Session 27 — 2026-03-28a
| Field | Value |
|---|---|
| Date | 2026-03-28 |
| Phases | 03a, 03b, 03b2 |
| Duration | ~2 h |
ABL v2.0 — Brick
Implemented hall sensor GPIO read using raw MmioRead32(0x03069004) in LinuxLoaderEntry. Built v2.0, signed -v 5, flashed via EDL. Device bricked. Red LED on, no USB enumeration, no 9008. Root cause: MmioRead32 on unmapped TLMM page → data abort → ABL crash. Only recovery: battery drain → PBL 9008.
v2.0 binary deleted. v2.1 built with safe GCD memory mapping (gDS->GetMemorySpaceDescriptor + AddMemorySpace + SetMemorySpaceAttributes(EFI_MEMORY_UC)) and graceful fallback if mapping fails. CLAUDE.md constraint 10 added: never use raw MmioRead32 without GCD mapping.
TWRP Crypto Root Cause
Isolated FDE prompt cause without Magisk: Android boot → adb reboot recovery → cancelled TWRP password prompt (read-only) → rebooted → FDE prompt appeared. TWRP’s keymaster/TZ interaction during boot taints TrustZone state. Magisk is not the cause.
Options evaluated: (1) skip crypto — simplest; (2) disable FDE via fstab; (3) fix TWRP keymaster integration — blocked by RoT binding, keystore2 SIGSEGV, no kernel source. Decision: option 1.
TWRP v3.5 Footer Fix
Patched cryptfs.cpp: replaced failed_decrypt_count increment + put_crypt_ftr_and_key call on error with rc = -1 (no footer write). After v3.5: failed_decrypt_count = 0 confirmed in footer. FDE prompt still appears — footer write was not the sole cause, but preventing it is still correct behavior.
BCB Wipe Confirmed
BCB contained: boot-recovery + recoveryn--wipe_datan--reason=CryptKeeper.MAX_FAILED_ATTEMPTS,20. TWRP does not process --wipe_data from BCB and does not clear BCB after boot — causes boot loop. Cleared manually with dd if=/dev/zero.