Linux with Wayland is now running on iPhone 7

栏目: IT技术 · 发布时间: 4年前

内容简介:Since the last post aboutAs you can see in the image above, the Linux distribution is now able to launch every sort of graphical window manager, for example Weston.Now if you want to try this on your own phone, here’s a complete new step by step guide whic

Since the last post about running postmarketOS Linux on iPhone 7 , I was finally able to mount and run larger and persistent system images from the iPhone system memory. Therefore I used the same technique Corellium was using in their Android build for the iPhone 7. Further, ephemeral write support for postmarketOS is achieved by using OverlayFS .

Linux with Wayland is now running on iPhone 7

As you can see in the image above, the Linux distribution is now able to launch every sort of graphical window manager, for example Weston.

Now if you want to try this on your own phone, here’s a complete new step by step guide which should work on most Linux desktops.

Preparing postmarketOS image

Let’s start with compiling the base image using the postmarketOS utility pmbootstrap .

pmbootstrap init
# Work path [/home/onny/.local/var/pmbootstrap]
# Vendor: qemu
# Device codename: aarch64
# Kernel: virt
# User interface: weston
pmbootstrap install

During the initialization, you can leave most of the variables as they are. As an example we’re choosing Weston as the user interface. After installation we have to change a configuration and run the install process again.

pmbootstrap chroot -r
# vi /etc/xdg/weston/weston.ini # change one variable
# [...]
# backend=fbdev-backend.so
# [...]
pmbootstrap install

We have to extract the initramfs and add our custom filesystem mounting procedure into the init script.

pmbootstrap initfs extract
[...]
mount_root-partition

/bin/mkdir -p /mnt/apfs /mnt/ro /mnt/rw
/bin/mount -t apfs -o ro,relatime,vol=5 /dev/nvme0n1p1 /mnt/apfs
/sbin/losetup /dev/loop0 /mnt/apfs/qemu-aarch64.img -o 60817408 -r
/bin/mount -t ext4 -o ro /dev/loop0 /mnt/ro
/bin/mount -t tmpfs tmpfs /mnt/rw
/bin/mkdir -p /mnt/rw/data /mnt/rw/work
/bin/mkdir -p /sysroot
/bin/mount -t overlay -o lowerdir=/mnt/ro,upperdir=/mnt/rw/data,workdir=/mnt/rw/work overlay /sysroot

init="/sbin/init"
[...]

There are two variables in the code snippet above. First there is the parameter vol=5 which specifies the target APFS volume we’ll create later on. If you already created more custom volumes on your phone, this value is probably higher. Secondly losetup specifies an offset -o 60817408 which represents the offset in bytes for the ext4 system partition inside the image. You can calculate this offset by multiplying sector size and start sector using fdisk .

Recompress the initramfs for the kernel.

cd ~/.local/var/pmbootstrap/chroot_rootfs_qemu-aarch64/tmp/initfs-extracted/
sh -c "find . | cpio  --quiet -o -H newc | gzip -9 > /tmp/ramdisk.cpio.gz"

Compiling the kernel with custom ramdisk

The following part is similar to the old guide but this time we’re using the initramfs image of pmbootstrap directly.

pacman -S aarch64-linux-gnu-gcc 
cd /tmp
git clone https://github.com/corellium/linux-sandcastle.git
cd linux-sandcastle
export ARCH=arm64
export CROSS_COMPILE=aarch64-linux-gnu-
make hx_h9p_defconfig
cp /tmp/ramdisk.cpio.gz .
make -j4
./dtbpack.sh
lzma -z --stdout arch/arm64/boot/Image > arch/arm64/boot/Image.lzma

Flashing system image and kernel

Be careful, the following steps are considered safe to use but this is still experimental and could brick your phone. Use it at your own risk!

This is not “flashing” in the traditional sense but now we’re going to use the bootrom exploit checkra1n to gain ssh root access on the phone. Put your phone into DFU mode and run following command:

checkra1n -cE
iproxy # leave this running while accessing via ssh
sshpass -p "alpine" ssh -p2222 root@localhost

Inside the iPhone root shell, we’re going to create a new APFS volume and mounting it. You have to do these steps only once, just remount the partition if you want to delete or overwrite the existing system image.

newfs_apfs -A -v postmarketOS -e /dev/disk0s1
mkdir -p /tmp/mnt
mount -t apfs /dev/disk0s1s6 /tmp/mnt

The volume /dev/disk0s1s6 should be the new “postmarketOS” volume. You can check this with /System/Library/Filesystems/apfs.fs/apfs.util -p /dev/disk0s1s6 .

Now we can transfer the system image inside the new volume using scp .

sshpass -p "alpine"  scp -P2222 -v ~/.local/var/pmbootstrap/chroot_native/home/pmos/rootfs/qemu-aarch64.img root@localhost:/tmp/mnt/

After that unmount the mountpoint on the iPhone and put it back into DFU mode. The following commands will run the Linux kernel and trigger the boot process up into our graphical user session :)

cd /tmp
git clone https://github.com/corellium/projectsandcastle
cd projectsandcastle/loader
make
checkra1n -cpE
./load-linux ../../linux-sandcastle/arch/arm64/boot/Image.lzma ../../linux-sandcastle/dtbpack

If you want to reboot into your postmarketOS system, you jsut have to rerun the last two commands. Changes made while running the system will be lost on reboot and are not yet persistent.

Shell access via USB serial

Since all this is in development state, it is convenient to have serial/shell access to the running system. Therefore you should add CONFIG_USB_G_SERIAL to the kernel configuration and append following line the the inittab file on the postmarketOS target root filesystem.

ttyGS0::respawn:/sbin/getty -n -l /bin/sh ttyGS0 9600 linux

During the next boot you’ll be able to access your phone, for example with minicom , at /dev/ttyACM0 .

To be continued

From here on it should be easy to enable Bluetooth and Wifi since it is already implemented by Corellium into their custom Kernel .

Drop me a mail if you have further question or want to support this project.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

测试驱动开发

测试驱动开发

Kent Beck / 孙平平、张小龙 / 中国电力出版社 / 2004-4-1 / 28.00元

《测试驱动开发》(中文版)设想把编程看成是转动曲柄从井里提一桶水上来的过程。如果水桶比较小,那么仅需一个能自由转动的曲柄就可以了。如果水桶比较大而且装满水,那么还没等水桶全部被提上来你就会很累了。你需要一个防倒转的装置,以保证每转一次可以休息一会儿。水桶越重,防倒转的棘齿相距越近。测试驱动开发中的测试程序就是防倒转装置上的棘齿。一旦我们的某个测试程序能工作了,你就知道,它从现在开始并且以后永远都可......一起来看看 《测试驱动开发》 这本书的介绍吧!

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

正则表达式在线测试
正则表达式在线测试

正则表达式在线测试

HEX HSV 转换工具
HEX HSV 转换工具

HEX HSV 互换工具