Database Develop

[Q] Encryption / Decryption clarification request

I'm just curious about the whole encryption / decryption thing. If I have not decrypted my phone, am I able to flash a 'decrypted' ROM? What would happen? I'm running Temasek's 5.0.2 right now which does not 'force encryption' but I'm assuming that's for people who have already taken the steps to decrypt their phone so it doesn't re-encrypt their phone automatically.
Thanks in advance!
*I apologize if this is a dumb question, but I was unable to Google this without getting a lot of unrelated information.

A decrypted ROM is the same as a ROM that doesn't force encryption. Actually it's not he ROM, its the kernel. You can still manually encrypt if the kernel doesn't force encrypt so it should work if your data is encrypted.

Mi8 force encryption with EU roms

HI guys! I have noticed that Xiaomi.eu ROMs dont have device encryption enabled by default. There is also no way to manually encrypt the phone as it would crash. While searching for the solutions I have found some solutions such as modification of "fstab.qcom" by changing "encryptable=ice" to "fileencryption=ice" but those do not work on MI8. I have found also a .zip file which would do the modification but also no success.
Any suggestions how encryption could be enabled on EU roms? With newest TWRP which does support it our unlocked devices could be much more secured.

you need to format userdata to remove encryption then flash zip remove encryption to work

richardyusan said:
you need to format userdata to remove encryption then flash zip remove encryption to work
Click to expand...
Click to collapse
By flash zip remove encryption do you mean dm verity zip?

landryna said:
By flash zip remove encryption do you mean dm verity zip?
Click to expand...
Click to collapse
I think he means you need to format userdata not wipe it, so that encryption is removed. After that you can flash the zip with the rom and it will work. That is at least how I had to do it to get EU roms to work. There is currently no way to have encrypted device with EU roms.

Superbia said:
I think he means you need to format userdata not wipe it, so that encryption is removed. After that you can flash the zip with the rom and it will work. That is at least how I had to do it to get EU roms to work. There is currently no way to have encrypted device with EU roms.
Click to expand...
Click to collapse
Well this is not the solution then - the pupose of this thread is to check how to have BOTH:
- Xiaomi.EU rom installed
- Encryption switched on and working on the device
Apparently as per your comment it is not possible. The only question is: why to install Eu rom and leave device completely unsecured to anybody who can google: 'remove twrp lock code' and why it does not concern people here..

have you tried with this guide?
https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
if you try, let us know the results

gulp79 said:
have you tried with this guide?
https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
if you try, let us know the results
Click to expand...
Click to collapse
Hi. Of course I have checked this in first instance. Partition is not encrypted so it doesn't work unfortunately.

landryna said:
Hi. Of course I have checked this in first instance. Partition is not encrypted so it doesn't work unfortunately.
Click to expand...
Click to collapse
HELLO
are you still digging on the subject?

Anyway to enable encryption with miui.eu rom?

Anyway to enable encryption with miui.eu rom?
i tried this method https://xiaomi.eu/community/threads/howto-encryption-on-a-mi-6-with-xiaomi-eu-roms.43286/
But it just gets stuck on boot screen

from here... https://forum.xda-developers.com/mi...-encrytion-t3846726/post77721399#post77721399
t0mas_ said:
hi!
you need to edit ventor/etc/fstab.com
in the file there is "encryptable=ice", you need to change that to "fileencryption=ice"
but you need to format data after that, i dont think it will work if you dont
Click to expand...
Click to collapse
but still untested by myself....

why u need encryption while unlocked, twrp installed?

thanhnvt194 said:
why u need encryption while unlocked, twrp installed?
Click to expand...
Click to collapse
because when encrypted, you can't access data from twrp without a password. all a person without password do is wipe the phone. which is possible even when locked.

t0mas_ said:
because when encrypted, you can't access data from twrp without a password. all a person without password do is wipe the phone. which is possible even when locked.
Click to expand...
Click to collapse
I am waiting for a new update to do the same. You must change a root file, and format the data. Everything will work normal!

gugugrp said:
I am waiting for a new update to do the same. You must change a root file, and format the data. Everything will work normal!
Click to expand...
Click to collapse
I am on global stable with unlocked bootloader (China variant) and haven't flashed TWRP yet. When I enable Fingreprint security, the phone says it's encrypted. In other Android phones (Samsung), we have to manually enable encryption apart from fingerprint security but I couldn't find it in the phone settings in MIUI 10. Any ideas?
So, in EU ROM, when you enable fingerprint security, does it say that the phone is encrypted or not? If no encryption, then flashing the EU ROM is a no go for me as encryption is critical for me

RainGater said:
I am on global stable with unlocked bootloader (China variant) and haven't flashed TWRP yet. When I enable Fingreprint security, the phone says it's encrypted. In other Android phones (Samsung), we have to manually enable encryption apart from fingerprint security but I couldn't find it in the phone settings in MIUI 10. Any ideas?
So, in EU ROM, when you enable fingerprint security, does it say that the phone is encrypted or not? If no encryption, then flashing the EU ROM is a no go for me as encryption is critical for me
Click to expand...
Click to collapse
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.

t0mas_ said:
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.
Click to expand...
Click to collapse
I didn't set the PIN or fingerprint security during the first boot but later added it. When I check the Encryption, it says that the phone is encrypted. Even when I setup the PIN, I didn't see any message indicating that it's encyrpting as it was super quick. Like you said, official MIUI is encrypted by default.
But modifying the fstab.qcom is a pain as I have to keep doing it after every flash of EU ROM? Also, not sure what happens after you make the fstab change, encrypt it, then flash a new version of EU... Does it hang or what happens?
Did you encrypt your device in EU ROM?

RainGater said:
I didn't set the PIN or fingerprint security during the first boot but later added it. When I check the Encryption, it says that the phone is encrypted. Even when I setup the PIN, I didn't see any message indicating that it's encyrpting as it was super quick. Like you said, official MIUI is encrypted by default.
But modifying the fstab.qcom is a pain as I have to keep doing it after every flash of EU ROM? Also, not sure what happens after you make the fstab change, encrypt it, then flash a new version of EU... Does it hang or what happens?
Did you encrypt your device in EU ROM?
Click to expand...
Click to collapse
well not that much of a pain. the file doesn't hang that often so you can have the same file in update zip for quite a while. you do need to flash it every time you flash rom though

t0mas_ said:
official miui is encrypted by defaul, i think you can choose not to set pin on first boot (which is required by fingerprint and faceunlock) in which case it doesnt encrypt. not sure what happens if you choose to set pin later.
eu isnt encrypted by default. not sure why they choose to do so. but you cane make it encrypt by modifiying /vendor/etc/fstab.qcom.
oh, and it also runs in selinux permissive. im running magisk module to to make it enforcing on boot.
Click to expand...
Click to collapse
I try to edit fstab.qcom but even with root it says save failed, tried a couple different editors and the same thing happens. Could you please tell me how to successfully edit fstab.qcom

mikefallen said:
I try to edit fstab.qcom but even with root it says save failed, tried a couple different editors and the same thing happens. Could you please tell me how to successfully edit fstab.qcom
Click to expand...
Click to collapse
you cant doit from running sysetm. i do it from recovery, mount vendor, adb pull. then put it in a flashable zip to have it handy for updates. empty zip is attached, just drop your fstab.qcom inside and flash. if you have vendor allready mounted in recovery it will throw an error about it, but it will flash it. gl

t0mas_ said:
you cant doit from running sysetm. i do it from recovery, mount vendor, adb pull. then put it in a flashable zip to have it handy for updates. empty zip is attached, just drop your fstab.qcom inside and flash. if you have vendor allready mounted in recovery it will throw an error about it, but it will flash it. gl
Click to expand...
Click to collapse
Thanks a lot really appreciate you taking the time to help me out!

Ancient thread
but there's one really important question. why does this method not work with F2FS formatted /data ?

Is it possible to encrpyt a ROM and dont lose anything.?

The question probably sounds stupid but after almost a year of just forgetting about using root or unlocking bootlader i forgot many things.
I remember i used to have a mi 9 with encryption on and everytime i open twrp you will need to decrypt the data.
Now with the MI 9T Pro i had to format data in order to boot into Evolution X ROM that of course left me with a decrypted phone and i dont really like it in case my phone gets stole or something.
Do you guys know if i can use the option inside teh ROM to encrypt and what else i wuld need to do?
Thanks in advance to whoever takes the time to respond

PriPhaze said:
The question probably sounds stupid but after almost a year of just forgetting about using root or unlocking bootlader i forgot many things.
I remember i used to have a mi 9 with encryption on and everytime i open twrp you will need to decrypt the data.
Now with the MI 9T Pro i had to format data in order to boot into Evolution X ROM that of course left me with a decrypted phone and i dont really like it in case my phone gets stole or something.
Do you guys know if i can use the option inside teh ROM to encrypt and what else i wuld need to do?
Thanks in advance to whoever takes the time to respond
Click to expand...
Click to collapse
If all you did was format data, then encryption is still enabled. As soon as you setup lock-screen security, i.e. PIN, password, pattern, etc., for the first time your phone will automatically be encrypted.

Robbo.5000 said:
If all you did was format data, then encryption is still enabled. As soon as you setup lock-screen security, i.e. PIN, password, pattern, etc., for the first time your phone will automatically be encrypted.
Click to expand...
Click to collapse
No I couldn't boot until I flashed the DM verity.
So the encryption is now gone, but do you know if I can encrypt and then flash DM verity again with the force encryption on?.

PriPhaze said:
No I couldn't boot until I flashed the DM verity.
So the encryption is now gone, but do you know if I can encrypt and then glad DM verity again with the force encryption on?.
Click to expand...
Click to collapse
Ordinarily you shouldn't need to flash dm-verity. And as far as I'm aware, there is still no need to.
Normally it's just a case of formatting data to temporarily remove encryption, if flashing over MIUI.
As to your specific question, I couldn't say, as I've never needed to flash a dm-verity, disable force encrypt, or vbmeta file/script.
Personally, I would flash the latest fastboot MIUI ROM for the phone, then reinstall EvoX.
Before installing the ROM, in TWRP do the factory reset and then format data (There is no need to wipe anything else). Then reboot into TWRP to ensure the newly formatted data partition is properly mounted and flash as normal.
This has worked for me every time.

Yeah, some roms aren't booting without dfe.
to remove decrypt you can just wipe vendor and flash it again. you'll get encrypted. (however, some users confirm it puts them back into recovery, and they needed to reflash vendor+dfe for them.) Currently investigating if this is a RIN or RCN problem or for every device.
alternatively. If you are scared about having your device stolen. May I suggest you stay decrypted. Use ofox. and under ofox settings add a recovery password?
In the event you get stolen, they won't be able to access your recovery.
also, I'm looking for someone to test if wiping the data partition and not flashing dfe (after a rom has booted for the first time) and rebooting causes encyrption. (as you desired.) If you're willing to test. Try the above 3 methods?

Sandeeep Kiran said:
Yeah, some roms aren't booting without dfe.
to remove decrypt you can just wipe vendor and flash it again. you'll get encrypted. (however, some users confirm it puts them back into recovery, and they needed to reflash vendor+dfe for them.) Currently investigating if this is a RIN or RCN problem or for every device.
alternatively. If you are scared about having your device stolen. May I suggest you stay decrypted. Use ofox. and under ofox settings add a recovery password?
In the event you get stolen, they won't be able to access your recovery.
also, I'm looking for someone to test if wiping the data partition and not flashing dfe (after a rom has booted for the first time) and rebooting causes encyrption. (as you desired.) If you're willing to test. Try the above 3 methods?
Click to expand...
Click to collapse
BS. There is zero 'need' to flash dfe scripts. People are not formatting data when they need to, then when they cannot boot into a newly flashed ROM, they search and find solutions telling them to format data and flash dfe scripts. The thing is, people do not realise that it is the formatting data that fixes the problem, and they believe it is the dfe patch that is the fix. In all these cases formatting data alone would have been enough to fix the problem.
Also Orange Fox is only preferential if you stay with MIUI, as it's extra features are all about working with MIUI. If you are going with an AOSP ROM, stick with mauronofrio's latest TWRP, it is by far the best recovery for this phone.
As far as your 'test' is concerned, twice I have had bootloops after flashing a ROM, that have been fixed by formatting data alone.
The first time was when I first flashed an AOSP based ROM over MIUI before knowing that formatting data was required in this scenario. The second time was flashing AOSiP over LOS, when I still thought that going from one AOSP ROM to another never needed to format data when flashing.

Robbo.5000 said:
BS. There is zero 'need' to flash dfe scripts. People are not formatting data when they need to, then when they cannot boot into a newly flashed ROM, they search and find solutions telling them to format data and flash dfe scripts. The thing is, people do not realise that it is the formatting data that fixes the problem, and they believe it is the dfe patch that is the fix. In all these cases formatting data alone would have been enough to fix the problem.
Also Orange Fox is only preferential if you stay with MIUI, as it's extra features are all about working with MIUI. If you are going with an AOSP ROM, stick with mauronofrio's latest TWRP, it is by far the best recovery for this phone.
As far as your 'test' is concerned, twice I have had bootloops after flashing a ROM, that have been fixed by formatting data alone.
The first time was when I first flashed an AOSP based ROM over MIUI before knowing that formatting data was required in this scenario. The second time was flashing AOSiP over LOS, when I still thought that going from one AOSP ROM to another never needed to format data when flashing.
Click to expand...
Click to collapse
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.

Sandeeep Kiran said:
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.
Click to expand...
Click to collapse
Numerous cases? Who's we? What roms on what devices need dfe then? Only seen 2 roms ask for dfe, everything else it's as easy as 'going to and from miui, format data and reboot recovery' works every single time.

Sandeeep Kiran said:
We've had numerous cases for specific devices not booting without dfe despite formatting for some roms. I believe they are aosp roms that face this. Some when using oss, I vaguely remember. or when moving from LOS fod to mi9 fod or which flashing a different kernel.
(Do note. There are over 50+ roms for our device. 6 variants of the phone. 7 vendors (and separate modified vendors). 2 kinds of fod implementations. and about 95% of the cases arent asked on xda. 25% of the roms aren't posted either. None of the experimental builds are provided on xda.
There are tons of combos users use.)
I have not seen you on telegram. Only on xda. Who are you btw?
twrp is great. Ofox has a better ui and more features. Also, mauronofrio doesn't own a k20p btw. Just FYI. But he has the experience to still update twrp.
updated twrp is still not official, and gives error 7 for some raphaelin users who haven't updated updater-script.
recoveries are subjective. I mean, we have like 6 different recoveries now so.
Click to expand...
Click to collapse
Try this next time you see somebody saying they have tried may things and always get bootloops when trying to flash an AOSP ROM and you want to advise them to flash dfe.
Instead tell them to flash the latest MIUI fastboot ROM for their device, then install TWRP, in TWRP do a factory reset followed by format data, then reboot into TWRP and flash the ROM.
I bet they will come back and tell you it worked.
Again there should be zero need to flash dfe scripts.
If there are any AOSP ROMs out there that genuinely won't boot without flashing dfe (and here I'm talking about all users of such ROM), then the dev had done something stupid and everyone should seriously avoid the ROM.
At least half of the 50+ ROMs are no longer actively maintained.
The vast majority of Orange Fox extra features are specific to MIUI and so are redundant for AOSP ROMs. Mauronifrio's latest TWRP is the most stable for this phone, so if you're going with AOSP ROMs then the extra stability makes most sense.
I've been aware that mauronifrio does not own this phone ever since his initial build. I was also aware back then that he is also an official TWRP maintainer for other devices and so would mostly likely become the maintainer of the official version for this phone, which has now happened. If you go to the official TWRP site and download for this phone, it is by mauronifrio. You can also download the official version from the OP of his TWRP thread.
I would suggest that in most cases, people getting error 7 issues are not on the latest mauronofrio TWRP build.
Are you aware that all these different recoveries are just TWRP with a fancy dress. This is the great thing about TWRP. It was designed to be extensible, to allow others to build on it, in terms of functionality and design. So really there is only TWRP, just many different flavours.

Encryption and flashing custom software.

Hello!
I would like to start flashing custom software on my Redmi 8 4/64 but I'm pretty confused about the encryption thing, could someone please explain to me how does it effect flashing custom stuff onto the device or point me to an article detailing it?
Do i need to decrypt my phone to install custom roms/recovery? Does wiping everything (doing a clean install) erase encryption? Can a custom rom re-encrypt the device? Can I decrypt it afterwards? Should I/do I need to?
I keep reading about this second space, is this something i should worry about when wiping or can I wipe everything like on older android phones?
I'm on Global Android 9 MIUI11 11.0.7.0 EEA if that matters.