Related
I'm wondering if anyone else who's encrypted their data partition as per the security settings on your HTC One if you've been able to access the partition in TWRP 2.8.0.2, I keep getting password fails.
fluxgfx said:
I'm wondering if anyone else who's encrypted their data partition as per the security settings on your HTC One if you've been able to access the partition in TWRP 2.8.0.2, I keep getting password fails.
Click to expand...
Click to collapse
From what I read recovery cant touch an encrypted partition at all. This is why you have to un encrypt the device before flashing a new rom. The main reason that the auto encryption will be disabled by default on custom roms once L release comes out.
zelendel said:
From what I read recovery cant touch an encrypted partition at all. This is why you have to un encrypt the device before flashing a new rom. The main reason that the auto encryption will be disabled by default on custom roms once L release comes out.
Click to expand...
Click to collapse
Interesting. Haven't read that anywhere at this time. Even if I wanted to decrypt the partition it wouldn't be possible. It's permanent on the HTC One M7. Decryption isn't available on 4.4.3, but that's ok. The only thing that's encrypted is the storage, which doesn't stop me from flashing a rom, kernel, images of any kind since most of the flashing I do, I never leave anything on the data partition.
I did read that HTC uses different crypto keys which aren't AOSP which means recovery suchs as TWRP or CWM won't decrypt. By reading other material on the subject it probably will be possible on future versions.
It's mild annoyance at the moment...
fluxgfx said:
I did read that HTC uses different crypto keys which aren't AOSP which means recovery suchs as TWRP or CWM won't decrypt. By reading other material on the subject it probably will be possible on future versions.
It's mild annoyance at the moment...
Click to expand...
Click to collapse
Couldnt say on Sense roms as I have not run a Sense based rom since back on WM 6.
zelendel said:
Couldnt say on Sense roms as I have not run a Sense based rom since back on WM 6.
Click to expand...
Click to collapse
Yeah apparently Sense roms are using a variation of the crypto keys. Which means TWRP standard decrypt keys with proper pwd might not work. Seems like something should be fixed at somepoint for this.
Will have to look into it more on L release or go back to an AOSP rom like CM11 or OmniROM, but that brings a whole can of others problems
I have had some issues with my phone since unlocking with sunshine. See separate thread http://forum.xda-developers.com/droid-turbo/help/help-bricked-xt1254-unlocking-to-t3279581 for description. I have a theory about this now and would like some opinions from folks with more experience.
I used device encryption on my Turbo before the OTA update to Lollipop. After encrypting the phone I would be prompted to enter my PIN to decrypt the data partition before the phone would boot, and then I'd have to enter the PIN again after boot to unlock it. After the OTA I no longer had to enter my PIN when booting the phone, but I would still have to enter it after boot to unlock. After the OTA the phone still reported that it was encrypted in the system security settings even though it didn't need a PIN to decrypt at boot time. That makes sense from what little I know because encrypting the device re-writes the data partition, and the OTA didn't touch the data partition and could not un-encrypt it. I was baffled by this, but I didn't want to factory reset and wipe the data partition to let me re-encrypt the phone.
So after the OTA, the data partition of my phone was still encrypted, but magically the phone was able to decrypt data and boot without my PIN. I don't know why. But one clue is that after unlocking and installing TWRP I looked at TWRP log and saw a log message saying something about decrypting with default PIN. Anyway, I never wiped data, but my phone somehow manages to boot. Re-flashing system and recovery caused problems at first, but now it seems to be back to the way it was. I haven't flashed a new ROM yet, but I expect that when I do I'll have to wipe data and that will get everything back to normal.
My question is has anyone else experimented with device encryption and is this behavior expected?
Thanks.
Not having to enter a PIN with the factory image was a bug I initially discovered, and reported, during the *initial* Android L SOAK test. Needless to say, they never fixed the bug (plus one of the Stagefright CVEs) during the second SOAK rollout. I reported it then, too. They did nothing. That second SOAK was the straw that broke the camel's back, for me. I will never participate in another.
As far as this bug goes, what I would do, is an FDR, and re-encrypt your device to wipe the key store and start over.
Sent from my DROID Turbo via Tapatalk. Now with that cyanogenmod goodness.
I got notifications that the SU4TL-49 OTA was ready to install on my phone, and I had read that if you try to install it with anything but stock recovery that you get into a boot loop. I figured it was a matter of time before I ended up accidentally installing the OTA upgrade and so decided to wipe my phone and go back to stock, and I would use that opportunity to re-encrypt the phone. It took me a couple of tries before I discovered that factory reset isn't enough to remove the encryption, and that I had to reformat the data partition. This took a few hours of going back and forth between reverting to stock, upgrading, rooting, configuring and starting over before I finally got it right, but eventually the phone said that it wasn't encrypted and gave me the option to encrypt. What a pain. After setting up all my apps for the third or fourth time I thought I was done. Whenever I rebooted I was prompted for my PIN before android booted. I even had to enter my PIN to run TWRP.
At least that's the way it was for a few hours. Now when I reboot it just starts up android with no password again. All the effort to un-encrypt and re-encrypt seems to have been a waste. Oh well, at least I avoided getting into boot loop hell.
Hopefully this unencrypting without requiring password/PIN thing gets fixed when (if) they come out with M for the turbo.
This just keeps getting better and better. I decided to flash the Unofficial CM13 ROM this afternoon just for fun. I got it all set up when I found that the GPS receiver wasn't working. Searching the thread I found a link to a flash-able radio image to fix that, and when I rebooted to TWRP it prompted me for a password to decrypt the data partition! Unfortunately it didn't like my PIN no matter how many times I entered it. I don't know if there's something about entering a numerical PIN on the qwerty keyboard, but it had worked earlier in the day before it stopped prompting for passwords. After a bunch of tries and reboots I gave up and downloaded a fastboot flashable version of the same. I've spent most of the day screwing around with this phone already and I'm not going to reformat the data partition again today for sure! Maybe it just needs a good night's sleep.
Astrobrewer said:
This just keeps getting better and better. I decided to flash the Unofficial CM13 ROM this afternoon just for fun. I got it all set up when I found that the GPS receiver wasn't working. Searching the thread I found a link to a flash-able radio image to fix that, and when I rebooted to TWRP it prompted me for a password to decrypt the data partition! Unfortunately it didn't like my PIN no matter how many times I entered it. I don't know if there's something about entering a numerical PIN on the qwerty keyboard, but it had worked earlier in the day before it stopped prompting for passwords. After a bunch of tries and reboots I gave up and downloaded a fastboot flashable version of the same. I've spent most of the day screwing around with this phone already and I'm not going to reformat the data partition again today for sure! Maybe it just needs a good night's sleep.
Click to expand...
Click to collapse
Encryption is totally broken on CM13. The issue is that our version of TWRP cannot decrypt it. I contacted the maintainer of TWRP for our device about this issue and he said that he tried to fix the issue, but he failed.
Also, official CM13 has been out for a while now for the Turbo. No need to go with the unofficial version.
Thanks for the info @TheSt33v, but I'm not sure that it's totally broken.
The strange thing is that I was using TWRP 3.0.2 just fine after encrypting phone while on stock ROM, and it worked for a while even after flashing CM13. Then it just stopped liking my PIN. But CM13 takes my PIN and decrypts data just fine. So my phone is usable for now, and the problem of it decrypting without asking for a PIN is solved for now. I just went to cyanogenmod and see that there's a CM13 recovery. Based on your post I'm guessing that's what is broken, so no point in flashing that. Oh well, at least my phone is secure.
Astrobrewer said:
Thanks for the info @TheSt33v, but I'm not sure that it's totally broken.
The strange thing is that I was using TWRP 3.0.2 just fine after encrypting phone while on stock ROM, and it worked for a while even after flashing CM13. Then it just stopped liking my PIN. But CM13 takes my PIN and decrypts data just fine. So my phone is usable for now, and the problem of it decrypting without asking for a PIN is solved for now. I just went to cyanogenmod and see that there's a CM13 recovery. Based on your post I'm guessing that's what is broken, so no point in flashing that. Oh well, at least my phone is secure.
Click to expand...
Click to collapse
Just FYI, our TWRP maintainer has fixed decryption. You can get the latest version here: https://www.androidfilehost.com/?w=files&flid=39562 (version 3.0.2-0 mod 02 as of this writing). I still had trouble decrypting a partition that was previously formatted using the stock recovery menu, but once I formatted the data partition using this version of TWRP and re-encrypted, it decrypted fine.
TheSt33v said:
Just FYI, our TWRP maintainer has fixed decryption...
Click to expand...
Click to collapse
Yes they have fixed it! I found TWRP Mod 2 over the weekend and saw from the change log that decryption was fixed. I flashed it and it works great. No problems decrypting my previously encrypted data partition since I flashed mod 2. The funny thing about it is that basic TWRP 3.0.2 (no mod) worked well enough for long enough for me to flash CM13, and it even seemed to work for a little while after that. But then it decided that it didn't know how to decrypt my phone anymore and I was stuck until Mod 2. I can't explain why it worked for a while and then stopped, but I'm very happy that mod 2 fixed it.
Thanks for your help and support. Sometimes I feel like I'm the only user who encrypts his phone. There don't seem to be a lot of threads about encryption/decryption issues.
Astrobrewer said:
Yes they have fixed it! I found TWRP Mod 2 over the weekend and saw from the change log that decryption was fixed. I flashed it and it works great. No problems decrypting my previously encrypted data partition since I flashed mod 2. The funny thing about it is that basic TWRP 3.0.2 (no mod) worked well enough for long enough for me to flash CM13, and it even seemed to work for a little while after that. But then it decided that it didn't know how to decrypt my phone anymore and I was stuck until Mod 2. I can't explain why it worked for a while and then stopped, but I'm very happy that mod 2 fixed it.
Thanks for your help and support. Sometimes I feel like I'm the only user who encrypts his phone. There don't seem to be a lot of threads about encryption/decryption issues.
Click to expand...
Click to collapse
Most people don't seem to think it's worth the impact that it has on performance.
I was worried about the performance hit too before I tried it. But I don't notice any real difference in performance. Of there is a hit it's too small for me to tell.
Sent from my DROID Turbo using XDA-Developers mobile app
Astrobrewer said:
I was worried about the performance hit too before I tried it. But I don't notice any real difference in performance. Of there is a hit it's too small for me to tell.
Sent from my DROID Turbo using XDA-Developers mobile app
Click to expand...
Click to collapse
This is a very interesting thread. I would like to encrypt so I can setup my work exchange email as its a requirement. Just to clarify what is the order to do this in? Currently I am running RR 6.01 but have run CF's 1.3.6 ROM most of the time as its awesome.
Can I encrypt using RR or do I need to switch back to CFs ROM or to stock Lollipop after installing the upgraded TWRP in place of the standard version I am running now?
thanks for the help and information.
oldidaho said:
This is a very interesting thread. I would like to encrypt so I can setup my work exchange email as its a requirement. Just to clarify what is the order to do this in? Currently I am running RR 6.01 but have run CF's 1.3.6 ROM most of the time as its awesome.
Can I encrypt using RR or do I need to switch back to CFs ROM or to stock Lollipop after installing the upgraded TWRP in place of the standard version I am running now?
thanks for the help and information.
Click to expand...
Click to collapse
You can encrypt on RR. Just make sure you're running TWRP version 3.0.2-0 mod 2: https://www.androidfilehost.com/?w=files&flid=39562
If encryption fails, you'll need to format your data partition (aka do a factory reset) using this version of TWRP. Then it will work.
TheSt33v said:
You can encrypt on RR. Just make sure you're running TWRP version 3.0.2-0 mod 2: https://www.androidfilehost.com/?w=files&flid=39562
If encryption fails, you'll need to format your data partition (aka do a factory reset) using this version of TWRP. Then it will work.
Click to expand...
Click to collapse
thanks so much for the clarification! Being encrypted, how does that affect installing future updates or restores? Can I still flash ROMS and other ZIPS from TWRP the same as now?
oldidaho said:
thanks so much for the clarification! Being encrypted, how does that affect installing future updates or restores? Can I still flash ROMS and other ZIPS from TWRP the same as now?
Click to expand...
Click to collapse
The only difference is that you'll have to enter your password/pin every time you boot twrp. Don't try to use a pattern lock. Everything else will be the same.
TheSt33v said:
The only difference is that you'll have to enter your password/pin every time you boot twrp. Don't try to use a pattern lock. Everything else will be the same.
Click to expand...
Click to collapse
thank you for the help! I was able to encrypt my RR MM install without having to wipe the data partition. It now prompts me to put my PIN in when booting up and when going into the modded version of TWRP. It then is able to decrypt the partition in TWRP so as you said just like before. Only difference is a little longer boot up time. Performance seems the same to me.
oldidaho said:
thank you for the help! I was able to encrypt my RR MM install without having to wipe the data partition. It now prompts me to put my PIN in when booting up and when going into the modded version of TWRP. It then is able to decrypt the partition in TWRP so as you said just like before. Only difference is a little longer boot up time. Performance seems the same to me.
Click to expand...
Click to collapse
Guess I spoke too soon. phone was working fine for a day. Yesterday at work I'm looking at my phone as it reboots on its own (just sitting there). I then get cant decrypt partition message. Cant do anything and it wont boot up into the OS WO giving this error. In TWRP still cant do anything because it cant decript the partition. So I formatted the data partition and started over. I had saved a recent backup to my PC so I was able to get back to that. Now running CFs latest instead of RR. I need my phone, cant take a chance on this happening again as I was instantly dead in the water. Just wont encrypt.
oldidaho said:
This is a very interesting thread. I would like to encrypt so I can setup my work exchange email as its a requirement. Just to clarify what is the order to do this in? Currently I am running RR 6.01 but have run CF's 1.3.6 ROM most of the time as its awesome.
Can I encrypt using RR or do I need to switch back to CFs ROM or to stock Lollipop after installing the upgraded TWRP in place of the standard version I am running now?
thanks for the help and information.
Click to expand...
Click to collapse
oldidaho said:
thank you for the help! I was able to encrypt my RR MM install without having to wipe the data partition. It now prompts me to put my PIN in when booting up and when going into the modded version of TWRP. It then is able to decrypt the partition in TWRP so as you said just like before. Only difference is a little longer boot up time. Performance seems the same to me.
Click to expand...
Click to collapse
oldidaho said:
Guess I spoke too soon. phone was working fine for a day. Yesterday at work I'm looking at my phone as it reboots on its own (just sitting there). I then get cant decrypt partition message. Cant do anything and it wont boot up into the OS WO giving this error. In TWRP still cant do anything because it cant decript the partition. So I formatted the data partition and started over. I had saved a recent backup to my PC so I was able to get back to that. Now running CFs latest instead of RRI need my phone, cant take a chance on this happening again as I was instantly dead in the water. Just wont encrypt.
Click to expand...
Click to collapse
Well, just as you used CM13 Marshmallow and RR Marshmallow just fine without encryption, not sure why you went to CF Lollipop instead of RR just because encryption didn't work. It just seems you were implying it's CM13 or RR at fault when you used them just fine before, and even now on CF you are NOT using encryption.
But it's your phone, so you can run what you want.
I do commend you for having a recent backup on your PC.
ChazzMatt said:
Well, just as you used CM13 and RR just fine without encryption, not sure why you went to CF instead of RR just because encryption didn't work. But it's your phone.
Just not sure why you are implying it's CM13 or RR at fault when you used them just fine before, and even now on CF you are NOT using encryption.
I do commend you for having a recent backup on your PC.
Click to expand...
Click to collapse
I should have clarified, I dont think RR had anything to do with my issue. I actually really liked RR, it has some great features, great performance and good battery life too. I just missed the Moto features in the stock and CFs ROMs.
oldidaho said:
I should have clarified, I dont think RR had anything to do with my issue. I actually really liked RR, it has some great features, great performance and good battery life too. I just missed the Moto features in the stock and CFs ROMs.
Click to expand...
Click to collapse
Strange. I've been using RR M encrypted for several weeks now with no issues. Oh well. If you're happy with modified stock, that's all that matters. You can encrypt that too if you like. I'm a big fan of the Moto features as well, and RR M has basically all of them built in besides Voice (chop chop flashlight was removed for a while, but it has been added back). Although I've never understood what Voice offers that Google Now does not.
Mystery solved!
Astrobrewer said:
... At least that's the way it was for a few hours. Now when I reboot it just starts up android with no password again. All the effort to un-encrypt and re-encrypt seems to have been a waste. Oh well, at least I avoided getting into boot loop hell.
Hopefully this unencrypting without requiring password/PIN thing gets fixed when (if) they come out with M for the turbo.
Click to expand...
Click to collapse
I have been running the CM13 ROM for the past few months and it's been great, but now that Verizon came out with official Marshmallow I decided to go back to a stock-based ROM again because I've been missing VOLTE. So I flashed ComputerFreak274_MM. After flashing and rooting I was back in the stupid state of the phone saying that it was encrypted but booting without a PIN. It seemed unreal that Moto/Verizon would have left this bug in MM too. So I reformatted data, re-flashed and rooted the ROM and tried encrypting. Then I discovered that it won't encrypt if it's rooted. So back to wiping, re-formatting and flashing again, but this time I am able to successfully encrypt before rooting. Success! Now root and start setting up the phone. Now I have to enter my PIN before it will boot into the system or into TWRP. Yay! By now it's 1:00am and I have to be at work early, so I let it sit overnight while my apps download. In the morning I flash SuperSU and notice that I wasn't prompted for a password to decrypt when I booted into TWRP and I wasn't prompted for password when booting system after flashing SuperSU. WTF!!! More time wasted. It seemed that stock ROMs just don't like encryption. :crying:
Anyway, after stewing about it all day I randomly chanced into the solution. In the Security settings menu there's an option under Encryption called "Secure start-up" which only becomes available when phone is encrypted. The Secure start-up options says:
"You can further protect this device by requiring your PIN before it starts up. Until the device starts up, it can't receive calls, messages, or notifications, including alarms. This helps protect data on lost or stolen devices."​Secure start-up defaults to disabled for some reason, and when it's disabled the phone automatically decrypts itself when it boots without requiring PIN entry. So you can encrypt your phone and still be totally unprotected. What a dumb-ass default!
But when I enable Secure start-up then encryption works the way it should -- with phone prompting for PIN before booting. Maybe I just didn't notice it, but I didn't see anything when I encrypted the phone saying to enable Secure start-up to actually protect the phone. I'm guessing that this option was there in Lollipop too; but who knew???
So I have, after some work and experimentation, got encryption to work with CM 13. However I have run into a problem, TWRP will not accept my password and decrypt my phone. My phone will boot fine, I have CM 13 working correctly, make calls, surf the web and so on. It also accepts my password to unlock the phone no issues. But TWRP will not, so I cannot flash Xposed or any other ROMs without going through the process of wiping, encrypting and reflashing. That is the other oddity, TWRP DID accept the password at first and let me flash the CM 13 mod originally. After that I got a message saying the phones info was corrupted, the password was correct but my phone could not unlock. I restarted it and the phone started like normal but now we have this issue. Any advice would be very much appreciated.
Sent from my DROID Turbo using XDA-Developers mobile app
You must be running TWRP 3.0.1.0
Flash TWRP 3.0.2.0 and your problem should he fixed
Actually I am on TWRP 3.0.2.0
Sent from my DROID Turbo using XDA-Developers mobile app
Any other suggestions for this situation?
Sent from my DROID Turbo using XDA-Developers mobile app
BEDickey said:
Any other suggestions for this situation?
Sent from my DROID Turbo using XDA-Developers mobile app
Click to expand...
Click to collapse
Re-flash TWRP 3.0.2.0? That update was specifically a fix for encryption issues. If reflashing doesn't work, then don't know.
I just tried to get encryption going on my Turbo with RR, and I got the same issue. I don't think it's a TWRP problem. I'll work on it some tonight and see if I can get it to work.
Yeah, it's some issue with RR. The latest TWRP decrypts the stock rom just fine. Weird.
I was not on RR, I was on CM 13. RR is a mod off of CM correct?
Sent from my DROID Turbo using XDA-Developers mobile app
BEDickey said:
I was not on RR, I was on CM 13. RR is a mod off of CM correct?
Sent from my DROID Turbo using XDA-Developers mobile app
Click to expand...
Click to collapse
Correct. So to be more precise, it's an issue with CM.
I read somewhere that with CM12.1 (and maybe CM13), it's necessary to set selinux to permissive before encrypting, but once you do that, you can just encrypt through the settings menu while running CM (no stock rom trickery required). My battery is too low to test this, but I'll definitely test it when I get home tonight.
Edit: Nope. Didn't work.
I'm determined to get this to work. I actually figured out how to get RR to encrypt on its own without having to go back to stock first, but TWRP still won't decrypt it. I've tried all TWRP versions available for quark. I'm going to try using CM recovery. If that doesn't work, I dunno what will. For what it's worth, google says that we're not the only ones having trouble decrypting CM13.
For those who are curious, you can get RR (and presumably CM13) to encrypt by first flashing the stock recovery menu and doing a factory reset. The reason this is necessary is that encryption requires the data partition to reserve about 16kb of data to be used during encryption. However, when TWRP formats the data partition, it includes all of the available space in the partition and leave nothing unallocated. The stock recovery menu knows better.
EDIT: CM recovery is totally useless. It doesn't even touch /data unless you're factory resetting. Welp, I'm out of ideas for now.
Well this sucks! Thanks for your work The St33v. It looks like this has to be edited at the top so it leaves that extra space needed. The TWRP code needs to be fixed imho.
BEDickey said:
Well this sucks! Thanks for your work The St33v. It looks like this has to be edited at the top so it leaves that extra space needed. The TWRP code needs to be fixed imho.
Click to expand...
Click to collapse
Yeah, I'm not really sure what the issue is at this point. According to my Googling, some devices running CM13 can decrypt with TWRP just fine, but many can't. That tells me that it's a device-specific issue, which means the TWRP maintainer for our device would need to fix it. Who knows though. I could be wrong.
I don't really feel like bothering him about it, but in case anyone else does, the TWRP guy for our device is none other than the legendary baybutcher27.
I tried to get a copy of the TWRP log, but it tries to save the log to /data/media. I don't imagine that actually happened since /data is still encrypted.
EDIT: Nevermind. The log file doesn't have any information that is different from what TWRP displays on the screen, and TWRP doesn't display anything that is helpful.
Different device (Zenfone 2/z00t), but I've been bouncing around forums looking for the same solution. Currently using Flashify to update CyanogenMod Recovery, then using the ADB sideload menu to flash the nightlies. Switching to TWRP every few nightlies to see if it's fixed. It's not an elegant solution, but encryption is pretty much a must.
NewDayRising said:
Different device (Zenfone 2/z00t), but I've been bouncing around forums looking for the same solution. Currently using Flashify to update CyanogenMod Recovery, then using the ADB sideload menu to flash the nightlies. Switching to TWRP every few nightlies to see if it's fixed. It's not an elegant solution, but encryption is pretty much a must.
Click to expand...
Click to collapse
I talked to the maintainer of our TWRP build, and he said that it would be something that he would have to figure out how to add, but he is working on it. Apparently, methods of encryption/decryption are specific to each device.
Right. And since I'm still running nightlies with no snapshot as of yet for my device, I'll deal with the workaround till it's sorted, or file a bug report when a stable release/snapshot is available. Thankfully ADB sideload is an option till then. Thanks for the info about the issue being specific to each device.
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
mad-murdock said:
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
Click to expand...
Click to collapse
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
ram4ufriends said:
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
Click to expand...
Click to collapse
When am I not fine? Protection only triggers if kernel is exchanged?
It's not that I don't want to flash it, but I am eager to know.
*bump* - trying a last time, to see if anyone knows details
The whole point of dm verity is to make sure phone is not rooted or modified in any way that could compromise app security, luckily it doesn't work quite 100% as we can still root without triggering it, even though it should.
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
mad-murdock said:
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
Click to expand...
Click to collapse
It's my understanding that SuperSU applies the dm-verity patch when it's installed.
napetost said:
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
Click to expand...
Click to collapse
flash TWRP 3.0.3-1-beta1 and try again
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
napetost said:
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
Click to expand...
Click to collapse
That's one way. Using the TWRP beta is another. It's in the TWRP post, page 55, bottom. Post 550. Actually the last few pages of that post discuss this issue right now. Might be worth reading.
Hi guys,
I tried a couple of years ago disabling encryption on my Nexus 6 and the performance was great, but as updates were released it turned out to be a pain to keep up always having to manually update the phone. My nexus 6 now is crawling and I'm thinking about trying to disable encryption. I could not find any sort of reports if it can be done on 7.1.1
Has anyone tried? Is there any guide? Thanks!
Mephisto_POA said:
Hi guys,
I tried a couple of years ago disabling encryption on my Nexus 6 and the performance was great, but as updates were released it turned out to be a pain to keep up always having to manually update the phone. My nexus 6 now is crawling and I'm thinking about trying to disable encryption. I could not find any sort of reports if it can be done on 7.1.1
Has anyone tried? Is there any guide? Thanks!
Click to expand...
Click to collapse
It's no different. If your bootloader is not unlocked, unlocking it will wipe the user data partition. If the bootloader is already unlocked, you'll need to wipe the user data partition.
*IN EITHER CASE YOU WILL LOSE YOUR DATA. DO A BACKUP FIRST
Then flash a ROM with an included kernel that doesn't force encrypt. Or, just flash a kernel that doesn't force encrypt.
Now that I've answered your question, IMHO, it's not worth the effort. If your phone is crawling, do a factory reset. On a stock ROM, go to Settings > Backup & Reset and make sure you have your Google backup settings enabled. Use the Factory Data Reset button to actually reset. READ through the information and confirm. This will cause your phone to reboot with a wiped system partition.
If your on a custom ROM I'm going to assume you know how to wipe through recovery.
ktmom said:
...., IMHO, it's not worth the effort. If your phone is crawling, do a factory reset.....
Click to expand...
Click to collapse
My 7.1.1 uses the lite stock rom of Danvdh.
I think you're right about the hassle. Only decrypting is not enough. But debloating and removing unused stuff and decrypting the data partition did raise performance on my N6.
Yeah, I know it is a bit of a hassle, but considering there will be no more updates after 7.1.1 it should be a once only process right? Is possible to disable encryption on 7.1.1. without rooting?
I'm happy to unlock the bootloader and wipe the phone, not a problem.
Mephisto_POA said:
Yeah, I know it is a bit of a hassle, but considering there will be no more updates....
Click to expand...
Click to collapse
Don;t forget the monthly security updates.
I am using the lite stock room of Danvdh. It's a pre-rooted stock room.
But I think updates can be dirty flashed because the system, radio and bootloader will not change anymore.
So root and install TWRP to flash the updates
the problem with rooting is that many apps will not work, I'm cool staying without root and vanilla android, I just want to get rid of the encryption
Mephisto_POA said:
the problem with rooting is that many apps will not work, I'm cool staying without root and vanilla android, I just want to get rid of the encryption
Click to expand...
Click to collapse
In that case the post of @ktmom is applicable.
I am on 7.1.1 and have used the fed patcher mentioned on this site and it has worked nicely on custom and stock ROMs. But u have to be rooted.
NLBeev said:
In that case the post of @ktmom is applicable.
Click to expand...
Click to collapse
I'm a bit illiterate in this aspect, apologies. but I could not find a vanilla android for nexus 6 with just encryption disabled and no root. I would really appreciate if you could give me some directions?
The NEXUS 6 ANDROID DEVELOPMENT and NEXUS 6 ORIGINAL ANDROID DEVELOPMENT seems both to have only modified versions. I'm a bit confused
Mephisto_POA said:
I'm a bit illiterate in this aspect, apologies. but I could not find a vanilla android for nexus 6 with just encryption disabled and no root. I would really appreciate if you could give me some directions?
The NEXUS 6 ANDROID DEVELOPMENT and NEXUS 6 ORIGINAL ANDROID DEVELOPMENT seems both to have only modified versions. I'm a bit confused
Click to expand...
Click to collapse
Plain vanilla unencrypted would be google factory image plus a non forced enforcing kernel. B14CKB1RD, Franco there are others.
Custom ROM that is close to vanilla but comes with a non forced encrypting kernel would be Pure Nexus.
Mephisto_POA said:
I would really appreciate if you could give me some directions?
Click to expand...
Click to collapse
I have only one direction for you and that's the lite stock rom of Danvdh.
The kernel is the modified part. (no forced encryption).
After flashing this rom, you can unroot by uninstalling supersu.
https://forum.xda-developers.com/showthread.php?p=59561445/
NLBeev said:
I have only one direction for you and that's the lite stock rom of Danvdh.
The kernel is the modified part. (no forced encryption).
After flashing this rom, you can unroot by uninstalling supersu.
https://forum.xda-developers.com/showthread.php?p=59561445/
Click to expand...
Click to collapse
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
saltyzip said:
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
Click to expand...
Click to collapse
That was an answer to a different question.
The ROM you installed I believe has a non-force encrypting kernel. But just installing a non-force encrypting kernel isn't enough. You need to wipe user data and install a kernel that doesn't force encrypt.
Please read back a page to two for the whole recent conversation that has more details, like the fact that you'll lose all of your data in this process.
saltyzip said:
Hi, I also want to remove encryption from my Nexus 6 Stock as it is a stuttering mess.
I have rooted and installed the stock rom of Danvdh, but to my disappointment on boot up the phone is still showing as encrypted.
Have I done something wrong?
Click to expand...
Click to collapse
Got it working, just followed this:
Just because forced encryption is disabled doesn't mean it decrypts you. You have to do that yourself by formatting data either through TWRP (TWRP > Wipe > Format Data button) or through fastboot (fastboot format userdata), which will wipe out your app data and your internal storage partition so make the appropriate backups.
saltyzip said:
Got it working, just followed this:
Click to expand...
Click to collapse
You going to take credit, you should at least use your own words ?
I've gone with your guys suggestion with stock lite, working like a charm, very snappy. The phone feels indeed light, and multitasking is way smoother now, thanks!!!
just on a side note, after you install the rom you need to wipe the data partition to get rid of the encryption
Installed twrp on bn Nexus 6 os 5.1 OTA for 7.1.1 encrypted it
No clue how to fix this I'm a noob unlocked bootloader unencrypted Android 5 then it OTA updated to 7.1.1 and now can't get to twrp to wipe encryption how can I get this going again phones working just can't use cable to computer have the SD card reader micro SD any help would be appreciated
kudabee61 said:
...just can't use cable to computer...
Click to expand...
Click to collapse
Get your phone's USB port fixed, then you can fix the ROM issue.