Hello, people!
For S9/S9+ there was a patch, that disables dm-verity and changes data partition to encryptable status, so you have both TWRP in RW mode and ability to successfully encrypt device. I cant find same patch for N9, there are only all-in-one packs with dm-verity/knox trim/encryptable/magisk - but encryption ends with data corruption after them because of magisk or some other changes. Maybe somebody have old-style separate patch for dm-verity/encryptable that dont brake ability to encrypt device? Root not needed, just TWRP in RW and device encryption.
Related
Hi recently i bought the huawei pro 9 i found that a certain twrp works but.. After i change the build. Prop in the system readonly the selinux reverse the files removing all the changes made to the system
I would ask to know if there is a way to save permanent changea (disabling the selinux to permissive won't help because after restart it will change back to enforce with appertnly the init file which load enforcing the selinux and protected by the context image which reverse all the changes.. + there is a process that wont let me flash zips causing the system to reboot after trying to flash with twrp i think it might be watchdog.. Is there any expert who can help me out how to disable this watchdog process and make the changes to the system partition permanent?
Thanks
Nogut 7.0 huawei 9 pro
Since update to Pie, it become much more difficult to mod firmware keeping it close to stock as possible. For Android 8.0 it was easy to keep TWRP + Unrooted state + Full Disk Encryption with only DM-verity disabled and Encryptable fstab option. You had an option to encrypt device and then root it with Magisk without breaking /Data. But now, trying to follow same path on Android 9.0 I encounter strange problems: after disabling DM-Verity lockscreen mechanism brakes - I am unable to set PIN/Password, it breaks everything resulting reflashing firmware. If I root device right after DM-verity disabling and fstab changes to optional encryption - PIN/Password works good, but I cant encrypt device because rooted device cannot be encrypted. Maybe somebody have thoughts about how to encrypt/password protect rooted or modified Note9 running Android 9.0? I cant downgrade to 8.0 since it shipped with new version of boot.
Maybe there is the way to enable File Based Encryption?
Narkozzz said:
Since update to Pie, it become much more difficult to mod firmware keeping it close to stock as possible. For Android 8.0 it was easy to keep TWRP + Unrooted state + Full Disk Encryption with only DM-verity disabled and Encryptable fstab option. You had an option to encrypt device and then root it with Magisk without breaking /Data. But now, trying to follow same path on Android 9.0 I encounter strange problems: after disabling DM-Verity lockscreen mechanism brakes - I am unable to set PIN/Password, it breaks everything resulting reflashing firmware. If I root device right after DM-verity disabling and fstab changes to optional encryption - PIN/Password works good, but I cant encrypt device because rooted device cannot be encrypted. Maybe somebody have thoughts about how to encrypt/password protect rooted or modified Note9 running Android 9.0? I cant downgrade to 8.0 since it shipped with new version of boot.
Maybe there is the way to enable File Based Encryption?
Click to expand...
Click to collapse
there is a rom in dev section called dev base from alxandr that allows you to do this. just read OP and maybe a few of the posts. might be good to search that thread for "encryptio"n to see if there arent a any caveats. plus since rom is updated regularly and updating while keeping encryption enabled and not loosing data and rerootting/twrp is something that probably manualy doing each time there is a new firmware must be quite a task. flashing the rom zip with the proper switches added to the rom.zip name is easy and fast.(plus its a stock rom). all in all it should make your life easier.
Hi guys
I ask for something that I didn't understand so well, but now every time I change roms do I have to flash the DM verity zip? Because the last time I tried the lineage 17 the system was not able to boot I think because of this dm-verity zip that I didn't flash and the internal archive encryption.
However, my internal archive is not encrypted because the first time I installed xiaomi.eu I made Format data and typed Yes and then I also made all the wipes and installed the ROM in this way I removed the encryption from the archive interior right?
But do I still need to flash the DM verity zip every time I switch Rom?
For example, now I want to try havoc 3.0.
I have a xiaomi mi 8 with the latest wikley from xiaomi.eu 9.10.24
Up!
Inviato dal mio MI 8 utilizzando Tapatalk
Since your Filesystem is not encrypted, you have to do that.
The War Profiteer said:
Since your Filesystem is not encrypted, you have to do that.
Click to expand...
Click to collapse
But do I have to flash the DM verity zip every time I update my Rom? (when I update my rom I don't do a clean install I only do Wipe Cache and Devilk)
Or should I flash it only when I change ROM then after a clean installation?
(When I change ROM I make wipe data and system)
andrea0807 said:
But do I have to flash the DM verity zip every time I update my Rom? (when I update my rom I don't do a clean install I only do Wipe Cache and Devilk)
Or should I flash it only when I change ROM then after a clean installation?
(When I change ROM I make wipe data and system)
Click to expand...
Click to collapse
Probably yes.
I'm just going to say this again, DM-Verity stands for "D"-Device "M"-Mapper verity (verification). This protection looks at hashes for the mounted partitions and kernel to make sure they have not been modified. If the hashes don't match, the boot chain fails to load. Once again, this really doesn't have to do with Encryption. Encryption was sometimes included in the DM-Verity ZIP files also called FEC remover (Forced Encryption Remover). Even though the are a lot of times included in the 'DM-Verity" remover zip files, they are separate things! If you modify the stock MIUI partitions at all, it needs to have the DM-Verity removed -but doesn't have to have the FEC (encryption) removed. These forums are full of everyone saying flash the DM-Verity to remove encryption, which is only correct in a sense because most of the ZIP files floating around does in-fact remove the FEC (forced encryption) at the same time. If i am running modified stock, i want to keep encryption and just remove the verity bit that fails.
Info on DM-Verity:
https://source.android.com/security/verifiedboot/dm-verity
./
Agimax said:
I'm just going to say this again, DM-Verity stands for "D"-Device "M"-Mapper verity (verification). This protection looks at hashes for the mounted partitions and kernel to make sure they have not been modified. If the hashes don't match, the boot chain fails to load. Once again, this really doesn't have to do with Encryption. Encryption was sometimes included in the DM-Verity ZIP files also called FEC remover (Forced Encryption Remover). Even though the are a lot of times included in the 'DM-Verity" remover zip files, they are separate things! If you modify the stock MIUI partitions at all, it needs to have the DM-Verity removed -but doesn't have to have the FEC (encryption) removed. These forums are full of everyone saying flash the DM-Verity to remove encryption, which is only correct in a sense because most of the ZIP files floating around does in-fact remove the FEC (forced encryption) at the same time. If i am running modified stock, i want to keep encryption and just remove the verity bit that fails.
Info on DM-Verity:
https://source.android.com/security/verifiedboot/dm-verity
./
Click to expand...
Click to collapse
Thanks for clearing that up, there is a lot of conflicting information out there and it's difficult finding information that is currently valid and applicable to our phones.
Edit :
I should add that I never flash dm-verity and that I do not have issues. However, I also do not change the boot, except for Magisk.
Is there any TWRP for P9 EMUI8 which supports Encryption and Decryption ?
md sabuj said:
Is there any TWRP for P9 EMUI8 which supports Encryption and Decryption ?
Click to expand...
Click to collapse
There is no TWRP properly supporting Chinese Oreo encryption on P9 in a way that:
- you don't need to format Data and make changes to Vendor partition
- you just need to enter your Android unlock pin/pass whenever you boot to TWRP
- with that that TWRP can properly read/write to Data and Internal memory
However, there is a Chinese TWRP (language can be switched to English) that you can for one time remove encryption from Data (it is not enough to format Data but it must be also edited an fstab file on Vendor partition)
After that encryption is removed and you can fully use TWRP for e.g. Nandroid backups, installations from Internal memory, installations to Data partition, editing on Data partition (in case of e.g. bootloops with Magic modules), etc.
Also, once encryption was removed you can switch back to your preferred TWRP from that Chinese TWRP (that TWRP has some other issues)
It was long ago couple of us experimented with, you can start from the following post and follow the links (but always compare the dates, newer posts from the same pearson mean they were written with more experience and understanding of the matter):
https://forum.xda-developers.com/showpost.php?p=80029346&postcount=1843
Good thing is that (once you don't want it anymore), stock Oreo can be fully reinstalled and encryption reinstated. E.g., eventually I did it on two my P9s (almost a year ago), but I was no more updating the posts about
Of course, once Data is decrypted, it can be also used for TWRP when working with GSI/AOSP ROMs (not only with stock Oreo)
Here are the details of my issue,
When trying to encrypt through "Settings > Biometrics & Security > Encrypt device"
It shows an "encrypting" screen
Keeps working on encryption for 1-2 minutes
then Reboots
When I check status, it's not encrypted
Please help.
Also, other than the encryption issue, phone is functioning normally.
Note 8 Model: SM-N950F/DS
Android Ver: 9
Build: PPR1.180610.011.N950FXXUFDUE4
Kernel: 4.4.111-21737876
Knox Ver: Knox 3.2.1, API level: 27, TIMA 3.3.0
Rooting method: (Magisk, Twrp, Force encrypt disabler, KG/RMM lock remover)
twrp: twrp-3.5.2_9-0-greatlte.img
I attached the files used during rooting process.
As a reference, I am also adding the rooting process I followed.
----------------------------------------------------------------
Enable OEM unlocking from dev menu
Shutdown
Reboot into bootloader mode (hold Bixby + VolDown, then Power, all concurrently)
When bootloader appears, press Vol up to enable flashing mode
Run Odin, and connect phone, wait until connected com port is displayed
On Odin, select twrp image in “AP” field
On Odin, from options, unselect “Auto Reboot”
Start flashing. Wait until flash is “Passed”
Disconnect phone and close odin.
Reboot the phone into recovery mode (Warning: Failure to do so may trigger KG/RMM lock, which will lock down the phone for 7 days. It’s a safeguard against phone theft)
Shutdown from flashing mode (hold Bixby + VolDown, then Power, all concurrently)
As soon as the screen goes dark, release VolDown, while still holding Bixby and Power button, and at this moment, pres VolUp.
This should boot phone into TWRP recovery mode
Format /data partition (Format > Format Data)
Reboot > Recovery
Once recovery is complete, connect phone to computer
From Mount, ensure that MTP is enabled, and data partition is mounted
Data partition should be available on computer
In data partition, add
KG/RMM lock remover
Magisk
Force encrypt disabler
From TWRP, flash files in provided order
Phone is rooted
----------------------------------------------------------------
jeredralph said:
Here are the details of my issue,
When trying to encrypt through "Settings > Biometrics & Security > Encrypt device"
It shows an "encrypting" screen
Keeps working on encryption for 1-2 minutes
then Reboots
When I check status, it's not encrypted
Click to expand...
Click to collapse
I think the DM-Verity zip that you flashed has got something to do with re-encrypting your device. The zip is supposed to prevent re-encryption every time you boot your device.
Also TWRP won't work properly if you device is encrypted.
If you really want a rooted device with encryption then use the patch method with magisk.
Finally got it working! Required some brute force and two days of my time.
Thanks @spawnlives for the hint about DM-Verity zip. But, only removing the zip was not enough.
Here's how things worked out so far.
Trial series 1
Flash stock sim inserted (BL > AP > CP > CSC)
Flash TWRP
Format /data
Flash zips (KG/RMM lock remover, Magisk)
Boot system
Issue: Encryption doesn't work. Same as before (system works on encryption for a bit, reboots, not encrypted)
Additional issue: Region code got corrupted (got //BRI, instead of my region code XXV/XXV/BRI). Samsung refused to check for update due to invalid code (don't remember the specifics).
Magisk status (preserve DM Verity: off, preserve Force Encrypt: on)
Trial series 2
Flash stock with sim inserted (BL > AP > CP > CSC)
Boot system
1 issue fixed: region code is now valid
Flash TWRP
Flash zips from microsd (KG/RMM lock remover, Magisk)
Format /data and /preload
Boot system
Initialize (greetings > connect wifi > choose security scheme (pattern), choose secure startup)
Magisk status (preserve DM Verity: off, preserve Force Encrypt: on)
Notes
I noticed something strange. The Encrypt device option is now gone, and instead there is Secure startup, while I am not sure about the specific differences between these two options, the device appears to be encrypted on boot. Cause, it's asking for pattern on every startup (before activating cellular and other core features). Also, TWRP can not decrypt /data partition anymore.
Trial series 2 resolved my issue of having a rooted Android while still having the /data partition encrypted.
I guess, at least now my data is secured against device theft or loss, considering, thief has to erase the /data partition to use the device again. Please correct me if I am wrong.
Issues yet to resolve
On my OnePlus 3t, TWRP has a cool feature enabled, that can decrypt /data partition using pattern. I am not sure why TWRP on Note 8 doesn't prompt pattern for decrypting /data partition.
I encountered an error, "unable to find crypto footer". Could it be the reason? How could it be mitigated?
Data partition is encrypted. I can flash zip from microsd. But, didn't yet have the chance to check whether flashing another zip will trigger integrity violation during secure startup check (the step where I enter secure startup pattern).
Please help me with these issues.