Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
CarbolDroid said:
Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
Click to expand...
Click to collapse
I don't believe that recoveries are able to update a phone with an encrypted data partition unless you're using stock. I do believe you can flash back to stock if something goes wrong, although you would certainly have to format /data to get back into it. However, the actual login process (if I remember correctly, it's been a while) is that the bootloader starts you in a "dummy" environment of sorts that just asks you for your password. If it checks out, the system reboots, passing that key on to the "real" operating system which decrypts the data volume.
I'd echo though that it's really not something you should fool around with.
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Some ROMs do not force encryption. They can still be encrypted. It depends on the kernel. You will need to perform a wipe to unencrypt
stevew84 said:
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Click to expand...
Click to collapse
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
cam30era said:
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
Click to expand...
Click to collapse
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Encryption depends on the kernel or more accurately the fstab, so it depends what kernel is supplied with the ROM or which kernel you plan on flashing with the ROM.
There are 2 types of ROM. Stock based and AOSP based. I find it hard to believe any AOSP ROM dev would turn on force encryption, but with a stock ROM, it could be on or off - depending. Read each thread to find out.
All ROMs and kernels are encryption enabled by the way. Turning off force encryption inky prevents first boot from encrypting your data partition. You can still turn on encryption yourself in settings and if you're already encrypted, turning off force encryption will not unencrypt your data, so it will still be on. Once force encryption has been turned off, you must then format /userdata to remove encryption
stevew84 said:
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Click to expand...
Click to collapse
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
cam30era said:
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
Click to expand...
Click to collapse
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
It says in my post
Encryption will stay on unless you completely wipe the device and have a kernel installed that doesn't force you to encrypt. So you'll never see an option for decrypting your device. This comes with a huge warning that ANYTHING on the internal storage will be lost, that goes for the ROM and your files, including your ROM zip files for flashing. If you want to decrypt the device I suggest you first practice by flashing a ROM that you copy into your phone while in recovery so you know you can do it.
Guide: http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
This will get you to a clean slate, make sure you test MTP (file transfer over usb from computer) in recovery and verify that you can move files over to your device in recovery. You should already have a custom recovery installed such as TWRP. If you are considering disabling make sure you know exactly what is going on first, its not as straight forward as it seems. Goodluck
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
If you are on stock, rooted, or a non-CM12 based ROM, one way is to go here > http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
Remember, after flashing the boot.img, you need to "fastboot format userdata" to unencrypt. This will wipe your SDcard.
rootSU said:
It says in my post
Click to expand...
Click to collapse
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
stevew84 said:
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
Click to expand...
Click to collapse
Because you were already encrypted.
stevew84 said:
I don't know the pros/cons of having it that way, or not.
Click to expand...
Click to collapse
Pros for encryption;
- security. This is pretty obvious, if somebody hostile gets their hands on your phone, your data will not be obtained by them.
Cons;
- performance and battery life. There is indication in AOSP that google *intends* to activate hardware crypto, but as of yet, have not. That means that the crypto function is done on your main CPU, which is (a) not as fast as the hwcrypto block, and (b) takes up valuable CPU cycles from other software that is running, and (c) anything that uses CPU heavily will consume battery.
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
rootSU said:
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
Click to expand...
Click to collapse
That isn't a con of encryption. That's a con of using broken software to perform your backup.
doitright said:
That isn't a con of encryption. That's a con of using broken software to perform your backup.
Click to expand...
Click to collapse
The con of encrypting data is that it may not always decrypt-able. Regardless of the root cause being Android, Windows, Linux or "broken software". If doing something to your data leads to it being useless via whatever means, then there is a negative effect of doing that something to your data
Having some real performance issues and I miss flashing ROMs so I wanted to give it another shot.
Problem is my employer requires device admin powers and full device/sdcard encryption in order for me to have my work exchange account (emails/calendar) on the device.
If I root the device and put on a custom ROM, will I have problems encrypting it, or will it just work like it did on stock?
Thanks!
I'd advise AGAINST using a custom ROM as you won't be able to access the native file system through a custom recovery (once encrypted). Rooting (alone) would be OK though.
Hey all,
I have a SM-T818V device running 6.0.1 APJ1 build.
The device is currently encrypted for internal storage (there is no option listed to encrypt the device listed in the Lockscreen and Security settings where it is normally listed).
However, even after Factory Resetting the device, it still appears to be encrypted.
Anyone have an idea on how to decrypt the device once it has been encrypted? I've been scouring settings and searching forums for a way to do this, but not really seeing many references to this issue or real solutions.
Thanks!
evrkusd said:
Hey all,
I have a SM-T818V device running 6.0.1 APJ1 build.
The device is currently encrypted for internal storage (there is no option listed to encrypt the device listed in the Lockscreen and Security settings where it is normally listed).
However, even after Factory Resetting the device, it still appears to be encrypted.
Anyone have an idea on how to decrypt the device once it has been encrypted? I've been scouring settings and searching forums for a way to do this, but not really seeing many references to this issue or real solutions.
Thanks!
Click to expand...
Click to collapse
Devices released with MM are encrypted by default. It can be disabled on devices that don't have locked bootloaders. However your device has a locked bootloader.
ashyx said:
Devices released with MM are encrypted by default. It can be disabled on devices that don't have locked bootloaders. However your device has a locked bootloader.
Click to expand...
Click to collapse
Thanks for the info!
What's weird though is that my friend has another MM (6.0.1) device but on SM-817V BP1 build and is able to encrypt and then factory reset to decrypt without an issue. And this device at least STARTED as decrypted, but it seems like once it's toggled to be encrypted even one time, it doesn't let you decrypt... ever.
Is there ANY way around this? For example, if I flash the stock OS, would that fix anything? I haven't seen an APJ1 SM-T818V ROM anywhere, but I can start asking around if this might help.
Thanks!
evrkusd said:
Thanks for the info!
What's weird though is that my friend has another MM (6.0.1) device but on SM-817V BP1 build and is able to encrypt and then factory reset to decrypt without an issue. And this device at least STARTED as decrypted, but it seems like once it's toggled to be encrypted even one time, it doesn't let you decrypt... ever.
Is there ANY way around this? For example, if I flash the stock OS, would that fix anything? I haven't seen an APJ1 SM-T818V ROM anywhere, but I can start asking around if this might help.
Thanks!
Click to expand...
Click to collapse
The T817 wasn't released with MM, so it wasn't shipped with encryption, it is optional.
Your device has always been shipped with encryption enabled by default.
ashyx said:
The T817 wasn't released with MM, so it wasn't shipped with encryption, it is optional.
Your device has always been shipped with encryption enabled by default.
Click to expand...
Click to collapse
Ok good to know. I'm seeing issues that I thought were related to encryption, but maybe not!
I will request the APJ1 OS in a different thread and see whether that clears things up.
Thanks again for the info.