HI guys! I have noticed that Xiaomi.eu ROMs dont have device encryption enabled by default. There is also no way to manually encrypt the phone as it would crash. While searching for the solutions I have found some solutions such as modification of "fstab.qcom" by changing "encryptable=ice" to "fileencryption=ice" but those do not work on MI8. I have found also a .zip file which would do the modification but also no success.
Any suggestions how encryption could be enabled on EU roms? With newest TWRP which does support it our unlocked devices could be much more secured.
you need to format userdata to remove encryption then flash zip remove encryption to work
richardyusan said:
you need to format userdata to remove encryption then flash zip remove encryption to work
Click to expand...
Click to collapse
By flash zip remove encryption do you mean dm verity zip?
landryna said:
By flash zip remove encryption do you mean dm verity zip?
Click to expand...
Click to collapse
I think he means you need to format userdata not wipe it, so that encryption is removed. After that you can flash the zip with the rom and it will work. That is at least how I had to do it to get EU roms to work. There is currently no way to have encrypted device with EU roms.
Superbia said:
I think he means you need to format userdata not wipe it, so that encryption is removed. After that you can flash the zip with the rom and it will work. That is at least how I had to do it to get EU roms to work. There is currently no way to have encrypted device with EU roms.
Click to expand...
Click to collapse
Well this is not the solution then - the pupose of this thread is to check how to have BOTH:
- Xiaomi.EU rom installed
- Encryption switched on and working on the device
Apparently as per your comment it is not possible. The only question is: why to install Eu rom and leave device completely unsecured to anybody who can google: 'remove twrp lock code' and why it does not concern people here..
have you tried with this guide?
https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
if you try, let us know the results
gulp79 said:
have you tried with this guide?
https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
if you try, let us know the results
Click to expand...
Click to collapse
Hi. Of course I have checked this in first instance. Partition is not encrypted so it doesn't work unfortunately.
landryna said:
Hi. Of course I have checked this in first instance. Partition is not encrypted so it doesn't work unfortunately.
Click to expand...
Click to collapse
HELLO
are you still digging on the subject?
Related
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
mad-murdock said:
Hey there.
I got my 3t in the day, 4.0.0 was released. So I unlocked my bootloader after upgrading.
At the time, dm-verity was new to me and so I ignored it.
By now I read up on it and guess I get it. What doesn't fit to what I read is the fact, that I modified my system in many ways. By flashing TWRP, by modifying system with super su and things like ad blockers (hosts file) and pixel launcher.
Yet I never installed the verity fix. I also use encrypted data partition.
How can that be?
My only guess is, I never installed a custom kernel yet or another Rom. But then again verity should be triggered way earlier. Did 4.0 not fully implement it?
Click to expand...
Click to collapse
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
ram4ufriends said:
They say (in twrp thread and in oneplus forums) if you flash supersu, you are fine...
Click to expand...
Click to collapse
When am I not fine? Protection only triggers if kernel is exchanged?
It's not that I don't want to flash it, but I am eager to know.
*bump* - trying a last time, to see if anyone knows details
The whole point of dm verity is to make sure phone is not rooted or modified in any way that could compromise app security, luckily it doesn't work quite 100% as we can still root without triggering it, even though it should.
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
mad-murdock said:
I guess, the answer to my question is, TWRP automatically applies the dm-verity patch on first install. I overlooked that feature to be honest, but it makes total sense to do so and protect custom recovery users from locking out of your phone
Click to expand...
Click to collapse
It's my understanding that SuperSU applies the dm-verity patch when it's installed.
napetost said:
I have this questions too. And I can't decrypt Data even if I input the right password. I can't use recovery anymore with TWRP or the stock rec.
Here is some details about the dm-verity. https://source.android.com/security/verifiedboot/verified-boot.html
I only know Android N will encrypt Data by using f2fs file system.........
If you have some effective methods, please tell me. Thanks a lot!
Click to expand...
Click to collapse
flash TWRP 3.0.3-1-beta1 and try again
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
napetost said:
I have found the right way!
First, you should flash back to OOS3.5 6.0, then set the pin password. And then copy OOS4.0 to /sdcard ,then using system update.Then you will update to OOS4.0 and you won't see any dm-verity problems.
Click to expand...
Click to collapse
That's one way. Using the TWRP beta is another. It's in the TWRP post, page 55, bottom. Post 550. Actually the last few pages of that post discuss this issue right now. Might be worth reading.
Afraid, I will start to hate my newly oneplus 3t due to this encryption/decryption thing. Had to format userdata two times and lost already vital data since fone could't get decrypted after rom installation. What is the safest method to avoid this serious issue and I believe many users like me suffering with the same.
Hope somebody can help.
Thnx
Sent from my ONEPLUS A3003 using Tapatalk
ayyan84 said:
Afraid, I will start to hate my newly oneplus 3t due to this encryption/decryption thing. Had to format userdata two times and lost already vital data since fone could't get decrypted after rom installation. What is the safest method to avoid this serious issue and I believe many users like me suffering with the same.
Hope somebody can help.
Thnx
Sent from my ONEPLUS A3003 using Tapatalk
Click to expand...
Click to collapse
read read read read and read.
the_rooter said:
read read read read and read.
Click to expand...
Click to collapse
Where exactly?? ??
Sent from my ONEPLUS A3000 using Tapatalk
nano303 said:
Where exactly?? ??
Sent from my ONEPLUS A3000 using Tapatalk
Click to expand...
Click to collapse
Xda-developers.com threads for said device. Google.com is also your friend.
Could u b precise and share few links. I have done a lot research before wiping my data.
Sent from my ONEPLUS A3003 using Tapatalk
the_rooter said:
read read read read and read.
Click to expand...
Click to collapse
the_rooter said:
Xda-developers.com threads for said device. Google.com is also your friend.
Click to expand...
Click to collapse
Nice useless garbage to fill your post count.
ayyan84 said:
Could u b precise and share few links. I have done a lot research before wiping my data.
Click to expand...
Click to collapse
I've spent the entire day dealing with the similar situation trying to get Magisk to work properly, and ended up removing the encryption.
TWRP 3.0.4-0 and newer may fix the issue now, but if it doesn't, either flash the disable forced encryption zip using the Toolkit, or the one from the TWRP thread, or flash a custom kernel which disables it, like ElementalX or blu_spark, all located in the Android Development sub-forum. I don't use custom ROMs so I won't know if they disable it in theirs. Read and ask them about it.
Then using a PC and fastboot, run "fastboot format userdata" then "fastboot reboot". This will WIPE YOUR DATA so back everything on internal storage up!
You won't be running encrypted anymore, and encryption can be re-enabled in Settings > Security.
Spasticdroid said:
Nice useless garbage to fill your post count.
I've spent the entire day dealing with the similar situation trying to get Magisk to work properly, and ended up removing the encryption.
TWRP 3.0.4-0 and newer may fix the issue now, but if it doesn't, either flash the disable forced encryption zip using the Toolkit, or the one from the TWRP thread, or flash a custom kernel which disables it, like ElementalX or blu_spark, all located in the Android Development sub-forum. I don't use custom ROMs so I won't know if they disable it in theirs. Read and ask them about it.
Then using a PC and fastboot, run "fastboot format userdata" then "fastboot reboot". This will WIPE YOUR DATA so back everything on internal storage up!
You won't be running encrypted anymore, and encryption can be re-enabled in Settings > Security.
Click to expand...
Click to collapse
so if flash the dm-verity and format userdata to remove encryption, that is a one time thing right? i don't have to deal with the issues whether a custom rom or a kernel is compatible?
Spasticdroid said:
Nice useless garbage to fill your post count.
I've spent the entire day dealing with the similar situation trying to get Magisk to work properly, and ended up removing the encryption.
TWRP 3.0.4-0 and newer may fix the issue now, but if it doesn't, either flash the disable forced encryption zip using the Toolkit, or the one from the TWRP thread, or flash a custom kernel which disables it, like ElementalX or blu_spark, all located in the Android Development sub-forum. I don't use custom ROMs so I won't know if they disable it in theirs. Read and ask them about it.
Then using a PC and fastboot, run "fastboot format userdata" then "fastboot reboot". This will WIPE YOUR DATA so back everything on internal storage up!
You won't be running encrypted anymore, and encryption can be re-enabled in Settings > Security.
Click to expand...
Click to collapse
Thanks for elaboration to avoid encryption but once u r caught into encryption, I think there is no way to decrypt but wiping data which is painful..
I m so still confused about the decryption password..
I have never registered any password for encryption
Sent from my ONEPLUS A3003 using Tapatalk
lpiratel said:
so if flash the dm-verity and format userdata to remove encryption, that is a one time thing right? i don't have to deal with the issues whether a custom rom or a kernel is compatible?
Click to expand...
Click to collapse
Yes. Flashing it once, followed by formatting via fastboot will remove encryption, and that's all you'll have to do.
As for Roms and kernels, as long as the devs have it disabled, you are fine. From a quick lookup on GitHub, ROMs here such as Official Resurrection Remix, Unofficial Unified LineageOS, and Unofficial CM have it disabled. The kernels listed in my other post have it disabled too.
ayyan84 said:
Thanks for elaboration to avoid encryption but once u r caught into encryption, I think there is no way to decrypt but wiping data which is painful..
I m so still confused about the decryption password..
I have never registered any password for encryption
Sent from my ONEPLUS A3003 using Tapatalk
Click to expand...
Click to collapse
Well, you can't lock a door without a key, and if no key is made by you the system will have to use a default key created the the encryption libraries, and this is the reason recovery should use the ROMs encryption libraries both for using the correct encryption certificate and default encryption key if the user didn't enter one.
The default encryption key and certificate difference between 3.x, 4.x and other ROMs is the reason for the confusing situation on this phone, and as long as this is the case, my phone will stay unencrypted. ?
Spasticdroid said:
Yes. Flashing it once, followed by formatting via fastboot will remove encryption, and that's all you'll have to do.
As for Roms and kernels, as long as the devs have it disabled, you are fine. From a quick lookup on GitHub, ROMs here such as Official Resurrection Remix, Unofficial Unified LineageOS, and Unofficial CM have it disabled. The kernels listed in my other post have it disabled too.
Click to expand...
Click to collapse
thanks, that's really answer my question and confusion after reading other posts.
If I have formatted and installed with encryption disabled, what is the right way to get encryption back?
Can I just go into Settings>Security & Fingerprint>Encrypt Phone and enable it there?
Yup, that should do the trick. Didn't try on T3, but used same method on one of my prev phones.
Did that work?
I did it on OOS 4.1.1 with twrp and franco kernel installed. It worked for me :good:
AndreiVolk said:
I did it on OOS 4.1.1 with twrp and franco kernel installed. It worked for me :good:
Click to expand...
Click to collapse
I wonder if it works with a non oos rom though
stonew5082 said:
I wonder if it works with a non oos rom though
Click to expand...
Click to collapse
Well all custom roms work fine with encrypted devices so i don't see why it shouldn't be possible to encrypt your device on a custom rom. If you want to be 100% sure ask in the thread of your rom
AndreiVolk said:
Well all custom roms work fine with encrypted devices so i don't see why it shouldn't be possible to encrypt your device on a custom rom. If you want to be 100% sure ask in the thread of your rom
Click to expand...
Click to collapse
It worked. I disabled root to be on the safe side and encrypted. I get errors in twrp now, but they don't seem to effect anything.
stonew5082 said:
It worked. I disabled root to be on the safe side and encrypted. I get errors in twrp now, but they don't seem to effect anything.
Click to expand...
Click to collapse
May i know what error TWRP gives after you encrypt your phone ?
I plan to do so as well...
stonew5082 said:
It worked. I disabled root to be on the safe side and encrypted. I get errors in twrp now, but they don't seem to effect anything.
Click to expand...
Click to collapse
nicknacknuke said:
May i know what error TWRP gives after you encrypt your phone ?
I plan to do so as well...
Click to expand...
Click to collapse
Root is not a problem neither. i did it with root enabled.
That twrp error is normal. When you boot in twrp it shows the error that it can't mount data because you're encrypted and you need to type in your password first.
I also suggest you to use blu_spark's twrp because it's always updated. The official twrp for the op3t hasn't a maintainer anymore and it seems abbandoned..
AndreiVolk said:
The official twrp for the op3t hasn't a maintainer anymore and it seems abbandoned..
Click to expand...
Click to collapse
How do you figure that?
https://eu.dl.twrp.me/oneplus3t/
Didgeridoohan said:
How do you figure that?
https://eu.dl.twrp.me/oneplus3t/
Click to expand...
Click to collapse
I mean here on xda. The last build on xda is the 3.0.4.1 which it never came out. There was the 3.1.0.0 which had the wipe bug for the 3t. I don't know who is making those builds and i don't neither know if they test it.
AndreiVolk said:
I mean here on xda. The last build on xda is the 3.0.4.1 which it never came out. There was the 3.1.0.0 which had the wipe bug for the 3t. I don't know who is making those builds and i don't neither know if they test it.
Click to expand...
Click to collapse
You were talking about the official builds... That's the official downloads from the official TWRP website (https://twrp.me). There's a world outside XDA as well...
Anyway to enable encryption with miui.eu rom?
i tried this method https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
But it just gets stuck on boot screen
from here... https://forum.xda-developers.com/mi...-encrytion-t3846726/post77721399#post77721399
t0mas_ said:
hi!
you need to edit ventor/etc/fstab.com
in the file there is "encryptable=ice", you need to change that to "fileencryption=ice"
but you need to format data after that, i dont think it will work if you dont
Click to expand...
Click to collapse
but still untested by myself....
why u need encryption while unlocked, twrp installed?
thanhnvt194 said:
why u need encryption while unlocked, twrp installed?
Click to expand...
Click to collapse
because when encrypted, you can't access data from twrp without a password. all a person without password do is wipe the phone. which is possible even when locked.
t0mas_ said:
because when encrypted, you can't access data from twrp without a password. all a person without password do is wipe the phone. which is possible even when locked.
Click to expand...
Click to collapse
I am waiting for a new update to do the same. You must change a root file, and format the data. Everything will work normal!
gugugrp said:
I am waiting for a new update to do the same. You must change a root file, and format the data. Everything will work normal!
Click to expand...
Click to collapse
I am on global stable with unlocked bootloader (China variant) and haven't flashed TWRP yet. When I enable Fingreprint security, the phone says it's encrypted. In other Android phones (Samsung), we have to manually enable encryption apart from fingerprint security but I couldn't find it in the phone settings in MIUI 10. Any ideas?
So, in EU ROM, when you enable fingerprint security, does it say that the phone is encrypted or not? If no encryption, then flashing the EU ROM is a no go for me as encryption is critical for me
RainGater said:
I am on global stable with unlocked bootloader (China variant) and haven't flashed TWRP yet. When I enable Fingreprint security, the phone says it's encrypted. In other Android phones (Samsung), we have to manually enable encryption apart from fingerprint security but I couldn't find it in the phone settings in MIUI 10. Any ideas?
So, in EU ROM, when you enable fingerprint security, does it say that the phone is encrypted or not? If no encryption, then flashing the EU ROM is a no go for me as encryption is critical for me
Click to expand...
Click to collapse
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.
t0mas_ said:
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.
Click to expand...
Click to collapse
I didn't set the PIN or fingerprint security during the first boot but later added it. When I check the Encryption, it says that the phone is encrypted. Even when I setup the PIN, I didn't see any message indicating that it's encyrpting as it was super quick. Like you said, official MIUI is encrypted by default.
But modifying the fstab.qcom is a pain as I have to keep doing it after every flash of EU ROM? Also, not sure what happens after you make the fstab change, encrypt it, then flash a new version of EU... Does it hang or what happens?
Did you encrypt your device in EU ROM?
RainGater said:
I didn't set the PIN or fingerprint security during the first boot but later added it. When I check the Encryption, it says that the phone is encrypted. Even when I setup the PIN, I didn't see any message indicating that it's encyrpting as it was super quick. Like you said, official MIUI is encrypted by default.
But modifying the fstab.qcom is a pain as I have to keep doing it after every flash of EU ROM? Also, not sure what happens after you make the fstab change, encrypt it, then flash a new version of EU... Does it hang or what happens?
Did you encrypt your device in EU ROM?
Click to expand...
Click to collapse
well not that much of a pain. the file doesn't hang that often so you can have the same file in update zip for quite a while. you do need to flash it every time you flash rom though
t0mas_ said:
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.
Click to expand...
Click to collapse
I try to edit fstab.qcom but even with root it says save failed, tried a couple different editors and the same thing happens. Could you please tell me how to successfully edit fstab.qcom
mikefallen said:
I try to edit fstab.qcom but even with root it says save failed, tried a couple different editors and the same thing happens. Could you please tell me how to successfully edit fstab.qcom
Click to expand...
Click to collapse
you cant doit from running sysetm. i do it from recovery, mount vendor, adb pull. then put it in a flashable zip to have it handy for updates. empty zip is attached, just drop your fstab.qcom inside and flash. if you have vendor allready mounted in recovery it will throw an error about it, but it will flash it. gl
t0mas_ said:
you cant doit from running sysetm. i do it from recovery, mount vendor, adb pull. then put it in a flashable zip to have it handy for updates. empty zip is attached, just drop your fstab.qcom inside and flash. if you have vendor allready mounted in recovery it will throw an error about it, but it will flash it. gl
Click to expand...
Click to collapse
Thanks a lot really appreciate you taking the time to help me out!
Ancient thread
but there's one really important question. why does this method not work with F2FS formatted /data ?
Hi, everyone
Is it possible after installing magisk and rooted,to keep the data partition remain encrypted without bootloop ?
I have yet to find a way, however there is a user claiming to have root with data & system encryption on the Oreo 8.1 ROM. I'm on 9.0 Global, and tried a million different ways. Encryption is different from 8.1 to 9.0 ROMs. I think the .eu multi-language ROM based on China disables the Data encryption (even though it reports Encrypted, the system is encrypted). There was a thread here that told about possibly enabling data encryption while keeping root on the .eu multi-roms, but i have not tried. I prefer the Global ROM.
If anyone can get root with the System partition AND the Data partition fully encrypted, please let us know!
Here in the forum there is a topic where one member helps another to get it done, and the encryption is done. I do not know if there's root in the middle of the tutorial.
on official global I think there is no way to run rooted and encrypted.
on xiaomi EU encryption is disabled by default, but you can enable it by editing fstab. qcom in /vendor/etc. I have already posted about how to do it, search xda
The newer versions break twrp encryption support I was running miui.eu with encryption up untill stable 10.0.0.2. in 10.0.0.3 their must have been some sequrity upgrade that changed the encryption because twrp would no longer decrypt the data partition
mikefallen said:
The newer versions break twrp encryption support I was running miui.eu with encryption up untill stable 10.0.0.2. in 10.0.0.3 their must have been some sequrity upgrade that changed the encryption because twrp would no longer decrypt the data partition
Click to expand...
Click to collapse
The new TWRP-3.2.3-0918-XIAOMI8-CN-wzsx150 does decrypt 9.0 without issues. I use it, but still no way to have encrypted data with ROOT that i know of on Global ROM.
Is there any way to root/magisk global rom 10.0.3 ?, no need encrypted data.
Agimax said:
The new TWRP-3.2.3-0918-XIAOMI8-CN-wzsx150 does decrypt 9.0 without issues. I use it, but still no way to have encrypted data with ROOT that i know of on Global ROM.
Click to expand...
Click to collapse
Oh sweet ill have to check that out i hate not having encryption'
And yes you can run global with no encryption and root just flash no dm-crypt and wipe userdata, lots of guides