Twrp and encryption - Xiaomi Mi 8 Questions & Answers

Hello
Yesterday I unlock the bootloader to flash Xiaomi.eu Rom on a Chinese MI8 and I noticed that is not encrypted.
When I try to encrypt it, I get a brick. Seems that twrp-3.2.3.0.-dipper not support encryption partitions and I not able to see the sdcard partition and I had to flash in fastboot to revive the phone.
The second test was flashing the official chinese ROM since it’s encrypted from beginning with twrp-3.2.3.0 and recovery-TWRP-3.2.2-0711-XIAOMI8-CN-wzsx150. With the last, the phone hangs on boot, and with twrp-3.2.3.0 boots but the filesystem seems encrypted from TWRP.
I come from MI5s Plus and it ask me the encrypted password when it try to mount the filesystem.
anyone succeed the encryption?

Seaching for a solution as well. I had similar experience like you with global beta and global stable, bl unlocked, twrp.
I need magisk as well, so only solution for now is to run unencrypted, if I activate encryption I cannot boot anymore.

@grootooter , I can confirm you that the recovery TWRP 3.2.3-0918-XIAOMI8-CN can read the encrypted filesystem in the chinese rom.
It not boot only with "fastboot boot recovery.img", you need flashing it.
I don't know if you can use magisk with encryption because dm-verity.
That's the reason because I stay in the chinese ROM, that has native root.
Someone would have to try this TWRP with Xiaomi.EU, then encrypt the filesystem and post the results.

Related

Any way to flash TWRP without broke things with MIUI 8?

I've recently installed the MIUI 8 Development global edition which features Android N.
When I try to install TWRP, and mount the partitions, rebooting to the normal system, I'm stuck on the "mi" screen, it doesn't boot.
Is that an intended behaviour like a sort of storage protection? Now I'm back to Lineage. Did this happened also in the previous versions of MIUI? I can't remember honestly, I'm asking that because I can't explain this, I needed twrp to flash some zips for unlocking the download limitation for the miui rom and for rooting, and making twrp backups.
Someone can explain me that? I can't find proper details in this forum. There are not information for that.
(sorry for my english)
same problem with every global developer rom with android N
solution:
flash supersu in twrp and device boot normally
0ther said:
(sorry for my english)
same problem with every global developer rom with android N
solution:
flash supersu in twrp and device boot normally
Click to expand...
Click to collapse
sure? when it asks to mount system partition should I do that or not?
EDIT: I choosed "keep read only" and then flashed the supersu zip, it worked strangely.
Will it work also mounting the partitions?
You must flash zcx twrp(just search on afh). Official one will cause bootloop with miui.

TWRP telling me device is encrypted on clean install with no lock screen

While trying to go from a custom ROM to the official global stable, I'm having issues. I used Mi Flash to install the rom with no issue, but when I boot into TWRP with fastboot, it tells me the data is encrypted. I have no lock screen on and I can't decrypt it because default_password didn't work. I'm going to try to explain to the best of my ability exactly what I was trying and what I did to get here.
Starting point: Epic Rom
I used mi flash tool to install official Nougat Global Stable ROM.
I accidentally lock my bootloader doing this, but no big deal, I unlock it again with the tool xiaomi provides.
I guess the official ROM has it's own recovery, since it overwrote TWRP.
I reflash TWRP, and use fastboot to boot into it.
I wanted to install magisk, so I boot the phone, download it, and boot back into TWRP from the command line.
Here's where I notice the data is encrypted and I can't access internal storage to install magisk.
I start over and reflash the global rom and twrp, this time not setting a lock screen at all.
Still encrypted.
Wipe userdata and repeat.
Still encrypted.
I'm lost at this point. I can't even flash a custom ROM because I again can't get into my internal storage in TWRP to install it. Does anyone have any ideas? I'm a bit desperate at this point
After a little bit more searching, it seems it automatically encrypts if supersu isn't installed. Is there a way around this for magisk?
I recently had the same issue with the global stable rom, twrp wouldn't show anything in my internal storage. How I fixed it was miflashing the latest global stable developer rom instead an then twrp , an that did it..... I was able to see internal storage. For some reason the global stable doesn't allow you to see the storage. Hope that helps
kjm2323 said:
I recently had the same issue with the global stable rom, twrp wouldn't show anything in my internal storage. How I fixed it was miflashing the latest global stable developer rom instead an then twrp , an that did it..... I was able to see internal storage. For some reason the global stable doesn't allow you to see the storage. Hope that helps
Click to expand...
Click to collapse
Brilliant, this worked! My issue now is that, as far as I can tell, developer ROM isn't on MIUI9? That seems strange, but I guess I may go back to a custom ROM in this case.
master565 said:
Brilliant, this worked! My issue now is that, as far as I can tell, developer ROM isn't on MIUI9? That seems strange, but I guess I may go back to a custom ROM in this case.
Click to expand...
Click to collapse
I know I'm on the latest an it is miui8, which I'm fine with... The device runs great an has everything I need. Just a heads up I didn't shut the updater off an left my phone on wifi. When I woke up in the morning it auto updated to the newest rom an I lost twrp, SU, xposed.... Had to re-do all that. Everything worked but just a pain. You don't get that auto update running a custom rom.

issues with twrp (apparent file encryption)

Hi, im having a little bit of a problem here, i succesfully managed to unlock the bootloader of my chinese mi8, flashed and booted twrp, the issue is, my files seem to be encrypted, i can't copy anything to the device while on fastboot/recovery mode from the pc, tried booting to miui, allowing the transfer of files and booting to twrp again (for some reason i can't boot to twrp from the device itself, it has to be via fastboot with the command "fastboot boot ***") but all twrp shows me are folders with random characters, it seems to be some sort of auto-encryption, do you know how to solve it?
Miui auto encrypts the device, that is why your device is encrypted. You are unable to boot to twrp for two reasons: 1. Miui auto checks and rewrites over any custom recovery 2. Fastboot boot command does not install twrp, it only boots into it, from which u must install twrp again.
Upon booting into twrp, you need to FORMAT data, flash TWRP, flash this file https://zackptg5.com/android.php#disverfec (DM-verity and anti-encryption) this will prevent anti encryption when your freshly flashed ROM boots up.
Side note: DO NOT RELOCK YOUR BOOT LOADER IF YOUR MI 8 IS CHINA VARIANT AND YOU ARE INSRALLING GLOBAL ROM.
I HIGHLY SUGGEST YOU HEAD OVER ONTO THIS THREAD TO UNDERSTAND BETTER! https://forum.xda-developers.com/mi-8/development/rom-mi-8-miui-10-global-beta-8-8-7-t3826560/page7
achickennugget said:
Miui auto encrypts the device, that is why your device is encrypted. You are unable to boot to twrp for two reasons: 1. Miui auto checks and rewrites over any custom recovery 2. Fastboot boot command does not install twrp, it only boots into it, from which u must install twrp again.
Upon booting into twrp, you need to FORMAT data, flash TWRP, flash this file https://zackptg5.com/android.php#disverfec (DM-verity and anti-encryption) this will prevent anti encryption when your freshly flashed ROM boots up.
Side note: DO NOT RELOCK YOUR BOOT LOADER IF YOUR MI 8 IS CHINA VARIANT AND YOU ARE INSRALLING GLOBAL ROM.
I HIGHLY SUGGEST YOU HEAD OVER ONTO THIS THREAD TO UNDERSTAND BETTER! https://forum.xda-developers.com/mi-8/development/rom-mi-8-miui-10-global-beta-8-8-7-t3826560/page7
Click to expand...
Click to collapse
Ok, lets see if i got it right, just to be sure...
i boot to twrp
i format data in twrp (only data)
flash the twrp file from fastboot
flash the file for preventing encryption IN TWRP
flash my rom of choice
what i did was
1.flash global stable 9.5 via fastboot
2.Wait till it gets on
3.Restart the device
4.flash twrp via fastboot
5.install magisk 16.7 using twrp
6.install dm verity
7.format data
8.wait till it boots downgrade magisk to 16.0 via magisk manager

Xiaomi mi8 on lineage os bootloop after encryption

Have a xiaomi mi8 with lineage os on it (official build) and twpr. Did have encryption working before but had to wipe the phone and lost all is and encryption and can't remeber for the life of me what twrp version I used to get encryption working and what steps I took to get there. I try encrypt the phone now and it gets stuck on lineage boot logo. Switch it off after hours of being on the lineage logo and get to twrp and it does not ask for a password but says it can't Mount my partition when j try browse file or factory reset (has to be format option to start again)
Any ideas what twrp version I need and what steps in what order I need to take to get encryption back

[Guide] Enable encryption on a custom ROM which has it disabled by default

Hello everyone, this thread is a guide on how to enable encryption on ROMs that have it disabled.
ROMs that have encryption disabled, usually do it because TWRP is not fully working, or they want to make switching ROMs an easier task.
This zip was created for, and only tested on Official CrDroid on Oneplus 7 Pro (guacamole), developed by Gabriel Lup.
This patch might work for other ROMs, but support is NOT guaranteed.
Before we start, a disclaimer
I am not responsible for any data loss that occurs because steps were not followed correctly.
Speaking of data loss, you will NEED to backup your data before you start, because you will be completely formatting your device in the process.
Installation steps:​
Download the ROM and flash it in TWRP or fastboot
After ROM is finished installing, reboot to recovery, so that you use the slot you installed your ROM to. If you didn't flash TWRP after installing the ROM, then reboot to fastboot and boot TWRP.
After booting TWRP, and active slot having the ROM installed, flash the enable_encryption.zip
Now go to Wipe > Format data > Type yes.
Now reboot to system, and you will be encrypted. You can check by going into Settings > Security > Encryption and credentials, or you can boot TWRP and check for yourself, after setting a password of course.
Note: Flash Magisk, ONLY after your first boot, and after you have confirmed you're encrypted. Flashing most of the other stuff before first boot, like gapps, should be fine.
Upgrade steps:​Unfortunately, upgrading ROM via OTA is out of the question, so you will need to update via TWRP or fastboot.
Theoretically it can be done because the updated partition is not booted, and there are apps that can flash zip files while system is booted, but I won't be trying it soon, pure and simply because some users lose root after taking an OTA, because of Magisk's addon.d survival script, and without root, modifying partitions is impossible.
There are some workarounds for this problem as well but I won't get into that.
After downloading the zip file of your ROM, and enable_encryption.zip, boot to TWRP.
Flash the update for the ROM.
Reboot to TWRP, or go to fastboot and boot it again.
Flash enable_encryption.zip, magisk if you want it, and reboot system. [NOTE: if your ROM maintainer needs you to flash anything after an update, you can do that as well after flashing this zip.]
You should be fine, and prompted for a password.
Issues that might occur:​The first issue that everyone might point out is
What if I forget to flash the zip after an update, or if I take an OTA?
This is an easy fix, as long as you don't panic. If you boot the ROM without flashing the enable encryption zip, instead of "Enter your password", you will be greeted with "Encryption unsuccessful, to resume using your phone, you will need to factory reset" with a button that says "Erase all data".
DO NOT ERASE ALL DATA, THIS CAN BE EASILY FIXED.
Just go to TWRP, and flash the zip to enable encryption, then reboot, you should be able to enter your password and continue using your device.
Another one could be
What if TWRP currently doesn't support decryption?
Yeah, this happens quite a lot with guacamole and Android 11. Oneplus loves changing how encryption works whenever TWRP maintainer makes it work.
This doesn't matter that much, you can sideload both ROM and this zip, regardless of if TWRP can actually read your data or not.
And finally
Installation of the zip is failing, why?
Well, there are 3 reasons if it ever fails, first one you could solve by redownloading it, or transferring it to device/sideloading again.
The second one, could be that the ROM maintainer packaged the ROM with 100% reserved blocks in the vendor.img, thus disabling writes. I personally don't think this will ever happen on our device, but it could happen.
The third one could be solved by trying out another TWRP.
This zip uses the default encryption method that is used by stock ROM, and that is fileencryption=ice, just a thing to note when choosing to flash this.
Because of this, this zip will not work if a ROM used FBEV2, and then was disabled by the maintainer, this only enables the default FBE we have on our device.
I can't get encryption working with latest crDroid build (7.9 from August 7th). I'm getting ERROR 1 after flashing enable_encryption.zip.
I tried with both regular and FBEv2 TWRP from Nebrassy, same error. If I try to flash enable_encryption.zip a second time, it doesn't return any error but after formatting data and rebooting to system, the phone reboots to TWRP.
Any idea?
Toutatis_ said:
I can't get encryption working with latest crDroid build (7.9 from August 7th). I'm getting ERROR 1 after flashing enable_encryption.zip.
I tried with both regular and FBEv2 TWRP from Nebrassy, same error. If I try to flash enable_encryption.zip a second time, it doesn't return any error but after formatting data and rebooting to system, the phone reboots to TWRP.
Any idea?
Click to expand...
Click to collapse
Strange, try and get me a recovery log by copying /tmp/recovery.log to somewhere accessible after you encounter the error.
I get no problems flashing it. Try using Nebrassy's latest TWRP, I used that one.
Xenos7 said:
Strange, try and get me a recovery log by copying /tmp/recovery.log to somewhere accessible after you encounter the error.
I get no problems flashing it. Try using Nebrassy's latest TWRP, I used that one.
View attachment 5380447
Click to expand...
Click to collapse
Sorry, I ended up flashing another ROM as I don't want to be unencrypted. I might try again later and I'll make sure to get a log this time if still getting the error. Thank you!
Hello there,
I, too, have a problem with flashing CrDroid 7 with encryption. For context, I come from CrDroid 6, which I didn't want to leave unless we can encrypt CrDroid 7.
What I did :
-> MSM Tool in order to fully reset my phone and cleanly install OOS 10 and update to OOS 11 (only way actually, since I had a pesky error related to TWRP being unable to decrypt FBE, which made it kinda impossible to do anything)
-> Unlock bootloader
-> Boot into Nebrassys's TWRP and advance -> flash
-> Installed CrDroid 7.9 (from August 7th) on slot A
-> Switched Slot to Slot A and rebooted to recovery
-> Here, I didn't really got why, but I booted into stock recovery, so I ended up in fastboot to flash Nebrassy's TWRP and advance -> flash it again
From here, I really didn't get what happened or why.
-> Booted into TWRP to find that it can't access /data/media/TWRP/somethingElse
-> Thought that it wasn't normal since I was supposed to flash tyour zip at this point, but since I couldn't access Internal Storage neither from my phone or computer, I decided to format /data with imputing 'yes' in order to "reset" encryption keys and set it available for current TWRP.
-> Reboot to recovery to be able to use /data again
-> Ended up with a "E : Unable to decrypt FBE device", which really makes Internal Storage unavailable. From here, I just had to MSM Tool back too OOS 11 like in first step in order to get a usable phone once again.
I don't really get what I did wrong, so if you have any input, I'm willing to learn :/ Thanks in advance !
Aurion13 said:
Hello there,
I, too, have a problem with flashing CrDroid 7 with encryption. For context, I come from CrDroid 6, which I didn't want to leave unless we can encrypt CrDroid 7.
What I did :
-> MSM Tool in order to fully reset my phone and cleanly install OOS 10 and update to OOS 11 (only way actually, since I had a pesky error related to TWRP being unable to decrypt FBE, which made it kinda impossible to do anything)
-> Unlock bootloader
-> Boot into Nebrassys's TWRP and advance -> flash
-> Installed CrDroid 7.9 (from August 7th) on slot A
-> Switched Slot to Slot A and rebooted to recovery
-> Here, I didn't really got why, but I booted into stock recovery, so I ended up in fastboot to flash Nebrassy's TWRP and advance -> flash it again
Click to expand...
Click to collapse
You booted back into stock recovery because when you flash crDroid, it flashes stock lineage recovery.
Aurion13 said:
From here, I really didn't get what happened or why.
-> Booted into TWRP to find that it can't access /data/media/TWRP/somethingElse
-> Thought that it wasn't normal since I was supposed to flash tyour zip at this point, but since I couldn't access Internal Storage neither from my phone or computer, I decided to format /data with imputing 'yes' in order to "reset" encryption keys and set it available for current TWRP.
-> Reboot to recovery to be able to use /data again
-> Ended up with a "E : Unable to decrypt FBE device", which really makes Internal Storage unavailable. From here, I just had to MSM Tool back too OOS 11 like in first step in order to get a usable phone once again.
I don't really get what I did wrong, so if you have any input, I'm willing to learn :/ Thanks in advance !
Click to expand...
Click to collapse
You should consider trying to sideload the enable encryption zip rather than relying on internal storage. After you side load you need to factory reset and then boot to system.
Another thing you can try is to boot crDroid unencrypted, and then reboot to recovery, flash enable encryption zip, then factory reset and reboot to system.
Thanks for your reply !
gruntparty said:
You booted back into stock recovery because when you flash crDroid, it flashes stock lineage recovery.
Click to expand...
Click to collapse
Yeaaaaaaah, it was obvious, but I missed this so hard. I totally forgot that you had to flash back TWRP when you first flash it. Thanks !
gruntparty said:
You should consider trying to sideload the enable encryption zip rather than relying on internal storage. After you side load you need to factory reset and then boot to system.
Another thing you can try is to boot crDroid unencrypted, and then reboot to recovery, flash enable encryption zip, then factory reset and reboot to system.
Click to expand...
Click to collapse
I'm not used to use sideloading, so I tried on your advice. I didn't managed to make the installation work sadly, I don't really know why, and tbh, I can't really lose time on evenings anymore. I'll try again this week-end. I'll update at this moment if I succed (or not) and with a recovery.log. But when I installed CrDroid with sideload, TWRP kept telling me that no OS was installed, with or whitout changing slot. I still didn't managed to patch the enable_encryption.zip, I got a "error: 1" which don't really talks a lot to me. So... More to come soon I guess.
Anyway, thanks for the help, and thanks for providing the zip too, it was just what I needed to hop on CrDroid 7.
Hello again,
Little update : I did it
I guess being tired didn't really served me well, and I surely did some strange things when flashing the rom since I managed to do it just a few minutes ago.
Regarding the enable_encryption.zip, I also encountered the "Updater process ended with ERROR: 1". I went to check the logs and there was this :
Code:
file size 2093, block size 65536
Installing zip file '/sideload/package.zip'
unknown fuse request opcode 2016
I:Update binary zip
Verifying package compatibility...
Package doesn't contain compatibility.zip entry
I:Extracting updater binary 'META-INF/com/google/android/update-binary'
I:Zip does not contain SELinux file_contexts file in its root.
mount: '/vendor' not in fstab
sed: /vendor/etc/fstab.qcom: No such file or directory
umount: /vendor: Invalid argument
Updater process ended with ERROR: 1
I thought the "mount: '/vendor' not in fstab" strange, so I tried to mount Vendor partition, reflashed the zip, and it worked. I just checked in settings and it says I'm encrypted, I rebooted in TWRP and it asked me for my password.
I think that this would need to be added in first post @Xenos7 and it will also probably fix the issue of @Toutatis_
Again, thanks a lot for proving the zip and for the support guys !
i installed latest update of CrDroid and followed the instruction of upgrading steps but the phone has gone to bootloop. Any solution for this?
Xenos7 said:
Hello everyone, this thread is a guide on how to enable encryption on ROMs that have it disabled.
ROMs that have encryption disabled, usually do it because TWRP is not fully working, or they want to make switching ROMs an easier task.
This zip was created for, and only tested on Official CrDroid on Oneplus 7 Pro (guacamole), developed by Gabriel Lup.
This patch might work for other ROMs, but support is NOT guaranteed.
Before we start, a disclaimer
I am not responsible for any data loss that occurs because steps were not followed correctly.
Speaking of data loss, you will NEED to backup your data before you start, because you will be completely formatting your device in the process.
Installation steps:​
Download the ROM and flash it in TWRP or fastboot
After ROM is finished installing, reboot to recovery, so that you use the slot you installed your ROM to. If you didn't flash TWRP after installing the ROM, then reboot to fastboot and boot TWRP.
After booting TWRP, and active slot having the ROM installed, flash the enable_encryption.zip
Now go to Wipe > Format data > Type yes.
Now reboot to system, and you will be encrypted. You can check by going into Settings > Security > Encryption and credentials, or you can boot TWRP and check for yourself, after setting a password of course.
Note: Flash Magisk, ONLY after your first boot, and after you have confirmed you're encrypted. Flashing most of the other stuff before first boot, like gapps, should be fine.
Upgrade steps:​Unfortunately, upgrading ROM via OTA is out of the question, so you will need to update via TWRP or fastboot.
Theoretically it can be done because the updated partition is not booted, and there are apps that can flash zip files while system is booted, but I won't be trying it soon, pure and simply because some users lose root after taking an OTA, because of Magisk's addon.d survival script, and without root, modifying partitions is impossible.
There are some workarounds for this problem as well but I won't get into that.
After downloading the zip file of your ROM, and enable_encryption.zip, boot to TWRP.
Flash the update for the ROM.
Reboot to TWRP, or go to fastboot and boot it again.
Flash enable_encryption.zip, magisk if you want it, and reboot system. [NOTE: if your ROM maintainer needs you to flash anything after an update, you can do that as well after flashing this zip.]
You should be fine, and prompted for a password.
Issues that might occur:​The first issue that everyone might point out is
What if I forget to flash the zip after an update, or if I take an OTA?
This is an easy fix, as long as you don't panic. If you boot the ROM without flashing the enable encryption zip, instead of "Enter your password", you will be greeted with "Encryption unsuccessful, to resume using your phone, you will need to factory reset" with a button that says "Erase all data".
DO NOT ERASE ALL DATA, THIS CAN BE EASILY FIXED.
Just go to TWRP, and flash the zip to enable encryption, then reboot, you should be able to enter your password and continue using your device.
Another one could be
What if TWRP currently doesn't support decryption?
Yeah, this happens quite a lot with guacamole and Android 11. Oneplus loves changing how encryption works whenever TWRP maintainer makes it work.
This doesn't matter that much, you can sideload both ROM and this zip, regardless of if TWRP can actually read your data or not.
And finally
Installation of the zip is failing, why?
Well, there are 3 reasons if it ever fails, first one you could solve by redownloading it, or transferring it to device/sideloading again.
The second one, could be that the ROM maintainer packaged the ROM with 100% reserved blocks in the vendor.img, thus disabling writes. I personally don't think this will ever happen on our device, but it could happen.
The third one could be solved by trying out another TWRP.
This zip uses the default encryption method that is used by stock ROM, and that is fileencryption=ice, just a thing to note when choosing to flash this.
Because of this, this zip will not work if a ROM used FBEV2, and then was disabled by the maintainer, this only enables the default FBE we have on our device.
Click to expand...
Click to collapse
Hi! Done. Followed all steps and crdroid is now encrypted. But! Very strange behavior which I tested several times. After having OS encrypted I decided to go again to recovery, now from crdroid power/restart menu. But recovery didn't load. Instead, I had a recovery (TWRP Nebrassy) logo flicking. I hard-switched to fastboot, then fastboot boot twrp.img, and entered TWRP menu (temporary TWRP). In there I was trying to flash TWRP on permanent basis again but it failed with an error about mounting data. Format data didn't help. So, I stayed on temporary TWRP and after reboot to System, surprisingly successfully entered my crdroid. The same happens (checked) if I would reboot to Recovery - instead of Recovery I would enter crdroid. The only explanation I see is that encryption (done with this zip) blocks permanently installed TWRP from starting. In case of temporary TWRP it's just being disappeared after reboot and I can enter the system whatever option I choose in temporary TWRP: system or recovery. It would be OK but the sad thing I need the both encryption and recovery. Any ideas?
P.S. I tried also Orangefox recovery - the same story : logo flicking after the try to restart from encrypted crdroid to recovery.
Yagikable said:
Hi! Done. Followed all steps and crdroid is now encrypted. But! Very strange behavior which I tested several times. After having OS encrypted I decided to go again to recovery, now from crdroid power/restart menu. But recovery didn't load. Instead, I had a recovery (TWRP Nebrassy) logo flicking. I hard-switched to fastboot, then fastboot boot twrp.img, and entered TWRP menu (temporary TWRP). In there I was trying to flash TWRP on permanent basis again but it failed with an error about mounting data. Format data didn't help. So, I stayed on temporary TWRP and after reboot to System, surprisingly successfully entered my crdroid. The same happens (checked) if I would reboot to Recovery - instead of Recovery I would enter crdroid. The only explanation I see is that encryption (done with this zip) blocks permanently installed TWRP from starting. In case of temporary TWRP it's just being disappeared after reboot and I can enter the system whatever option I choose in temporary TWRP: system or recovery. It would be OK but the sad thing I need the both encryption and recovery. Any ideas?
P.S. I tried also Orangefox recovery - the same story : logo flicking after the try to restart from encrypted crdroid to recovery.
Click to expand...
Click to collapse
Forgot to add: Format data failed with "couldn't format encrypted data"
Yagikable said:
Hi! Done. Followed all steps and crdroid is now encrypted. But! Very strange behavior which I tested several times. After having OS encrypted I decided to go again to recovery, now from crdroid power/restart menu. But recovery didn't load. Instead, I had a recovery (TWRP Nebrassy) logo flicking. I hard-switched to fastboot, then fastboot boot twrp.img, and entered TWRP menu (temporary TWRP). In there I was trying to flash TWRP on permanent basis again but it failed with an error about mounting data. Format data didn't help. So, I stayed on temporary TWRP and after reboot to System, surprisingly successfully entered my crdroid. The same happens (checked) if I would reboot to Recovery - instead of Recovery I would enter crdroid. The only explanation I see is that encryption (done with this zip) blocks permanently installed TWRP from starting. In case of temporary TWRP it's just being disappeared after reboot and I can enter the system whatever option I choose in temporary TWRP: system or recovery. It would be OK but the sad thing I need the both encryption and recovery. Any ideas?
P.S. I tried also Orangefox recovery - the same story : logo flicking after the try to restart from encrypted crdroid to recovery.
Click to expand...
Click to collapse
I never install TWRP, so I can't really say about that, but I'm sure the zip shouldn't impact the recovery installing/booting.
Try downloading the latest version of Nebraccy TWRP, the August one. That one should work if OnePlus didn't change something with encryption again.
This zip doesn't even touch the boot partition, it only edits 2 lines in vendor partition, which would never make TWRP unable to install.
However, last time I tried, in June and decrypted, TWRP wouldn't install at all anyways.
Xenos7 said:
I never install TWRP, so I can't really say about that, but I'm sure the zip shouldn't impact the recovery installing/booting.
Try downloading the latest version of Nebraccy TWRP, the August one. That one should work if OnePlus didn't change something with encryption again.
This zip doesn't even touch the boot partition, it only edits 2 lines in vendor partition, which would never make TWRP unable to install.
However, last time I tried, in June and decrypted, TWRP wouldn't install at all anyways.
Click to expand...
Click to collapse
Thanks. When next update for crdroid comes, I'll try again from the scratch. Meanwhile, the issue was magically solved. I was sick and tired with this flicking recovery and decided to flash lineage recovery from the command line. It was a surprise when instead of seeing lineage after reboot I saw my Nebrassy TWRP fully loaded and never flicking since then. Crdroid has also successfully run encrypted. I have no explanation for that. Maybe it has something to do with a/b slots but I'm sure I've been choosing the right slots all the time.
Use this to enable FBEv2 instead of sdcardfs. Use the instructions from the OP.
Mount vendor in TWRP before flashing. Also, flash an FBEv2 kernel.
EDIT: Don't complain to the dev or me if your data is gone or your device blows up.
darkflicker said:
Use this to enable FBEv2 instead of sdcardfs. Use the instructions from the OP.
Mount vendor in TWRP before flashing. Also, flash an FBEv2 kernel.
Click to expand...
Click to collapse
Why would you purposely try to break stuff?
Technically, that IS possible, but, just, why?
You receive no visible benefits, and you could lose all your data once major Android version is updated...
Not to mention users will complain to dev when random bugs happen because they use some out of the nowhere kernel.
As for sdcardfs or fuse?
I can bet that people CAN'T know the difference between them, looking at the fact everyone asks if the ROM is sdcardfs or not.
Fact is, using this method on a ROM that's supposed to use regular FBE, is possible, but NOT recommended.
Putting all your data on the line because of theoretical performance bumps is a plainly stupid idea if you ask me.
Either use a FBEV2 ROM, or don't, although people make a big fuss about it being sdcardfs or not, FBEV2 or not.
Those things should NEVER be a deciding factor, because every non developer user, really can't tell the difference.
Xenos7 said:
Why would you purposely try to break stuff?
Technically, that IS possible, but, just, why?
You receive no visible benefits, and you could lose all your data once major Android version is updated...
Not to mention users will complain to dev when random bugs happen because they use some out of the nowhere kernel.
As for sdcardfs or fuse?
I can bet that people CAN'T know the difference between them, looking at the fact everyone asks if the ROM is sdcardfs or not.
Fact is, using this method on a ROM that's supposed to use regular FBE, is possible, but NOT recommended.
Putting all your data on the line because of theoretical performance bumps is a plainly stupid idea if you ask me.
Either use a FBEV2 ROM, or don't, although people make a big fuss about it being sdcardfs or not, FBEV2 or not.
Those things should NEVER be a deciding factor, because every non developer user, really can't tell the difference.
Click to expand...
Click to collapse
You are also forcefully trying to enable encryption on a decrypted and unsupported ROM. The chances of breakage are similar for both. I am just providing the users a choice. If anything breaks, nobody is responsible but them.
darkflicker said:
You are also forcefully trying to enable encryption on a decrypted and unsupported ROM. The chances of breakage are similar for both. I am just providing the users a choice. If anything breaks, nobody is responsible but them.
Click to expand...
Click to collapse
The ROM fully supports encryption on it's kernel, dev is just not using it to keep TWRP support, this was before A11 TWRP got released. I'm assuming he doesn't want users to clean flash just because of encryption.
This zip just reverts the commit made to fstab to disable encryption, and you're still using the kernel developer intended.
But sure, if someone breaks their device, it's their own fault.
Fellas yall going backwards with all this. Encryption is the devil.
Updated the zip to include checks to unmount vendor if someone mounted it manually, so that it shouldn't get errors for that now.
The zip can be found in OP.
Xenos7 said:
Hello everyone, this thread is a guide on how to enable encryption on ROMs that have it disabled.
ROMs that have encryption disabled, usually do it because TWRP is not fully working, or they want to make switching ROMs an easier task.
This zip was created for, and only tested on Official CrDroid on Oneplus 7 Pro (guacamole), developed by Gabriel Lup.
This patch might work for other ROMs, but support is NOT guaranteed.
Before we start, a disclaimer
I am not responsible for any data loss that occurs because steps were not followed correctly.
Speaking of data loss, you will NEED to backup your data before you start, because you will be completely formatting your device in the process.
Installation steps:​
Download the ROM and flash it in TWRP or fastboot
After ROM is finished installing, reboot to recovery, so that you use the slot you installed your ROM to. If you didn't flash TWRP after installing the ROM, then reboot to fastboot and boot TWRP.
After booting TWRP, and active slot having the ROM installed, flash the enable_encryption.zip
Now go to Wipe > Format data > Type yes.
Now reboot to system, and you will be encrypted. You can check by going into Settings > Security > Encryption and credentials, or you can boot TWRP and check for yourself, after setting a password of course.
Note: Flash Magisk, ONLY after your first boot, and after you have confirmed you're encrypted. Flashing most of the other stuff before first boot, like gapps, should be fine.
Upgrade steps:​Unfortunately, upgrading ROM via OTA is out of the question, so you will need to update via TWRP or fastboot.
Theoretically it can be done because the updated partition is not booted, and there are apps that can flash zip files while system is booted, but I won't be trying it soon, pure and simply because some users lose root after taking an OTA, because of Magisk's addon.d survival script, and without root, modifying partitions is impossible.
There are some workarounds for this problem as well but I won't get into that.
After downloading the zip file of your ROM, and enable_encryption.zip, boot to TWRP.
Flash the update for the ROM.
Reboot to TWRP, or go to fastboot and boot it again.
Flash enable_encryption.zip, magisk if you want it, and reboot system. [NOTE: if your ROM maintainer needs you to flash anything after an update, you can do that as well after flashing this zip.]
You should be fine, and prompted for a password.
Issues that might occur:​The first issue that everyone might point out is
What if I forget to flash the zip after an update, or if I take an OTA?
This is an easy fix, as long as you don't panic. If you boot the ROM without flashing the enable encryption zip, instead of "Enter your password", you will be greeted with "Encryption unsuccessful, to resume using your phone, you will need to factory reset" with a button that says "Erase all data".
DO NOT ERASE ALL DATA, THIS CAN BE EASILY FIXED.
Just go to TWRP, and flash the zip to enable encryption, then reboot, you should be able to enter your password and continue using your device.
Another one could be
What if TWRP currently doesn't support decryption?
Yeah, this happens quite a lot with guacamole and Android 11. Oneplus loves changing how encryption works whenever TWRP maintainer makes it work.
This doesn't matter that much, you can sideload both ROM and this zip, regardless of if TWRP can actually read your data or not.
And finally
Installation of the zip is failing, why?
Well, there are 3 reasons if it ever fails, first one you could solve by redownloading it, or transferring it to device/sideloading again.
The second one, could be that the ROM maintainer packaged the ROM with 100% reserved blocks in the vendor.img, thus disabling writes. I personally don't think this will ever happen on our device, but it could happen.
The third one could be solved by trying out another TWRP.
This zip uses the default encryption method that is used by stock ROM, and that is fileencryption=ice, just a thing to note when choosing to flash this.
Because of this, this zip will not work if a ROM used FBEV2, and then was disabled by the maintainer, this only enables the default FBE we have on our device.
Click to expand...
Click to collapse
Is this enable_encryption.zip only works for oneplus 7 pro ?? If so then can you please provide the file that works for Mi A2.

Categories

Resources