04
  • If you didn't install any custom recovery, it means a stock one is used, developed by vendor. There's a chance that it has issues with incremental update (I never used it myself, so just guessing). Usually stock recovery allows installing only updates signed with vendor keys, so I'm surprised you can install full updates. It's unlikely you'll get support for issues in stock recovery, switch to an open source one, if it runs on your hardware. More chances to get feedback from open source community. – Mixaz Jul 18 '19 at 16:52
  • @Mixaz Can you please explain what exactly you mean by "recovery" ? Because we don't get it (sorry if that sounds dummy). Is that a file, a script inside the firmware? – AlexAndro Jul 20 '19 at 13:25
  • You say that usually allows just updates signed with vendor keys. But shouldn't be the system keys (platform..x509.pem and platform.pk8) found inside the firmware? Thanks. – AlexAndro Jul 20 '19 at 13:31
  • @Mixaz or is that (recovery) a tool, a command, a process.... ?☺️ – AlexAndro Jul 20 '19 at 13:40
  • https://www.androidcentral.com/what-recovery-android-z , about the system keys - firmware (recovery) keeps only public key, the private one is used when you sign OTA packages (and system apk files etc). Google about public-private keys – Mixaz Jul 21 '19 at 14:25

1 Answers1

0

We would like to update you on this issue. We found the problem. As with all OTA updates, you need to check that you are creating the OTA Update zip with the same tool provider as the restore app on the device.

Our scatter error was due to a name mismatch. The restore app script was looking for scatter.txt. Other issues followed after we renamed the file.

As you can guess, you should not have to rename files or move them in the OTA update zip. All needed files should be there in the correct format and with the correct name.

In short, we found the correct tool to create the OTA Zips and the correct command.

How is this useful for you?

  • search for your error in the source folder for your firmware
  • analyse the results and open relevant files
  • understand what tool is restoring your OTA updates
  • make sure that you are creating the OTA with the same vendor provided OTA creating scripts

In our case the vendor was Mediatek.

Here is a helpful bit:

FULL OTA

    ./build/tools/releasetools/ota_from_target_files -v \
    $(if $(filter true,$(TARGET_USERIMAGES_USE_UBIFS)),-g,--block) \
    -p $(HOST_OUT) \
    -k $(KEY_CERT_PAIR) \
    -s ./device/mediatek/build/releasetools/mt_ota_from_target_files \
    $(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
    $(BUILT_TARGET_FILES_PACKAGE) $@

Incremental OTA

    ./build/tools/releasetools/ota_from_target_files -v \
    $(if $(filter true,$(TARGET_USERIMAGES_USE_UBIFS)),-g,--block) \
    -p $(HOST_OUT) \
    -k $(KEY_CERT_PAIR) \
    -s ./device/mediatek/build/releasetools/mt_ota_from_target_files \
    $(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
    -i \
    $(BUILT_TARGET_FILES_PACKAGE) $@

Any other techy detail will only confuse you at this point. Breath in, breath out and search for your error in the code. That is your way in... Happy hunting.

V Radoiu
  • 1