Related
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Some ROMs do not force encryption. They can still be encrypted. It depends on the kernel. You will need to perform a wipe to unencrypt
stevew84 said:
I'm new to the 6 and I haven't really read too much into the whole encryption thing, so I don't know the pros/cons of having it that way, or not.
During my first boot of this thing, I started the unlock/root process, then I quickly remembered about encryption...and what the whole thing was about. Well I'm curious, are these custom ROM's built without the encryption? In the security menu of Chroma, encryption is enabled. In another ROM which specifically stated encryption was off...it was actually on.
So I'm confused.
Thanks.
Click to expand...
Click to collapse
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
cam30era said:
It depends on the state of your device before you flash the ROM. If you are unencrypted prior to flashing the ROM, you will stay unencrypted. And if encrypted, you will stay encrypted. For most ROMs. Read the fine print in the OP.
Click to expand...
Click to collapse
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Encryption depends on the kernel or more accurately the fstab, so it depends what kernel is supplied with the ROM or which kernel you plan on flashing with the ROM.
There are 2 types of ROM. Stock based and AOSP based. I find it hard to believe any AOSP ROM dev would turn on force encryption, but with a stock ROM, it could be on or off - depending. Read each thread to find out.
All ROMs and kernels are encryption enabled by the way. Turning off force encryption inky prevents first boot from encrypting your data partition. You can still turn on encryption yourself in settings and if you're already encrypted, turning off force encryption will not unencrypt your data, so it will still be on. Once force encryption has been turned off, you must then format /userdata to remove encryption
stevew84 said:
I've also read about long "encrypting now" screens during first boot of fresh ROM's, I've never seen those.
Click to expand...
Click to collapse
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
cam30era said:
Correct. If you are unsure of your kernel status go to Settings/Security/Encryption. If it says "Encrypt phone", then you are unencrypted.
Click to expand...
Click to collapse
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
It says in my post
Encryption will stay on unless you completely wipe the device and have a kernel installed that doesn't force you to encrypt. So you'll never see an option for decrypting your device. This comes with a huge warning that ANYTHING on the internal storage will be lost, that goes for the ROM and your files, including your ROM zip files for flashing. If you want to decrypt the device I suggest you first practice by flashing a ROM that you copy into your phone while in recovery so you know you can do it.
Guide: http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
This will get you to a clean slate, make sure you test MTP (file transfer over usb from computer) in recovery and verify that you can move files over to your device in recovery. You should already have a custom recovery installed such as TWRP. If you are considering disabling make sure you know exactly what is going on first, its not as straight forward as it seems. Goodluck
stevew84 said:
Ah alright, well each and every time I flash something new, I'm encrypted. I'm interested in getting rid of that, but not sure exactly how to do it.
Click to expand...
Click to collapse
If you are on stock, rooted, or a non-CM12 based ROM, one way is to go here > http://forum.xda-developers.com/nexus-6/development/disable-forced-encryption-gain-root-t2946715
Remember, after flashing the boot.img, you need to "fastboot format userdata" to unencrypt. This will wipe your SDcard.
rootSU said:
It says in my post
Click to expand...
Click to collapse
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
stevew84 said:
Sorry, I didn't see you posted.
Right now with Chroma + Vindicator kernel...Encryption states Enabled in the security menu.
Click to expand...
Click to collapse
Because you were already encrypted.
stevew84 said:
I don't know the pros/cons of having it that way, or not.
Click to expand...
Click to collapse
Pros for encryption;
- security. This is pretty obvious, if somebody hostile gets their hands on your phone, your data will not be obtained by them.
Cons;
- performance and battery life. There is indication in AOSP that google *intends* to activate hardware crypto, but as of yet, have not. That means that the crypto function is done on your main CPU, which is (a) not as fast as the hwcrypto block, and (b) takes up valuable CPU cycles from other software that is running, and (c) anything that uses CPU heavily will consume battery.
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
rootSU said:
Another con with encryption that I have (which I admit is extremely unlikely - but has happened in the past) is that files that are backed up off the device may not get decrypted correctly, leaving them corrupt. That is my main hate of encryption. That and the fact that I cannot automate my TWRP backups
Click to expand...
Click to collapse
That isn't a con of encryption. That's a con of using broken software to perform your backup.
doitright said:
That isn't a con of encryption. That's a con of using broken software to perform your backup.
Click to expand...
Click to collapse
The con of encrypting data is that it may not always decrypt-able. Regardless of the root cause being Android, Windows, Linux or "broken software". If doing something to your data leads to it being useless via whatever means, then there is a negative effect of doing that something to your data
I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
BEDickey said:
I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
Click to expand...
Click to collapse
Settings --> Security - First thing listed should be encrypt phone.
I know that. I'm saying all that does is restart it to the lock screen, as I said. The phone is not actually encrypted in the process like it should, it just restarts.
With Mofo root, you had to encrypt on an unrooted stock ROM, then flash the rooted ROM after. Are similar also required with CM?
I'm not sure but you can temp disable root in CM by A) Disbaling it in SuperSU app - Uncheck "Enable Superuser" or B) In the settings under developer options - Change "root access" to "disabled". Try that and encrypt then re-enable after
Thanks! I will check it out and report back.
I'm having the exact same problem. I was never able to encrypt running total stock, computerfreek rom, or rremix rom. Device briefly shows the green android, then begins a soft reboot and then a full reboot. I have tried disabling root (both ways) as suggested above. It makes no difference.
Same here, I have the same situation. It seems as though either CM itself or the act of unlocking to bootloader has removed the ability to encrypt your phone. Any advice from people more in the know would be helpful.
In my case, I have never been able to encrypt... even with a totally stock, unmodified, unrooted, unmofo'd, bootloader locked device. Googling around, it seems like a problem where the disk is partitioned in such a way that there isn't the required space left for encryption to initiate. Anything looking like a solution was way over my comfort level (manual repartitioning via terminal), or in the case of some flashable scripts, was outdated.
Question: Did either of you change the format of your /data partition in TWRP to maybe ExFAT or F2FS?
I have never formatted anything.
I think it's one of things you cannot do, since the bootloader is unlocked. IIRC, it must be locked, regardless of the manufacturer. That's why we have the bootloader toggle in dev options.
Sent from my DROID Turbo using Tapatalk
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
P_6 said:
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
Click to expand...
Click to collapse
This worked for me:
1. Flash back to 100% stock.
2. Encrypt through security settings.
3. Flash whatever you want afterwards. The encryption will be preserved.
I'm currently encrypted and running CF's rom with no issues. A bootloader unlock does not prevent encryption from working.
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
P_6 said:
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
Click to expand...
Click to collapse
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
TheSt33v said:
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
Click to expand...
Click to collapse
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
P_6 said:
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
Click to expand...
Click to collapse
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
TheSt33v said:
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
Click to expand...
Click to collapse
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
P_6 said:
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
Click to expand...
Click to collapse
Weird. You might have to start all over again by going back to stock, and this time either keep the pin or just not deal with encryption.
I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
cwhiatt said:
I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
Click to expand...
Click to collapse
Hello Hiatt,
Thanks for using XDA Assist. What specific device do you currently have? There are so many devices here and each might deal with your question differently. I moved your other thread to off topic since it was referring to iPhones, but this one seems to have a more specific device in mind.
Thanks,
coal686
I presently have a Tmobile Galaxy S6 which is rooted and running Sick as Hell (version X).
From what I have read and heard it seems as though root and encryption together don't always play well together.
Also, it was the other post of mine that mentioned iPhones (the one about factory resets and eDiscovery).
cwhiatt said:
I presently have a Tmobile Galaxy S6 which is rooted and running Sick as Hell (version X).
From what I have read and heard it seems as though root and encryption together don't always play well together.
Also, it was the other post of mine that mentioned iPhones (the one about factory resets and eDiscovery).
Click to expand...
Click to collapse
Lol, that's what I said. The other post was more about the iPhone issue so I moved it to off-topic. Since you have a Galaxy S6, I'll move this thread there so people with that device can give you a more personalized answer.
I don't think that having root is an issue with encryption. I Had my S5 encrypted only problem was a ui crash when entering the boot password. That was specific to the rom I was using and simply had to enter password 1 or 2 characters at a time between errors.
But I do think there may be a problem with custom recovery and encryption.
My S5 was verizon, thus still locked bootloader and used safestrap to get to a custom recovery which wasn't always active.
I would talk to someone with a lot more knowledge then I about this further. But pretty sure just having root is not a problem the recovery is where you can have issues
cwhiatt said:
I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
Click to expand...
Click to collapse
Hi there,
Root + Encryption can work together as long as no custom recovery involved, so if you get your root by exploit instead of installing custom recovery almost 99% chance you can have your phone encrypted while preserving the root privilege.
My case explained here : http://forum.xda-developers.com/galaxy-note-3/general/success-root-encryption-t3372958
I didn't have a problem with encryption and root. The only problem that I had was that my Galaxy S6 Edge needed to be encrypted before root. I could not encrypt my phone with the "stock" rooted kernel. Once I was encrypted, I could install TWRP and root via supersu systemless root.
Once I had root, I would use flashfire to back up and install because TWRP could not read the DATA partition since it was encrypted. For some reason, it seems once the phone has been decrypted, the data partition could be backed up with flashfire, and I would be able to restore a backup as well.
This is where I ran into issues. If you are flashing a custom rom that will require you to wipe data, your device will lose encryption. Because I can be somewhat of a crack flasher at times, and that I am too lazy to deal with having to re-encrypt and reinstall all my settings, I just opted to stick with an unencrypted phone.
Hopefully at some point, TWRP will be compatible with encryption so that lives will be easy for us crack flashers..until then, I will probably stick with an unencrypted device unless I just want to stick with a stock rom, or a custom rom that I can load up and not have to wipe data every time there is an update.
So I heard someone mention something about TWRP not working on Android N if the device is encrypted. I haven't been able to test this myself yet. but details on that? Does it just hang and freeze? Is there an error message of some sort? Does flashing stuff just always fail? Thanks!
H4X0R46 said:
So I heard someone mention something about TWRP not working on Android N if the device is encrypted. I haven't been able to test this myself yet. but details on that? Does it just hang and freeze? Is there an error message of some sort? Does flashing stuff just always fail? Thanks!
Click to expand...
Click to collapse
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
simms22 said:
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
Click to expand...
Click to collapse
Thanks! Just have to be sure when working with an expensive device such as the shamu. Glad that's a rumor, cuz it would be yet another thing to worry about in the future lol Thanks again!
There are issues with flashing if the device is encrypted. Also (not a worry on shamu) things like lock passwords and FP scans. To be honest the encryption is not even worth it. This is why most disable it by default.
zelendel said:
There are issues with flashing if the device is encrypted. Also (not a worry on shamu) things like lock passwords and FP scans. To be honest the encryption is not even worth it. This is why most disable it by default.
Click to expand...
Click to collapse
most people disable encryption because they falsely believe that itll improve their devices performance. but guess what, it does not! i just leave my device encrypted, it makes everything much easier.
simms22 said:
most people disable encryption because they falsely believe that itll improve their devices performance. but guess what, it does not! i just leave my device encrypted, it makes everything much easier.
Click to expand...
Click to collapse
That is open for debate as I see a huge increase in performance with it disabled. To me encryption is pointless and useless so disabling it was not a big deal.
simms22 said:
stop listening to "rumors".. twrp works just fine on N, just like its supposed to.
Click to expand...
Click to collapse
TWRP 3.0.2-0 hangs at start... on Android N... if your device is encrypted. I'm going to assume your device isn't encrypted.
Edit: more clarity for the lazy reader.
deepdvd said:
TWRP hangs at start if your device is encrypted. I'm going to assume your device isn't encrypted.
Click to expand...
Click to collapse
im encrypted, since nov 2014, never unencrypted. ive never had an issue with twrp. now being encrypted, i dont really use it(excpt for special occasions), so i dont use a password.
simms22 said:
im encrypted, since nov 2014, never unencrypted. ive never had an issue with twrp. now being encrypted, i dont really use it(excpt for special occasions), so i dont use a password.
Click to expand...
Click to collapse
This post is about Android N Developer Preview. You must not have that.
I've got N preview (always been encrypted) but can't update OTA because I have TWPR, guess I need to flash back to stock.
deepdvd said:
This post is about Android N Developer Preview. You must not have that.
Click to expand...
Click to collapse
um.. ive been going back and forth from pure nexus rom to N, then back to pure nexus, for the 5th time now. and ive been using twrp recovery to do it :angel:
I thought that while encrypting my phone, the result would be that my data is preserved, just encrypted. So I went through the encryption process only to find that all my data is wiped, so that I have to restore everything from backups, as far as I have them.
Did I overlook something, or is this a bug? I have LineageOS 14.1, installed yesterday, official.
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
yahya69 said:
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
Click to expand...
Click to collapse
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
BillGoss said:
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
Click to expand...
Click to collapse
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
yahya69 said:
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
Click to expand...
Click to collapse
I resolve this problem using latest official twrp.
dimon2242 said:
I resolve this problem using latest official twrp.
Click to expand...
Click to collapse
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
yahya69 said:
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
Click to expand...
Click to collapse
Have you tried default_password as the password in TWRP?
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
BillGoss said:
Have you tried default_password as the password in TWRP?
Click to expand...
Click to collapse
What "default password"? You mean, literally typing "default_password"? No I did not. What would that have done?
After all, again, it required a password for the /data partition, hence a password with whom it is encrypted. But I had used no password other than the PIN. And again, I can't see how my problem of data disappearing on each boot would be caused by TWRP.
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
Click to expand...
Click to collapse
Again, what password do you have in mind? The PIN? Yes, the system asked for the PIN at boot, but nonetheless, all data was wiped on each boot.
For the time being,I run the system without encryption, because I have had enough of setting is up again and again anew (had to do this three or four times.)
Again, it looks like this is a bug. Because after initially encrypting the phone, my data should still have been there. But it was gone. The phone was now encrypted, but there was nothing on it. That's something that I am pretty sure is not supposed to happen.
just had the same using Samsung S5 Duos with latest lineage-os (20180427): this is a cluster-f**k, I cannot believe it. I advocate using Lineage-OS whereever I go. Of course, it's my fault, I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
chaos_prevails said:
I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
Click to expand...
Click to collapse
You probably already realize this, at this point. But there is no such thing as an OS (on any device) that is so secure or stable, that backing up your data is not necessary. Even regardless of OS, memory corruption and data loss can happen for any number of reasons. Golden rule: If your data is important to you, back it up.
Of course, I know.
I took the loss of all data as opportunity to flash newest modem, CSC, and PDA firmware via latest stock-rom, and then re-flashed latest Lineage OS again. This time, it didn't factory reset my phone with encryption. Don't know if that had anything to do with my old firmware (I had G900FDXXS1CPK2 installed when factory reset-with-encryption happened).
Beside, I was lucky as no other migration method to my new phone worked out except going via a old-school micro-sd card copy. I could undelete almost all pictures on it