LineageOS vs. CalyxOS vs. DivestOS

Aside from locked bootloader/integrated microG, does calyxos even do anything really special when compared to LineageOS?

It does do quite a bit more compared to LineageOS, yes. The real question is does it do much more than DivestOS? And the answer is no it doesn’t really, except for now it supports some devices which DOS/GOS don’t.

A good comparison list to get started on your research if you’re interested in digging into the differences:

2 Likes

I’ve seen that list, Let me try to go to the list 1 by 1

  1. “Yes, Somewhat” to deblobbed, which confuses me. Because I’m quite sure LineageOS also is in their charter

All maintainers MUST NOT require a modified prebuilt vendor image either in their build tree, or on the Wiki

All devices MUST NOT ship a prebuilt kernel.

  1. Network-based NLP: It’s just integrated microG

  2. Idk what PSDS is so I’ll refrain from commenting on it, let’s just say this one is a win for calyx for simplicity sake

  3. Google Play Services: #2

  4. Screenshot metadata stripping: I don’t think it matters all that much, scrambled exif exists if you need it

  5. verified boot, calyx supports nowhere near the amount of device lineage does

Which leads me back to my question, does calyx do anything special aside from integrated microG?

  1. this means not modifiying/repacking a stock vendor image, but building the image from their own sourced blobs. it does NOT mean deblobbed or compiled from source.
  2. Google and Qualcomm also have their own NLP: Play and IZat respectively.
  3. I document SUPL and PSDS here: https://divestos.org/misc/gnss.txt
  4. ?
  5. The screenshot typically includes device software version, exact timestamp, timezone, and a UNIQUE ID, here is the patch CalyxOS made that DivestOS uses.
  6. CalyxOS still doesn’t document the verified boot limitations of devices like FP4 or axolotl like DivestOS does: Faq - DivestOS Mobile
2 Likes
  1. I know, but LineageOS is also at the very least partially deblobbed. From combing the lineage tree, comparing it to the original vendor blob, and also talking to the devs, the aim seems to be blob minimisation and not complete removal. They don’t just slap random blobs, but also compile from source whenever possible. Perhaps not as much as divest, but saying that they don’t do it is just disingenuous

  2. UnifiedNLP is just what a typical microG installation use (eg. this), that’s why I lump it in as preinstalled microG

  3. Thanks

  4. The difference between Lineage and Calyx in this section is just preinstalled microG

  5. That’s why I said Scrambled Exif, which also randomises the file name

  6. That’s a point against calyx then

@KDEBacon
A ROM would be silly to use the stock vendor partition and this is why GSIs are bad.

Most ROMs do ship fewer blobs than stock, but both CalyxOS and GrapheneOS ship even less blobs than LineageOS.

One of the main examples of this is all the carrier junk that LineageOS will happily include.

Including spyware blobs from eg. Verizon isn’t deblobbed in my book: https://github.com/LineageOS/android_device_google_bluejay/blob/1155c594916d282ede59e75651e20c4374219abe/proprietary-files.txt#L147-L151

Including invasive analytics to Google that run every boot isn’t deblobbed either: https://github.com/LineageOS/android_device_google_bluejay/blob/1155c594916d282ede59e75651e20c4374219abe/proprietary-files.txt#L26

DivestOS takes it even further to the point of breaking features like DRM, HDCP, HDR, VoWiFi, tap to pay, audio processing effects, carrier multicast, regional specific NFC support (FeliCa), and tons of other junk.

See also how this started (basically Sprint/OMA-DM spyware): On removal of proprietary blobs · Issue #624 · AndroidHardeningArchive/legacy_bugtracker · GitHub

tl;dr the “deblobbing” done by LineageOS should be considered the absolute bare minimum, any system not doing that isn’t on the table

4 Likes

It probably depends on the specific maintainer then, I guess. but that’s a fair point

Not a criticism but I found it funny how you basically nuked 95+% of XDA with that statement alone

I linked bluejay to counter this directly, it is maintained by the same person as under CalyxOS which removes those blobs.

You must understand the bulk of CalyxOS is done by people who were already working on LineageOS for years.
There is considerable overlap, even if CalyxOS is no longer a direct fork of LineageOS.

I mention this, because it directly raises the question why Lineage would include it when the same maintainers remove it under CalyxOS.

2 Likes

Not all maintainer slaps 30+ prebuilt apks on lineage and just call it a day. ngl this is the first time I’ve seen that many

Here are rough blobs counts for LineageOS 14.1 through 20.0, for just the devices I build DivestOS for: gist:6d24901c92cee6f4bb4f11e0a26b0872 · GitHub

(20.0 won’t be accurate as it has been deblobbed as it is currently compiling the December ASB update)

older devices do have fewer blobs, as they typically had less in the first place, didn’t need 32+64-bit blobs, or were removed as they became incompatible with newer versions

some devices in there have few blobs because they rely on the stock vendor image like bullhead/angler, dragon, and hero*lte

some may look low, but only because they have a corresponding -common vendor tree

the count is also just a simple wc -l so it includes whitespace and comments

The gist changed partway through me reading it smh. That aside, is this the amount total, or the amount you removed? Because everybody knows a full open source stack is not possible. So a better comparison is blob count diffs between calyx/lineage/dos

It is total count. I changed it from counting lines in makefiles to lines of bloblists which is more accurate as the makefiles may contain extra or duplicate definitions for building.

Getting a truly accurate count is extremely tedious, comparing even more so.
I used to have a count of how many blobs DivestOS removed on the website, but it was an extreme hassle to maintain: Patch Levels - DivestOS Mobile

1 Like

and that’s why absolute blob count doesn’t really tell the whole story. Even when you removed a lot of it, divest still also relies on hundreds if not thousands of blobs.

Then my question becomes, why is it when lineage does blob reduction, you call it “the absolute bare minimum”. But when you do it, it’s extensive? Especially when I’m quite sure that the diffs between lineage and stock vendor is far larger than the diffs of calyx/dos and lineage

I’d reframe it to overlooking counts and more so the impact of removing them.

Of the remainder blobs in use (by LineageOS), which are invading privacy or are a hazard to security?

Some examples:

  • Qualcomm devices were sending off chipset serial numbers to Qualcomm for years which LineageOS (and others) were all doing until earlier this year, when DivestOS because of its deblobber hadn’t since 2017/2018.
  • DivestOS removes Wi-Fi calling because it bypasses the VPN slot and lets your carrier know your true IP address for every access point you connect to.
  • DivestOS removes DRM because they collect specific device identifiers and tie them to your identity (eg. credit card of Netflix account).
  • DivestOS removes carrier blobs because they (even if they are or aren’t your carrier) don’t need access to your contacts or potentially your more precise location.

Also anything that can be removed should be removed in order to remove risk from known/unknown security issues.
As an example of this take a look at any Qualcomm security bulletin for the proprietary components section, here is a quote from a December one:

Summary

Affected Chipsets:
315 5G IoT Modem, 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, APQ8017, APQ8037, AQT1000, AR8031, AR8035, C-V2X 9150, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, FSM10055, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ5010, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9205S, MDM9230, MDM9250, MDM9330, MDM9628, MDM9630, MDM9640, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, PMP8074, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA2062, QCA2064, QCA2065, QCA2066, QCA4004, QCA4024, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9888, QCA9889, QCA9984, QCC710, QCM2290, QCM4290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8550, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6224, QCN6274, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS410, QCS4290, QCS4490, QCS5430, QCS610, QCS6125, QCS6490, QCS8550, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QFW7114, QFW7124, QRU1032, QRU1052, QRU1062, QSM8350, QTS110, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Robotics RB3 Platform, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8770P, SA8775P, SA9000P, SC8180X+SDX55, SC8380XP, SD 455, SD 675, SD 8 Gen1 5G, SD 8CX, SD460, SD626, SD660, SD662, SD670, SD675, SD730, SD820, SD835, SD855, SD865 5G, SD888, SDM429W, SDX55, SDX57M, SG4150P, SG8275P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SM8550P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 430 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 630 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c Compute Platform (SC7180-AC), Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) “Rennell Pro”, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile PC Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 8c Compute Platform (SC8180X-AD) “Poipu Lite”, Snapdragon 8c Compute Platform (SC8180XP-AD) “Poipu Lite”, Snapdragon 8cx Compute Platform (SC8180X-AA, AB), Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) “Poipu Pro”, Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) “Poipu Pro”, Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB), Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon Wear 2100 Platform, Snapdragon Wear 2500 Platform, Snapdragon Wear 3100 Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SW5100, SW5100P, SXR1120, SXR2130, SXR2230P, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCD9390, WCD9395, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3999, WCN6740, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H

It is basically every single Qualcomm device in the past decade+ that is impacted.

So to answer your question of why Lineage is minimal and DivestOS is extensive, is because DivestOS will happily break “features” if necessary to meet its goals.

edit: also because this is going on a while, I hope this information is helpful, please don’t take it as arguing or anything :slight_smile:

4 Likes

I feel like you are implying that the initial blob reduction made by lineage doesn’t have an impact. Because there’s a massive difference between “they did nothing” and “it could be better”.

You should probably just say that from the start. Then it’ll be more understandable. Now it’s closer to “Lineage have different goals compared to divest” (also I don’t think my device (gta4xl/vayu) have carrier blobs, that’s what I meant by it depends on the maintainer. I could be wrong on this and missed something though. I think vayu doesn’t include DRM while gta4xl does)

I guess we should go back a bit to the original topic (calyx vs lineage specifically), does calyx do what your examples mentioned? afaik calyx have wifi calling

@KDEBacon
CalyxOS doesn’t, that is why it is “somewhat”, which also answers your original question.

I’ve asked the table author to change the status for LineageOS and derivatives to minimal: Misc Android table updates · Issue #13 · eylenburg/eylenburg.github.io · GitHub

vayu may not have explicit carrier junk (it still has RCS) but it still has nasty blobs from Tencent in the form of Soter, blobs from Alibaba for Alipay, and blobs from Google for hotword triggering: https://github.com/LineageOS/android_device_xiaomi_sm8150-common/blob/3a357b9826d65c4c3497d24eb37e603468def5c3/proprietary-files.txt

Both vayu and gta4xl also include Widevine for DRM as well.

Thank you

Interesting, I checked vayu tree but forgot to check SM8150-common, that kinda sucks then.

Anyway, with calyx also having relatively minimal deblobbing (I guess a bit more on some device as you said, but both still not reaching divest). Back to my original original question

I personally think that if we are going to reconsider calyx on the ground of availability (which I think we are). Lineage would generally be a better fit for that role

(or maybe you could automate rebuilding every official lineage device to divest and we can just not consider calyx/lineage on PG) /halfjoke