Related
I'm wondering if anyone else who's encrypted their data partition as per the security settings on your HTC One if you've been able to access the partition in TWRP 2.8.0.2, I keep getting password fails.
fluxgfx said:
I'm wondering if anyone else who's encrypted their data partition as per the security settings on your HTC One if you've been able to access the partition in TWRP 2.8.0.2, I keep getting password fails.
Click to expand...
Click to collapse
From what I read recovery cant touch an encrypted partition at all. This is why you have to un encrypt the device before flashing a new rom. The main reason that the auto encryption will be disabled by default on custom roms once L release comes out.
zelendel said:
From what I read recovery cant touch an encrypted partition at all. This is why you have to un encrypt the device before flashing a new rom. The main reason that the auto encryption will be disabled by default on custom roms once L release comes out.
Click to expand...
Click to collapse
Interesting. Haven't read that anywhere at this time. Even if I wanted to decrypt the partition it wouldn't be possible. It's permanent on the HTC One M7. Decryption isn't available on 4.4.3, but that's ok. The only thing that's encrypted is the storage, which doesn't stop me from flashing a rom, kernel, images of any kind since most of the flashing I do, I never leave anything on the data partition.
I did read that HTC uses different crypto keys which aren't AOSP which means recovery suchs as TWRP or CWM won't decrypt. By reading other material on the subject it probably will be possible on future versions.
It's mild annoyance at the moment...
fluxgfx said:
I did read that HTC uses different crypto keys which aren't AOSP which means recovery suchs as TWRP or CWM won't decrypt. By reading other material on the subject it probably will be possible on future versions.
It's mild annoyance at the moment...
Click to expand...
Click to collapse
Couldnt say on Sense roms as I have not run a Sense based rom since back on WM 6.
zelendel said:
Couldnt say on Sense roms as I have not run a Sense based rom since back on WM 6.
Click to expand...
Click to collapse
Yeah apparently Sense roms are using a variation of the crypto keys. Which means TWRP standard decrypt keys with proper pwd might not work. Seems like something should be fixed at somepoint for this.
Will have to look into it more on L release or go back to an AOSP rom like CM11 or OmniROM, but that brings a whole can of others problems
I'm just curious about the whole encryption / decryption thing. If I have not decrypted my phone, am I able to flash a 'decrypted' ROM? What would happen? I'm running Temasek's 5.0.2 right now which does not 'force encryption' but I'm assuming that's for people who have already taken the steps to decrypt their phone so it doesn't re-encrypt their phone automatically.
Thanks in advance!
*I apologize if this is a dumb question, but I was unable to Google this without getting a lot of unrelated information.
A decrypted ROM is the same as a ROM that doesn't force encryption. Actually it's not he ROM, its the kernel. You can still manually encrypt if the kernel doesn't force encrypt so it should work if your data is encrypted.
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
mad-murdock said:
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
Click to expand...
Click to collapse
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
ram4ufriends said:
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
Click to expand...
Click to collapse
When am I not fine? Protection only triggers if kernel is exchanged?
It's not that I don't want to flash it, but I am eager to know.
*bump* - trying a last time, to see if anyone knows details
The whole point of dm verity is to make sure phone is not rooted or modified in any way that could compromise app security, luckily it doesn't work quite 100% as we can still root without triggering it, even though it should.
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
mad-murdock said:
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
Click to expand...
Click to collapse
It's my understanding that SuperSU applies the dm-verity patch when it's installed.
napetost said:
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
Click to expand...
Click to collapse
flash TWRP 3.0.3-1-beta1 and try again
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
napetost said:
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
Click to expand...
Click to collapse
That's one way. Using the TWRP beta is another. It's in the TWRP post, page 55, bottom. Post 550. Actually the last few pages of that post discuss this issue right now. Might be worth reading.
Hi guys,
I tried a couple of years ago disabling encryption on my Nexus 6 and the performance was great, but as updates were released it turned out to be a pain to keep up always having to manually update the phone. My nexus 6 now is crawling and I'm thinking about trying to disable encryption. I could not find any sort of reports if it can be done on 7.1.1
Has anyone tried? Is there any guide? Thanks!
Mephisto_POA said:
Hi guys,
I tried a couple of years ago disabling encryption on my Nexus 6 and the performance was great, but as updates were released it turned out to be a pain to keep up always having to manually update the phone. My nexus 6 now is crawling and I'm thinking about trying to disable encryption. I could not find any sort of reports if it can be done on 7.1.1
Has anyone tried? Is there any guide? Thanks!
Click to expand...
Click to collapse
It's no different. If your bootloader is not unlocked, unlocking it will wipe the user data partition. If the bootloader is already unlocked, you'll need to wipe the user data partition.
*IN EITHER CASE YOU WILL LOSE YOUR DATA. DO A BACKUP FIRST
Then flash a ROM with an included kernel that doesn't force encrypt. Or, just flash a kernel that doesn't force encrypt.
Now that I've answered your question, IMHO, it's not worth the effort. If your phone is crawling, do a factory reset. On a stock ROM, go to Settings > Backup & Reset and make sure you have your Google backup settings enabled. Use the Factory Data Reset button to actually reset. READ through the information and confirm. This will cause your phone to reboot with a wiped system partition.
If your on a custom ROM I'm going to assume you know how to wipe through recovery.
ktmom said:
...., IMHO, it's not worth the effort. If your phone is crawling, do a factory reset.....
Click to expand...
Click to collapse
My 7.1.1 uses the lite stock rom of Danvdh.
I think you're right about the hassle. Only decrypting is not enough. But debloating and removing unused stuff and decrypting the data partition did raise performance on my N6.
Yeah, I know it is a bit of a hassle, but considering there will be no more updates after 7.1.1 it should be a once only process right? Is possible to disable encryption on 7.1.1. without rooting?
I'm happy to unlock the bootloader and wipe the phone, not a problem.
Mephisto_POA said:
Yeah, I know it is a bit of a hassle, but considering there will be no more updates....
Click to expand...
Click to collapse
Don;t forget the monthly security updates.
I am using the lite stock room of Danvdh. It's a pre-rooted stock room.
But I think updates can be dirty flashed because the system, radio and bootloader will not change anymore.
So root and install TWRP to flash the updates
the problem with rooting is that many apps will not work, I'm cool staying without root and vanilla android, I just want to get rid of the encryption
Mephisto_POA said:
the problem with rooting is that many apps will not work, I'm cool staying without root and vanilla android, I just want to get rid of the encryption
Click to expand...
Click to collapse
In that case the post of @ktmom is applicable.
I am on 7.1.1 and have used the fed patcher mentioned on this site and it has worked nicely on custom and stock ROMs. But u have to be rooted.
NLBeev said:
In that case the post of @ktmom is applicable.
Click to expand...
Click to collapse
I'm a bit illiterate in this aspect, apologies. but I could not find a vanilla android for nexus 6 with just encryption disabled and no root. I would really appreciate if you could give me some directions?
The NEXUS 6 ANDROID DEVELOPMENT and NEXUS 6 ORIGINAL ANDROID DEVELOPMENT seems both to have only modified versions. I'm a bit confused
Mephisto_POA said:
I'm a bit illiterate in this aspect, apologies. but I could not find a vanilla android for nexus 6 with just encryption disabled and no root. I would really appreciate if you could give me some directions?
The NEXUS 6 ANDROID DEVELOPMENT and NEXUS 6 ORIGINAL ANDROID DEVELOPMENT seems both to have only modified versions. I'm a bit confused
Click to expand...
Click to collapse
Plain vanilla unencrypted would be google factory image plus a non forced enforcing kernel. B14CKB1RD, Franco there are others.
Custom ROM that is close to vanilla but comes with a non forced encrypting kernel would be Pure Nexus.
Mephisto_POA said:
I would really appreciate if you could give me some directions?
Click to expand...
Click to collapse
I have only one direction for you and that's the lite stock rom of Danvdh.
The kernel is the modified part. (no forced encryption).
After flashing this rom, you can unroot by uninstalling supersu.
https://forum.xda-developers.com/showthread.php?p=59561445/
NLBeev said:
I have only one direction for you and that's the lite stock rom of Danvdh.
The kernel is the modified part. (no forced encryption).
After flashing this rom, you can unroot by uninstalling supersu.
https://forum.xda-developers.com/showthread.php?p=59561445/
Click to expand...
Click to collapse
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
saltyzip said:
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
Click to expand...
Click to collapse
That was an answer to a different question.
The ROM you installed I believe has a non-force encrypting kernel. But just installing a non-force encrypting kernel isn't enough. You need to wipe user data and install a kernel that doesn't force encrypt.
Please read back a page to two for the whole recent conversation that has more details, like the fact that you'll lose all of your data in this process.
saltyzip said:
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
Click to expand...
Click to collapse
Got it working, just followed this:
Just because forced encryption is disabled doesn't mean it decrypts you. You have to do that yourself by formatting data either through TWRP (TWRP > Wipe > Format Data button) or through fastboot (fastboot format userdata), which will wipe out your app data and your internal storage partition so make the appropriate backups.
saltyzip said:
Got it working, just followed this:
Click to expand...
Click to collapse
You going to take credit, you should at least use your own words ?
I've gone with your guys suggestion with stock lite, working like a charm, very snappy. The phone feels indeed light, and multitasking is way smoother now, thanks!!!
just on a side note, after you install the rom you need to wipe the data partition to get rid of the encryption
Installed twrp on bn Nexus 6 os 5.1 OTA for 7.1.1 encrypted it
No clue how to fix this I'm a noob unlocked bootloader unencrypted Android 5 then it OTA updated to 7.1.1 and now can't get to twrp to wipe encryption how can I get this going again phones working just can't use cable to computer have the SD card reader micro SD any help would be appreciated
kudabee61 said:
...just can't use cable to computer...
Click to expand...
Click to collapse
Get your phone's USB port fixed, then you can fix the ROM issue.
The question probably sounds stupid but after almost a year of just forgetting about using root or unlocking bootlader i forgot many things.
I remember i used to have a mi 9 with encryption on and everytime i open twrp you will need to decrypt the data.
Now with the MI 9T Pro i had to format data in order to boot into Evolution X ROM that of course left me with a decrypted phone and i dont really like it in case my phone gets stole or something.
Do you guys know if i can use the option inside teh ROM to encrypt and what else i wuld need to do?
Thanks in advance to whoever takes the time to respond
PriPhaze said:
The question probably sounds stupid but after almost a year of just forgetting about using root or unlocking bootlader i forgot many things.
I remember i used to have a mi 9 with encryption on and everytime i open twrp you will need to decrypt the data.
Now with the MI 9T Pro i had to format data in order to boot into Evolution X ROM that of course left me with a decrypted phone and i dont really like it in case my phone gets stole or something.
Do you guys know if i can use the option inside teh ROM to encrypt and what else i wuld need to do?
Thanks in advance to whoever takes the time to respond
Click to expand...
Click to collapse
If all you did was format data, then encryption is still enabled. As soon as you setup lock-screen security, i.e. PIN, password, pattern, etc., for the first time your phone will automatically be encrypted.
Robbo.5000 said:
If all you did was format data, then encryption is still enabled. As soon as you setup lock-screen security, i.e. PIN, password, pattern, etc., for the first time your phone will automatically be encrypted.
Click to expand...
Click to collapse
No I couldn't boot until I flashed the DM verity.
So the encryption is now gone, but do you know if I can encrypt and then flash DM verity again with the force encryption on?.
PriPhaze said:
No I couldn't boot until I flashed the DM verity.
So the encryption is now gone, but do you know if I can encrypt and then glad DM verity again with the force encryption on?.
Click to expand...
Click to collapse
Ordinarily you shouldn't need to flash dm-verity. And as far as I'm aware, there is still no need to.
Normally it's just a case of formatting data to temporarily remove encryption, if flashing over MIUI.
As to your specific question, I couldn't say, as I've never needed to flash a dm-verity, disable force encrypt, or vbmeta file/script.
Personally, I would flash the latest fastboot MIUI ROM for the phone, then reinstall EvoX.
Before installing the ROM, in TWRP do the factory reset and then format data (There is no need to wipe anything else). Then reboot into TWRP to ensure the newly formatted data partition is properly mounted and flash as normal.
This has worked for me every time.
Yeah, some roms aren't booting without dfe.
to remove decrypt you can just wipe vendor and flash it again. you'll get encrypted. (however, some users confirm it puts them back into recovery, and they needed to reflash vendor+dfe for them.) Currently investigating if this is a RIN or RCN problem or for every device.
alternatively. If you are scared about having your device stolen. May I suggest you stay decrypted. Use ofox. and under ofox settings add a recovery password?
In the event you get stolen, they won't be able to access your recovery.
also, I'm looking for someone to test if wiping the data partition and not flashing dfe (after a rom has booted for the first time) and rebooting causes encyrption. (as you desired.) If you're willing to test. Try the above 3 methods?
Sandeeep Kiran said:
Yeah, some roms aren't booting without dfe.
to remove decrypt you can just wipe vendor and flash it again. you'll get encrypted. (however, some users confirm it puts them back into recovery, and they needed to reflash vendor+dfe for them.) Currently investigating if this is a RIN or RCN problem or for every device.
alternatively. If you are scared about having your device stolen. May I suggest you stay decrypted. Use ofox. and under ofox settings add a recovery password?
In the event you get stolen, they won't be able to access your recovery.
also, I'm looking for someone to test if wiping the data partition and not flashing dfe (after a rom has booted for the first time) and rebooting causes encyrption. (as you desired.) If you're willing to test. Try the above 3 methods?
Click to expand...
Click to collapse
BS. There is zero 'need' to flash dfe scripts. People are not formatting data when they need to, then when they cannot boot into a newly flashed ROM, they search and find solutions telling them to format data and flash dfe scripts. The thing is, people do not realise that it is the formatting data that fixes the problem, and they believe it is the dfe patch that is the fix. In all these cases formatting data alone would have been enough to fix the problem.
Also Orange Fox is only preferential if you stay with MIUI, as it's extra features are all about working with MIUI. If you are going with an AOSP ROM, stick with mauronofrio's latest TWRP, it is by far the best recovery for this phone.
As far as your 'test' is concerned, twice I have had bootloops after flashing a ROM, that have been fixed by formatting data alone.
The first time was when I first flashed an AOSP based ROM over MIUI before knowing that formatting data was required in this scenario. The second time was flashing AOSiP over LOS, when I still thought that going from one AOSP ROM to another never needed to format data when flashing.
Robbo.5000 said:
BS. There is zero 'need' to flash dfe scripts. People are not formatting data when they need to, then when they cannot boot into a newly flashed ROM, they search and find solutions telling them to format data and flash dfe scripts. The thing is, people do not realise that it is the formatting data that fixes the problem, and they believe it is the dfe patch that is the fix. In all these cases formatting data alone would have been enough to fix the problem.
Also Orange Fox is only preferential if you stay with MIUI, as it's extra features are all about working with MIUI. If you are going with an AOSP ROM, stick with mauronofrio's latest TWRP, it is by far the best recovery for this phone.
As far as your 'test' is concerned, twice I have had bootloops after flashing a ROM, that have been fixed by formatting data alone.
The first time was when I first flashed an AOSP based ROM over MIUI before knowing that formatting data was required in this scenario. The second time was flashing AOSiP over LOS, when I still thought that going from one AOSP ROM to another never needed to format data when flashing.
Click to expand...
Click to collapse
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.
Sandeeep Kiran said:
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.
Click to expand...
Click to collapse
Numerous cases? Who's we? What roms on what devices need dfe then? Only seen 2 roms ask for dfe, everything else it's as easy as 'going to and from miui, format data and reboot recovery' works every single time.
Sandeeep Kiran said:
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.
Click to expand...
Click to collapse
Try this next time you see somebody saying they have tried may things and always get bootloops when trying to flash an AOSP ROM and you want to advise them to flash dfe.
Instead tell them to flash the latest MIUI fastboot ROM for their device, then install TWRP, in TWRP do a factory reset followed by format data, then reboot into TWRP and flash the ROM.
I bet they will come back and tell you it worked.
Again there should be zero need to flash dfe scripts.
If there are any AOSP ROMs out there that genuinely won't boot without flashing dfe (and here I'm talking about all users of such ROM), then the dev had done something stupid and everyone should seriously avoid the ROM.
At least half of the 50+ ROMs are no longer actively maintained.
The vast majority of Orange Fox extra features are specific to MIUI and so are redundant for AOSP ROMs. Mauronifrio's latest TWRP is the most stable for this phone, so if you're going with AOSP ROMs then the extra stability makes most sense.
I've been aware that mauronifrio does not own this phone ever since his initial build. I was also aware back then that he is also an official TWRP maintainer for other devices and so would mostly likely become the maintainer of the official version for this phone, which has now happened. If you go to the official TWRP site and download for this phone, it is by mauronifrio. You can also download the official version from the OP of his TWRP thread.
I would suggest that in most cases, people getting error 7 issues are not on the latest mauronofrio TWRP build.
Are you aware that all these different recoveries are just TWRP with a fancy dress. This is the great thing about TWRP. It was designed to be extensible, to allow others to build on it, in terms of functionality and design. So really there is only TWRP, just many different flavours.