Hello all.
I always keep a pass code on my phone and use smart devices and locations to keep it unlocked in trusted places. I am thinking of turning on encryption to keep the data secure if the phone is ever truly lost.
I am running CF's rom on an unlocked bootloader. If I backup in TWRP and store that backup on my PC, what would be the best method of restoring it if I find the encryption to be too much of a burden?
Also, is the recovery partition encrypted when this is done? If so, how would I actually factory reset to remove the encryption before a restore?
Thanks!
I'm not an expert on using encryption on an unlocked bootloader, but from what little I've read and tried, it can be tricky. I am also using CF's rom, and whenever I try to encrypt the device, the screen goes black and won't respond until I hold down the power button for a pretty long time. I've read that you need to be on a 100% stock rom if you want to encrypt the device, and then after that you can modify it as you please. The recovery partition is not encrypted. That's about all I know.
I have always had my device encrypted. I can't recall a single issue. BL unlocked. CF 1.2.7.
Wynnded said:
I have always had my device encrypted. I can't recall a single issue. BL unlocked. CF 1.2.7.
Click to expand...
Click to collapse
Had you encrypted before installing the rom then?
Coronado is dead said:
Had you encrypted before installing the rom then?
Click to expand...
Click to collapse
I don't recall precisely, but I strongly suspect so.
I was bored, so I reflashed the stock rom and encrypted the phone. Took only a few minutes. I don't really see what the point is though, since it doesn't ask for a password at boot like it's supposed to.
Also, as long as you have TWRP installed, anyone who is even slightly knowledgeable can have 100% access to all of your files, no password required.
TheSt33v said:
I was bored, so I reflashed the stock rom and encrypted the phone. Took only a few minutes. I don't really see what the point is though, since it doesn't ask for a password at boot like it's supposed to.
Also, as long as you have TWRP installed, anyone who is even slightly knowledgeable can have 100% access to all of your files, no password required.
Click to expand...
Click to collapse
Interesting....mine requires a PW at boot....
Additionally, I have to type my PW when booting into TWRP.
Wynnded said:
Interesting....mine requires a PW at boot....
Additionally, I have to type my PW when booting into TWRP.
Click to expand...
Click to collapse
Oops. I figured it out. No lock screen password, no boot password.
It appears you have had success where others have not. Were you successful in having TWRP decrypt your data, in order to load CF's ROM?
I've downgraded to 4.4.4 stock, encrypted the phone, loaded TWRP through ADB, and cannot get TWRP to decrypt, no matter the password I use.
Any help would be appreciated.
can you give downgraded 4.4.4 file for my turbo
P_6 said:
It appears you have had success where others have not. Were you successful in having TWRP decrypt your data, in order to load CF's ROM?
I've downgraded to 4.4.4 stock, encrypted the phone, loaded TWRP through ADB, and cannot get TWRP to decrypt, no matter the password I use.
Any help would be appreciated.
Click to expand...
Click to collapse
Yes, I was. See this thread for details: http://forum.xda-developers.com/droid-turbo/help/cm-encryption-t3263971/page3
---------- Post added at 10:43 AM ---------- Previous post was at 10:42 AM ----------
fidi7861 said:
can you give downgraded 4.4.4 file for my turbo
Click to expand...
Click to collapse
http://rootjunkysdl.com/getdownload.php?file=Droid Turbo/Firmware/VRZ_XT1254_SU2-12_12_CFC.xml.zip
Related
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Larzzzz82 said:
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Click to expand...
Click to collapse
mines encrypted, and mine doesn't have an unlock code, as i didnt set one up. how do you know your device in unencrypted? or are you just assuming it is? you have to format your data before ypu can decrypt it btw. if you gobinto your main settings, security, itll tell you if your phone is encrypted or decrypted.
I looked in the settings/security and saw this... If I'm reading this correctly, the phone is no longer encrypted.
Larzzzz82 said:
I looked in the settings/security and saw this... If I'm reading this correctly, the phone is no longer encrypted.
Click to expand...
Click to collapse
yup, looks like its decrypted. as heres my encryoted n6..
and how does a phone decrypt itself?
Larzzzz82 said:
and how does a phone decrypt itself?
Click to expand...
Click to collapse
good question! maybe a derp somewhere.. have you rebooted since?
I did reboot because chrome and messaging would not open up. The icon would get a white halo around them yet nothing would happen. Upon rebooting I was not asked for my pattern lock before Android fully booted
Larzzzz82 said:
I did reboot because chrome and messaging would not open up. The icon would get a white halo around them yet nothing would happen. Upon rebooting I was not asked for my pattern lock before Android fully booted
Click to expand...
Click to collapse
did u factory reset the phone from recovery?
Nikos2k said:
did u factory reset the phone from recovery?
Click to expand...
Click to collapse
Through twrp, yes, last night. Just what was recommended. I did not do anything in the advanced settings
Larzzzz82 said:
Through twrp, yes, last night. Just what was recommended. I did not do anything in the advanced settings
Click to expand...
Click to collapse
The reset probably disabled the encryption
Re-encrypt it through Security settings
Nikos2k said:
The reset probably disabled the encryption
Re-encrypt it through Security settings
Click to expand...
Click to collapse
The phone was decrypted before I reset. It was never decrypted to begin with until yesterday when I was having issues with a couple of apps. I rebooted and I decided to check if it was because it didn't ask for my pattern lock as it used to when booting up.
Larzzzz82 said:
The phone was decrypted before I reset. It was never decrypted to begin with until yesterday when I was having issues with a couple of apps. I rebooted and I decided to check if it was because it didn't ask for my pattern lock as it used to when booting up.
Click to expand...
Click to collapse
As far as I know, there is no way to decrypt the contents of an encrypted nexus6 (which is not the same as disabling encryption, as an actual decryption of the device would preserve the contents of the device)
Since you now have an unencrypted device, the contents of your device must have been erased during the disabling of the encryption
Nikos2k said:
Since you now have an unencrypted device, the contents of your device must have been erased during the disabling of the encryption
Click to expand...
Click to collapse
No, they weren't. Everything was intact.
Larzzzz82 said:
No, they weren't. Everything was intact.
Click to expand...
Click to collapse
I don't think that android5 has a function to decrypt the whole content of the device.
In this page about how encryption works its says "New Android 5.0 devices encrypted at first boot cannot be returned to an unencrypted state."
And obviously it should be so.
Anyway, maybe it's better that you factory reset the device and encrypt it afterwards so that you set a pin yourserf
(android5 devices are encrypted on first boot, and there is no password)
When you had the pattern security option set, did TWRP ask for any password?
And if yes, how did you input the pattern?
TWRP does not ask me for a password. I broke the seal on the box of this phone came in. It was set up before I had a sim card in it.the phone was encrypted. I did look within the first week or two of my owning it. aside from unlocking, rooting, and a couple of mods, it is stock. I am NOT using a custom ROM. I have installed faux kernel within the last couple of weeks and the request for a pattern unlock in the middle of booting Android remained until the other day. To say I am perplexed as an understatement.
Larzzzz82 said:
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Click to expand...
Click to collapse
When did you install the kernel and had you done a TWRP factory wipe prior to the install?
Your post made me double check my phone - I am now unencrypted
Earlier this week I had had done a TWRP (2.8.4.0) factory wipe to do a clean install of CleanROM 1.4 and I think TWRP did a full decrypt wipe without me wanting to do so when it was supposed to do a simple reset
SP_Kenny said:
When did you install the kernel and had you done a TWRP factory wipe prior to the install?
Your post made me double check my phone - I am now unencrypted
Earlier this week I had had done a TWRP (2.8.4.0) factory wipe to do a clean install of CleanROM 1.4 and I think TWRP did a full decrypt wipe without me wanting to do so when it was supposed to do a simple reset
Click to expand...
Click to collapse
The factory wipe in TWRP, besides wiping everything, it disabled the forced encryption, so you have to select encrypt yourself if you want it to be encrypted.
And "CleanROM is decrypted by default. This means if you are encrypted or are decrypted you will stay that way! It wont change you crypto settings!"
---------- Post added at 02:27 AM ---------- Previous post was at 02:24 AM ----------
Larzzzz82 said:
TWRP does not ask me for a password. I broke the seal on the box of this phone came in. It was set up before I had a sim card in it.the phone was encrypted. I did look within the first week or two of my owning it. aside from unlocking, rooting, and a couple of mods, it is stock. I am NOT using a custom ROM. I have installed faux kernel within the last couple of weeks and the request for a pattern unlock in the middle of booting Android remained until the other day. To say I am perplexed as an understatement.
Click to expand...
Click to collapse
Anyway, you can encrypt it yourself, but if you select a pattern instead of pin/password in the security settings, i do not think that you will be able to access the data in TWRP as it seems there is no way to input the pattern in TWRP
So b4 entering recovery, u will have to change the security setting
In the past when I had done a factory rest / wipe via TWRP it had not changed my encryption. This only happened with the current version and gave no indication that it was going to be in an unencrypted state
Sent from my Nexus 6 using XDA Free mobile app
I like my security so I guess I'll just leave my device encrypted. I believe if I decrypted, it wouldn't really make it that much faster than this?
Apologies if this was suggested further in the thread, and that I'm replying to an old post. But I recently had this problem and figured out a solution.
- Accessibility was enabled and for some reason this cached the boot password. So- when I removed the app (rights) and turned off accessibility, and changed (reset/reentered) the password in security settings... On next boot the phone correctly asked me for password.
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Some ROMs do not force encryption. They can still be encrypted. It depends on the kernel. You will need to perform a wipe to unencrypt
stevew84 said:
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Click to expand...
Click to collapse
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
cam30era said:
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
Click to expand...
Click to collapse
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Encryption depends on the kernel or more accurately the fstab, so it depends what kernel is supplied with the ROM or which kernel you plan on flashing with the ROM.
There are 2 types of ROM. Stock based and AOSP based. I find it hard to believe any AOSP ROM dev would turn on force encryption, but with a stock ROM, it could be on or off - depending. Read each thread to find out.
All ROMs and kernels are encryption enabled by the way. Turning off force encryption inky prevents first boot from encrypting your data partition. You can still turn on encryption yourself in settings and if you're already encrypted, turning off force encryption will not unencrypt your data, so it will still be on. Once force encryption has been turned off, you must then format /userdata to remove encryption
stevew84 said:
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Click to expand...
Click to collapse
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
cam30era said:
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
Click to expand...
Click to collapse
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
It says in my post
Encryption will stay on unless you completely wipe the device and have a kernel installed that doesn't force you to encrypt. So you'll never see an option for decrypting your device. This comes with a huge warning that ANYTHING on the internal storage will be lost, that goes for the ROM and your files, including your ROM zip files for flashing. If you want to decrypt the device I suggest you first practice by flashing a ROM that you copy into your phone while in recovery so you know you can do it.
Guide: http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
This will get you to a clean slate, make sure you test MTP (file transfer over usb from computer) in recovery and verify that you can move files over to your device in recovery. You should already have a custom recovery installed such as TWRP. If you are considering disabling make sure you know exactly what is going on first, its not as straight forward as it seems. Goodluck
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
If you are on stock, rooted, or a non-CM12 based ROM, one way is to go here > http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
Remember, after flashing the boot.img, you need to "fastboot format userdata" to unencrypt. This will wipe your SDcard.
rootSU said:
It says in my post
Click to expand...
Click to collapse
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
stevew84 said:
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
Click to expand...
Click to collapse
Because you were already encrypted.
stevew84 said:
I don't know the pros/cons of having it that way, or not.
Click to expand...
Click to collapse
Pros for encryption;
- security. This is pretty obvious, if somebody hostile gets their hands on your phone, your data will not be obtained by them.
Cons;
- performance and battery life. There is indication in AOSP that google *intends* to activate hardware crypto, but as of yet, have not. That means that the crypto function is done on your main CPU, which is (a) not as fast as the hwcrypto block, and (b) takes up valuable CPU cycles from other software that is running, and (c) anything that uses CPU heavily will consume battery.
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
rootSU said:
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
Click to expand...
Click to collapse
That isn't a con of encryption. That's a con of using broken software to perform your backup.
doitright said:
That isn't a con of encryption. That's a con of using broken software to perform your backup.
Click to expand...
Click to collapse
The con of encrypting data is that it may not always decrypt-able. Regardless of the root cause being Android, Windows, Linux or "broken software". If doing something to your data leads to it being useless via whatever means, then there is a negative effect of doing that something to your data
I upgraded from 5.1.1 to 6.0 by flashing the factory image without flashing userdata. Everything worked perfectly, but, as many people have noted, I get a "Your device is corrupt" message briefly on startup, before having the opportunity to enter my encryption code. Again, the phone functions just fine despite this.
I'm wondering what it is about my phone that causes this message to display. My bootloader is unlocked, though I don't think this alone should be a problem. I am completely stock, unrooted (though I was rooted on previous versions). As such, I don't think it can be a problem with the system or boot partitions, since, again, I have flashed and re-flashed these directly from the factory image. I don't see how it can be problem with userdata, since this isn't even decrypted when I get the "corrupt" message (i.e., I haven't entered the encryption code yet). Perhaps it's some problem with how userdata is encrypted?
Any logs that might give insight into where the fault is occurring?
Verity is the cause. That post should answer your question.
cupfulloflol said:
Verity is the cause. That post should answer your question.
Click to expand...
Click to collapse
Thanks for the link. I'm still not sure this explains my situation. I get a red "corrupt" warning telling me my device is actually corrupt, which should mean that system files have been modified. However, my system is unmodified; I know this because I have flashed it directly (multiple times).
Although it is extremely unlikely and might be a unique situation, Verity might have actually worked for what it was designed for, for once, and your system might actually be corrupted by either persistent malware or bad memory.
I would warranty return the phone, if possible.
Sent from my VS985 4G using Tapatalk
Wipe data factory reset from stock recovery.
trent999 said:
Although it is extremely unlikely and might be a unique situation, Verity might have actually worked for what it was designed for, for once, and your system might actually be corrupted by either persistent malware or bad memory.
I would warranty return the phone, if possible.
Sent from my VS985 4G using Tapatalk
Click to expand...
Click to collapse
droidstyle said:
Wipe data factory reset from stock recovery.
Click to expand...
Click to collapse
Thanks. I'm not looking really looking for a radical solution (wiping phone, returning it); I'm looking for an explanation (which might guide me to a less radical solution). Again, I wonder whether Verity makes a log somewhere. As I mentioned, my phone is working perfectly.
Hard to imagine it's persistent malware, since I've flashed every partition other than userdata (which is still encrypted when I get the "corrupt" message). Moreover, I'm by no means the first person to report this behavior.
NYZack said:
Thanks. I'm not looking really looking for a radical solution (wiping phone, returning it); I'm looking for an explanation (which might guide me to a less radical solution). Again, I wonder whether Verity makes a log somewhere. As I mentioned, my phone is working perfectly.
Hard to imagine it's persistent malware, since I've flashed every partition other than userdata (which is still encrypted when I get the "corrupt" message). Moreover, I'm by no means the first person to report this behavior.
Click to expand...
Click to collapse
it will appear when you boot up on marshmallow, when you have an unlocked bootloader.
simms22 said:
it will appear when you boot up on marshmallow, when you have an unlocked bootloader.
Click to expand...
Click to collapse
I didn't notice mine until I installed a custom recovery. Hrm..maybe I just didn't pay attention lol
Tower1972 said:
I didn't notice mine until I installed a custom recovery. Hrm..maybe I just didn't pay attention lol
Click to expand...
Click to collapse
i didnt get it either. but i flashed a custom kernel as well, which gets rid of that message.
simms22 said:
it will appear when you boot up on marshmallow, when you have an unlocked bootloader.
Click to expand...
Click to collapse
I'm unlocked, stock and get no such message(s). Expecting it when I install a recovery though
Larzzzz82 said:
I'm unlocked, stock and get no such message(s). Expecting it when I install a recovery though
Click to expand...
Click to collapse
So I can't figure out what the true story is. Some people say that it happens to everybody with an unlocked bootloader, but, according to what you say, this isn't the case. I am stock in every way - recovery, bootloader, boot image, system image - and yet I get this warning. It's not a big deal, but it eats at me and makes me wonder whether there really is something corrupt about some aspect of my system.
NYZack said:
So I can't figure out what the true story is. Some people say that it happens to everybody with an unlocked bootloader, but, according to what you say, this isn't the case. I am stock in every way - recovery, bootloader, boot image, system image - and yet I get this warning. It's not a big deal, but it eats at me and makes me wonder whether there really is something corrupt about some aspect of my system.
Click to expand...
Click to collapse
It has to be changes to recovery. I'm running stock 6.0 with an unlocked bootloader and root and I have no such message on startup. Rooted and unlocked through Wugfresh NexusTool and temporary modified recovery option (non-persistent).
dasDestruktion said:
It has to be changes to recovery. I'm running stock 6.0 with an unlocked bootloader and root and I have no such message on startup. Rooted and unlocked through Wugfresh NexusTool and temporary modified recovery option (non-persistent).
Click to expand...
Click to collapse
No, if you're rooted, it's a different story. The modified boot image installed when you root disables verity checking.
I got the message after rooting my phone with CFRoot. Have done that before, always worked. But now the phone stops working after that boot message, I have reinstalled the stock image.
simms22 said:
it will appear when you boot up on marshmallow, when you have an unlocked bootloader.
Click to expand...
Click to collapse
I can confirm that this is not true. I ultimately factory-reset my phone from Recovery (it was acting strangely in other ways - Contacts crashing, for instance). My bootloader remains unlocked, but I no longer get the "Corrupt" message on startup.
I'm unlocked on marshmallow also and have never had that message
Take a look at here, it was my experience and solution.
https://productforums.google.com/forum/m/#!topic/nexus/sTu8Bdc1GLA;context-place=topicsearchin/nexus/category$3Adevice-security
Sent from my Nexus 6 using XDA Free mobile app
Semseddin said:
Take a look at here, it was my experience and solution.
https://productforums.google.com/forum/m/#!topic/nexus/sTu8Bdc1GLA;context-place=topicsearchin/nexus/category$3Adevice-security
Sent from my Nexus 6 using XDA Free mobile app
Click to expand...
Click to collapse
A simple factory reset in Recovery was all I needed. But I was hoping for a solution that didn't involve wiping my phone, ... and some insight into why so many of us are getting this message with stock systems.
NYZack said:
A simple factory reset in Recovery was all I needed. But I was hoping for a solution that didn't involve wiping my phone, ... and some insight into why so many of us are getting this message with stock systems.
Click to expand...
Click to collapse
Glad you could fix yours with a simple factory reset. Mine was in a much worse situation where i immediately got the corrupted message once i entered gmail account into phone. Google reps couldnt find the answer to the issue but advised me to downgrade to previous os and take OTA to marshmallow, that definitly fixed the issue for me.
Sent from my Nexus 6 using XDA Free mobile app
Device verification on Android and Nexus can be a bit of an interesting subject.
In theory, dm-verity on a Nexus will ONLY validate the system image, and nothing else.
This is the key description that Google made regarding verified boot;
http://source.android.com/devices/tech/security/verifiedboot/verified-boot.html
The key takeaways from that are;
1) an enforcing secure boot chain will involve validating each of the bootloader/boot partitions from the previous level, up to and including the boot.img.
2) The boot image contains the linux kernel and the verity_key file.
3) The verity_key file is the public key used to validate the contents of the metadata partition, which stores the hash tree for the system partition and is used to validate the contents of the system partition *on the fly*.
4) When dm-verity detects a change, it causes an I/O error.
5) On Nexus devices, the validation of the boot partition can be disabled.
The part that is interesting, is figure 2.
The part where it verifies metadata signature files --> no, causes it to reboot in logging mode and gives you the big ugly warning page.
Note that an unlocked Nexus 6 does NOT implement the yellow or orange warning states in its default configuration - see the description of "Class A". I'm not entirely sure if they can be enabled or not, but I've heard chatter of something to the effect of fastboot oem verify, which might enable validation of the boot partition.
So what happens during a dm-verity?
Well, when init tries to mount the system partition using dm-verity, it fails signature check. When it fails signature check, it sets a boot flag that it failed signature check, and *reboots*. The bootloader picks up this boot flag, and loads the error. If dm-verity PASSES signature check, it just continued boot as normal -- no rebooting.
So the approach for getting rid of that error message is actually this; if you tell init not to apply dm-verity, then the signature check is never even applied, so it continues boot as normal.
What isn't clear, is how it could be even remotely possible for a corrupt boot or cache partition to trigger a bootloader error. The only thing I can imagine, is maybe there is some additional check that isn't documented, or a bug in the bootloader that gets triggered when some boot flag is set wrong.
I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
BEDickey said:
I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
Click to expand...
Click to collapse
Settings --> Security - First thing listed should be encrypt phone.
I know that. I'm saying all that does is restart it to the lock screen, as I said. The phone is not actually encrypted in the process like it should, it just restarts.
With Mofo root, you had to encrypt on an unrooted stock ROM, then flash the rooted ROM after. Are similar also required with CM?
I'm not sure but you can temp disable root in CM by A) Disbaling it in SuperSU app - Uncheck "Enable Superuser" or B) In the settings under developer options - Change "root access" to "disabled". Try that and encrypt then re-enable after
Thanks! I will check it out and report back.
I'm having the exact same problem. I was never able to encrypt running total stock, computerfreek rom, or rremix rom. Device briefly shows the green android, then begins a soft reboot and then a full reboot. I have tried disabling root (both ways) as suggested above. It makes no difference.
Same here, I have the same situation. It seems as though either CM itself or the act of unlocking to bootloader has removed the ability to encrypt your phone. Any advice from people more in the know would be helpful.
In my case, I have never been able to encrypt... even with a totally stock, unmodified, unrooted, unmofo'd, bootloader locked device. Googling around, it seems like a problem where the disk is partitioned in such a way that there isn't the required space left for encryption to initiate. Anything looking like a solution was way over my comfort level (manual repartitioning via terminal), or in the case of some flashable scripts, was outdated.
Question: Did either of you change the format of your /data partition in TWRP to maybe ExFAT or F2FS?
I have never formatted anything.
I think it's one of things you cannot do, since the bootloader is unlocked. IIRC, it must be locked, regardless of the manufacturer. That's why we have the bootloader toggle in dev options.
Sent from my DROID Turbo using Tapatalk
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
P_6 said:
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
Click to expand...
Click to collapse
This worked for me:
1. Flash back to 100% stock.
2. Encrypt through security settings.
3. Flash whatever you want afterwards. The encryption will be preserved.
I'm currently encrypted and running CF's rom with no issues. A bootloader unlock does not prevent encryption from working.
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
P_6 said:
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
Click to expand...
Click to collapse
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
TheSt33v said:
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
Click to expand...
Click to collapse
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
P_6 said:
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
Click to expand...
Click to collapse
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
TheSt33v said:
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
Click to expand...
Click to collapse
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
P_6 said:
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
Click to expand...
Click to collapse
Weird. You might have to start all over again by going back to stock, and this time either keep the pin or just not deal with encryption.
Title says it all. Is there any known way to have root and device encryption still possible?
Thanks a lot.
plop12345 said:
Title says it all. Is there any known way to have root and device encryption still possible?
Thanks a lot.
Click to expand...
Click to collapse
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Jammol said:
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Click to expand...
Click to collapse
I never thought of this question, but good question. So root trips knox to stop encryption? Kinda lame if so.
Jammol said:
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Click to expand...
Click to collapse
Got it working with the stock ROM in the mean time. Just don't use TWRP to flash Magisk. Keep the stock recovery, Use Magisk Manager to patch boot.img (check tar format in settings) , then flash back via Odin, boot and factory reset. Done.
No luck with any custom ROM yet. Desperately looking for help. Would also pay quite a bit to have someone skilled looking into this. I don't want to keep the Korean ROM of my N950N
Nick216ohio said:
I never thought of this question, but good question. So root trips knox to stop encryption? Kinda lame if so.
Click to expand...
Click to collapse
No, flashing with TWRP requires to format data. That step loses encryption.
For some reason it's then impossible with Magisk or pph root to just reencrypt the phone from a custom ROM. It dies with invalid encryption and looses all your data when you try.
It's a bit different with SuperSU. Here it thinks encryption went well and tries to mount it on next boot, but then fails.
From my current knowledge it seems it needs stock recovery to recreate an encrypted data partition that actually works. That's the bit I'm stuck now...
plop12345 said:
No, flashing with TWRP requires to format data. That step loses encryption.
For some reason it's then impossible with Magisk or pph root to just reencrypt the phone from a custom ROM. It dies with invalid encryption and looses all your data when you try.
It's a bit different with SuperSU. Here it thinks encryption went well and tries to mount it on next boot, but then fails.
From my current knowledge it seems it needs stock recovery to recreate an encrypted data partition that actually works. That's the bit I'm stuck now...
Click to expand...
Click to collapse
On the Snap version, using SamFail gets rid of encryption. There's no way to encrypt for us with root because of the 80% short coming.
Jammol said:
On the Snap version, using SamFail gets rid of encryption. There's no way to encrypt for us with root because of the 80% short coming.
Click to expand...
Click to collapse
Ah crap, didn't even think of that issue
Anyway, at least to me a phone without reliable encryption is not usable as daily driver. I wonder why this gets so little attention. I spend some days now trying to resolve this, but there is not much information out there or I'm not capable to dig it up.
I couldn't even find a clear statement, what it actually is that prevents TWRP to mount encrypted /data on modern Samsung phones.
I known they do their own SOC based hardware encryption, but what is it that TWRP can't get? Does the trusted zone not release the key if a custom binary boots? I really like to understand a bit more on how this actually works.
Thanks
Figured it out: https://forum.xda-developers.com/galaxy-note-8/how-to/guide-how-to-root-device-encryption-t3742493