[Q] Ice Cream Sandwich Full Device Encryption and Flashing - Android Q&A, Help & Troubleshooting

If one enables full device encryption in Ice Cream Sandwich, am I correct in assuming that that the internal SD of that device is now not going to be available in the CWM recovery mode? And even if it was, the root fs would not be available? If so, this pretty much would make CWM flashing your device near impossible?
Does CWM even work if you use FDE? Or is it planned/
The question I guess is, when do you input your encryption password? Is it some pre-boot step?
I really want to enable device encryption but I can't find enugh details on how it works.
I did read this post on it., but it doesn't really answer my questions. And it is unclear if it encrypts the internal SD, or just the root FS?
http://source.android.com/tech/encryption/android_crypto_implementation.html

No one knows anything about this?

I got a Gnex today from Verizon in the US and I encrypted my phone after I unlocked the bootloader but before rooting. As a result I don't think I will be able to root because it doesn't seem that the modified boot.img that the instructions tell me to use can mount the encrypted system (it sat at the Google logo w/ the unlocked icon for 10 minutes before I pulled the battery and let it boot the stock boot.img) which came up fine.
It seems the only way to decrypt the phone is by doing a factory reset.
That's all I know. That being said, while a custom recovery may work for wiping partitions (such as cache), it would probably be mostly useless until the custom recovery is updated to support the encrypted file systems. I'm a *NIX user and an engineer, but don't have a lot of experience with Android's internals, so take all that with the appropriate sized grain of salt.
Regards,
Chris

Bump.
Anyone experimented with full device encryption / ROM flashing / SD Card? I'm curious about this as well, but not curious enough to experiment.

I dident try it myself, so i dont exactly know, how this works. But i think device encryption shouldent completly block clockworkmod recovery.
I think it could be a problem to make a backup while your device is encrypted. But i think it shouldent be a problem to recover a old system over an encrypted one. Encryption keeps people without the key away from reading data. This dosent mean you cant wright something over it and replace the locked data with some new one. But then you defenitly loose the old data. I dont think you can flash a new ROM or a recovery without a full wipe. You probably gona loose all the data you had on the old system.
But i general i think this is anyway a good think to do when you flash a new ROM.
I think you could give it a try, without briking your phone. But i dident try it, so i cant take any responsibility.

Would any of you happen to know how to get to the diagnostic mode?

ryfly65 said:
Would any of you happen to know how to get to the diagnostic mode?
Click to expand...
Click to collapse
I sonst exactly know hat diagnostic Mode you mean. Depends hat Diagnose you want to run. Do you want to read the logfiles in your phone, wher you can see what ist doing? You could use the app alogcat. An other way would be to run logcat over Eclipse.
Sent from my HTC Desire HD using XDA App

Hilmy said:
I sonst exactly know hat diagnostic Mode you mean. Depends hat Diagnose you want to run. Do you want to read the logfiles in your phone, wher you can see what ist doing? You could use the app alogcat. An other way would be to run logcat over Eclipse.
Click to expand...
Click to collapse
I need to edit modem information and enable a diag port for QPST, essentially allowing me to flash it to another carrier.

Is there any new information on this? Any help would be very appreciated!
Sent from my Galaxy Nexus using XDA App

I encrypted mine after flashing the stock ICS 4.0.3 image and rooting. CWM still loads, but when I try to use USB mass storage, windows tells me it needs to be formatted before the SD card can be used.
You can use titanium backup to make backups of your stuff, and restore them to a non-encrypted phone. I have found no other way to unencrypt the phone than factory reset either. When you encrypt, then go to settings > security > encryption, it just has a greyed out area saying "Phone is encrypted", which is stupid and needs to be fixed.

nevarDeath said:
I encrypted mine after flashing the stock ICS 4.0.3 image and rooting. CWM still loads, but when I try to use USB mass storage, windows tells me it needs to be formatted before the SD card can be used.
You can use titanium backup to make backups of your stuff, and restore them to a non-encrypted phone. I have found no other way to unencrypt the phone than factory reset either. When you encrypt, then go to settings > security > encryption, it just has a greyed out area saying "Phone is encrypted", which is stupid and needs to be fixed.
Click to expand...
Click to collapse
So if I factory reset the device from CMW I will not loose my pictures or TB in the internal SD?
What about flashing a new ROM?
Thanks!

I have been playing with ICS + FDE for several days doing different things. First off this is:
Nexus S 4G, running Pete's crespo4g OTA ROM
I flashed with CWM which is still on there and runs fine.
However: /data and /sdcard and /system (?) are encrypted and CANNOT be mounted.
To restore you have to 1) make a full backup over USB to a PC of the whole SDcard (or at least the important folders).
2) wipe and reformat everything. This isn't just a factory reset, this kills the sdcard as well.
3) mount (hopefully) the newly reformatted /sdcard and blow your backup from the PC onto the /sdcard
4) use CWM to restore a previous ROM.
That's pretty much it, give or take. Not for the faint of heart. However, if you are concerned enough to want encryption, you don't want to just say reboot recovery and voila all your files are belong to us, right?
---------- Post added at 03:58 PM ---------- Previous post was at 03:34 PM ----------
Also, the backup to PC part is just your sdcard. It doesn't back up the whole system. There might be a way to do that via adb, I don't know.

So i am running rooted runnig miui.us rom. I just tried to encrypt phone.. It ran for 2 and a half hours and I got impatient. thinking maybe i shouldnt have done it... Then after a little bit of panic i said **** it if i lose data i lose data... so i powered off and back on hoping i didnt and the rom booted back up with all my data intact..... •••••• Wish I had more to report but im not doing that again until someone can confirm that it works fine...... I have tried booting into cwm yet.. If i have an issue when i need to boot illl report back but if you dont hear from me here then assume I was able too.

Pete's to CM9 - still encrypted
IT does indeed take a fairly long time to encrypt. If I understand correctly it will build the encrypted partition on a loopback (or something like) before erasing the original (by overwriting?).
I've got more to report. I followed my plan (couple posts back) for unencrypting and reflashing my phone. (Nexus S 4g).
The first bits of this worked fine. I was able to flash CM9 onto my phone (works like a champ btw). While the phone was in recovery I mounted the SD and copied my backup back onto it.
However...
When CM9 booted I STILL got the "unlock your device" screen, still the same password, and it decrypted and booted. That was surprising, but not as much as when I looked for the SD card, it said it was incorrectly formatted! The only thing to do was reformat and copy with the phone on and unlocked.
So lessons learned: 1) a factory reset from _inside_the_ROM_ doesn't remove the encrypted partition at all and
2) As far as I can tell, the SD card _is_ encrypted along with /data
I'd be very interested to hear other's experiences, especially someone who can remove their SD storage.

Undoing FDE
First off - Lacking a device with removable storage to test with all I can tell you is that the sdcard is not accessible by any normal means after FDE is enabled without booting into the encrypted system.
"Removing" FDE required three steps beyond normal:
-Factory reset from within the ROM
-factory reset/wipe at recovery and/or format /data
-once into a running ROM, reformat the sdcard
Once all that is done (in addition to normal setup for ROM) you should be able to operate normally again.

problem with encryption on sgs2 with android 4.0.3
I really want to enable my device encryption too, but I can't !!!
the phone start encrypting after he ask me for a new secure password, rebooting and asking again for my password and surprise!!!.... the password is not match ?!?!
I repetead these steps for 3 times but the same result...the password does not match!!! ?
Please, if someone found a trick to repair this inconvenient, tell us in this post steps to be followed.
Regards!
SGS2, Android Icecream 4.0.3

leech2082 said:
So i am running rooted runnig miui.us rom. I just tried to encrypt phone.. It ran for 2 and a half hours and I got impatient. thinking maybe i shouldnt have done it... Then after a little bit of panic i said **** it if i lose data i lose data... so i powered off and back on hoping i didnt and the rom booted back up with all my data intact..... •••••• Wish I had more to report but im not doing that again until someone can confirm that it works fine...... I have tried booting into cwm yet.. If i have an issue when i need to boot illl report back but if you dont hear from me here then assume I was able too.
Click to expand...
Click to collapse
I did exactly what you did, and so far everything seems to be intact Thanks!

Related

[Q] Can sgs2 work with unwritable flash?

Hello,
I have strange defect in my phone: after every power cycle phone wakes up in state it was at about February 13 2012. I can not permanently change anything. I also can not change firmware. I even have made full three stage recovery from broken nand write, as described elsewhere here, without changing anything.
What is strange: no warnings or failure notices. Phone is working normally. Flashing is also seemingly working okay. But after restart nothing is changed. Only when I work with big files, random apps start to crash. I discovered this when downloading maps.
My question is: can sgs2 with Android 2.3.3 seemingly work O.K. with totally nonfunctional nonvolatile memory writing?
Because I don't know your history....
Did you full wiped that is
Format cache data system sdcard
Dalvik.
atifsh said:
Because I don't know your history....
Did you full wiped that is
Format cache data system sdcard
Dalvik.
Click to expand...
Click to collapse
I did. Nothing gets erased. If you know, how Android system works: in your opinion is it possible that system under light usage works O.K. in spite that nonvolatile storage is effectively read only?
Strange issue, but yes in theory, if your storage is busted in a way that it actually works as a read only, but when an application need to write something it fails and crashes.
atifsh said:
Strange issue, but yes in theory, if your storage is busted in a way that it actually works as a read only, but when an application need to write something it fails and crashes.
Click to expand...
Click to collapse
When an application needs to write something it does not fail, at least when it does not write large amounts of data. I can do everyday tasks: add or remove contacts, add few apps (which then actually work), move icons on screens and so on. Is all this possible with NVmemory working as ROM? Because after power cycle all that is gone and all reverts to February 13 2012 state.
Just a thought but have you tried erasing all the contents of your phone?
Using ODIN you can install an odin Cyanogenmod rom, use the pitfile and select repartition. This I believe wipes everything except the 14gb user data portion. Then, just format that under settings.
Perhaps a full wipe would fix it.
MikeMurphy said:
Just a thought but have you tried erasing all the contents of your phone?
Using ODIN you can install an odin Cyanogenmod rom, use the pitfile and select repartition. This I believe wipes everything except the 14gb user data portion. Then, just format that under settings.
Perhaps a full wipe would fix it.
Click to expand...
Click to collapse
That's what I think too, but didn't told him because using pit got a high chance of bricking.
And the way he is using suggests he is out of warranty.
MikeMurphy said:
Just a thought but have you tried erasing all the contents of your phone?
Click to expand...
Click to collapse
The phone does not effectively wipe at all. After any wiping or installing new roms/bootloaders/pits/anything the phone wakes up in state it was 2012/02/13, except date and time, which is current.
If you have used pit and tick repartition, and still nothing erased, boy your internal storage is shouting get rid of me fast or I'll go dead on you soon.
Or I could be wrong and your phone will out lived you
I am pretty much convinced that my phone is irreparable. I do not look for solution to make it work normally again (although I would very much welcome one if I'm wrong).
I seek an answer from somebody who intimately knows, how Android filesystem works: Is it possible, that phone works seemingly O.K. under very light usage in spite that it cannot in fact write to flash memory? And work like this for 2 months without giving warning/error messages?
I compare my situation to a PC with ram-disk setup and an unwritable hard disk. This would not work long. Can Android?
Hey Zie, you may not get this notification of reply, but I wanted to ask, did you ever reach a solution with you SGS II? I'm on the Skyrocket and the same thing happened to me a few days ago. So far nothing has worked and I just upgraded. This was my second Skyrocket coming from an Infuse 4g.
Can't return the phone because all can tell its a rooted device with a custom rom on it. AOKP Milestone 6. Let me know what u did to get around this if u can....
Sent from my SGH-I727 using xda premium

Encryption and ROM-Upgrades

How am I able to properly upgrade a ROM if the phone is encrypted? Or would I always have to save all data to an external drive, reformat my SD-Card and do a completely fresh install? Recommended HowTo's?
If people with encrypted phones read this, I'd like to know about your experiences: Do you feel safer with an encrypted phone? Ever lost one or had difficulties with the encryption preventing getting back into your phone?
SecUpwN said:
How am I able to properly upgrade a ROM if the phone is encrypted? Or would I always have to save all data to an external drive, reformat my SD-Card and do a completely fresh install? Recommended HowTo's?
If people with encrypted phones read this, I'd like to know about your experiences: Do you feel safer with an encrypted phone? Ever lost one or had difficulties with the encryption preventing getting back into your phone?
Click to expand...
Click to collapse
Ok, so got the phone to start encrypting itself... it's still not done after 10 hours (leads me to believe that it's broken in DT 0.2.0). As best as I could find the phone only encrypts the data partition, which pretty much means that you should be able to update the rom with no probs (just updating the same rom should work fine with the same data; and changing roms requires a datawipe anyway) or at least that's how i understand it.
as far as security goes the only means (that i know of and have tried) past a standard lockscreen is through adb (or the "i forgot my password" method which requires you to log into your google account) so in this respect encryption would be an improvement.
as far as getting into the phone goes, a factory wipe should eliminate that problem (along with your data )
dessolator666 said:
As best as I could find the phone only encrypts the data partition, which pretty much means that you should be able to update the rom with no probs (just updating the same rom should work fine with the same data; and changing roms requires a datawipe anyway) or at least that's how i understand it.
Click to expand...
Click to collapse
Thanks for testing. If the phone is fully encrypted and the SD-Card is taken out, is it still encrypted? I've read of a case where thieves tried to get into the phone and they couldn't because it was fully encrypted - can someone confirm or deny this information, please?

Encryption?

So I've done a search of the Rezound threads for info on encryption and came up empty. Google wasn't much of a help either. I work where there's a good chance my phone may come up missing or lost and at times I may have some sensitive work related material on it which I don't care for everyone to see. Has anyone out there actually encrypted their phone and SD card and been successful? And has anyone done it with a ROM installed? I'm running Vigor360 and would like to know if the encryption actually works before I brick my phone when it fails in the process. Would I just be better off encrypting a container on the SD card and not worry about the phone itself? Thanks.
CM9 has built in encryption, in the security tab of the settings app.
GrayTheWolf said:
CM9 has built in encryption, in the security tab of the settings app.
Click to expand...
Click to collapse
Broken in CM9. Chad was going to take a look.
I'm required to encrypt my internal storage for work; I've never tried the external SD card. I can't recall if I ever tried to encrypt Neo's Rage while I was running it, but I've been able to encrypt most Sense ROMs I've tried. Both of Nils' Business Sense ROMs worked fine as did ViperROM and EclipticRez. I've forgotten what else I've tried; I know I downloaded Vigor360, but I didn't run it long enough for a full test run. I did not have great success on heavily de-sensed ROMs.
There are a few gotchas once encrypted though. Amon Ra can't read the encrypted partition to perform a full wipe or a dalvik-cache wipe. When swapping kernels or anything needing to wipe Dalvik-cache, I do so from a terminal session in the phone first and then boot to recovery to wipe cache and flash the object. This also presents a problem when I want to swap ROMs as I need to re-flash the RUU (I'm running the global leak) to get back to a phone that can be fully wiped and have a new ROM installed. It adds a few minutes to my process when I want to play around, but I've gotten used to it. I take my nandroids just prior to encrypting, but I've never used them as I prefer Titanium Backup and Nova's built-in backup for the launcher settings.
I'm S-On, HTC dev unlocked if that makes a difference to you. My main concern about encrypting your external SD card would be the need for Amon Ra to access it. I keep ROMs, music and backups on the external card with the work stuff on the internal which satisfies the policies with my employer.
I hope this helps.
Matt
rtc1036 said:
So I've done a search of the Rezound threads for info on encryption and came up empty. Google wasn't much of a help either. I work where there's a good chance my phone may come up missing or lost and at times I may have some sensitive work related material on it which I don't care for everyone to see. Has anyone out there actually encrypted their phone and SD card and been successful? And has anyone done it with a ROM installed? I'm running Vigor360 and would like to know if the encryption actually works before I brick my phone when it fails in the process. Would I just be better off encrypting a container on the SD card and not worry about the phone itself? Thanks.
Click to expand...
Click to collapse

[Q] Questions About: Encryption + Backups

I've recently been getting into more security cautious habits with encryption and what not, due to this whole NSA/Big-brother is watching business... But I have a question (more may pop up as this discussion goes on). Sorry if I seem noob-y, I am still getting a hang of all this encryption business. But here's my first round (regarding just the files being backed up):
If I go ahead and do a full phone encryption with my GN2 where will I stand as far as backups to Dropbox/Copy/Google Drive/etc.?
I currently have photos and such backing up to copy, and I often move backups made through recovery to Dropbox and such. If I were to have photos automatically sync to copy or move system backups to dropbox wouldn't that render them basically useless as I am assuming they move out of the phone encrypted (not being decrypted as they exit).
The photos would be unusable anywhere besides my phone right? So moving them off my phone to share vacation photos for instance would be impossible, and if my phone were to crash they'd be irretrievable? Making the backup process pointless.
Wouldn't the back up be rendered useless as well, exactly when I might need said backup? If my phone were to ever crash or die for some reason, I would lose the encryption key, would even be able to do a full system restore through the recovery? It would seem that the encryption key wouldn't be kept with those back up files, so while it might place everything back in its correct place, it would still be unreadable. Or does it maybe keep the key in system files somewhere so that a full backup would restore the key as well?
And my second round of questions (regarding recoveries and what not):
I am also under the impression that I would not be able to flash through custom recovery either as the internal SD would be inaccessible from the recovery being it doesn't have the encryption key. I am currently running OmniROM and it is in a nightly stage still for my phone. I wouldn't be able to update nightly would I? I am assuming since it basically flashes/overwrites system each time, that I would be losing my encryption key and making everything besides system unusable then right?
And what about downloading ROMs to flash/update directly to my phone? As I download them from in browser or another app and they go to the default /downloads folder they would be encrypted. They wouldn't be accessible from there in recovery, but if I were to try and move them out of internal SD to the external SD they would retain encryption and still be inaccessible? So the only way to download ROMs and updates would be from PC and only move them to the external SD?
Overall, this seems to be crippling a lot of the way I use my phone...
Bump?
Sorry, this is already getting buried and I kinda want to know what's going on before I go ahead and do this...
Zombtastic said:
I've recently been getting into more security cautious habits with encryption and what not, due to this whole NSA/Big-brother is watching business... But I have a question (more may pop up as this discussion goes on). Sorry if I seem noob-y, I am still getting a hang of all this encryption business. But here's my first round (regarding just the files being backed up):
If I go ahead and do a full phone encryption with my GN2 where will I stand as far as backups to Dropbox/Copy/Google Drive/etc.?
Click to expand...
Click to collapse
I'm not (yet) an expert on this, but when you've encrypted your device, it encrypts the file system on your internal memory and SD card. You have to enter a PIN/password when you turn on your device (and when it times out) to gain access. When the correct PIN is entered at boot time, the file system is available as normal - the underlying data is still encrypted, but the file system can unencrypt it in "real time" for use by apps and the system.
So that means that Dropbox et al all see your files as normal, and any copying you do from your device to something on the net (Drive, Dropbox, a server, etc.) works as normal - the data appears normal to the apps and is copied as normal. So photos would copy across as photos, music as music, etc.
Think of it like this: You can't speak Urdu, only English. There is a book you own that is written in Urdu that you want to tell someone about. You find a translator to read the book and tell you what it says. He reads the first page in Urdu, translates it in his head to English, and tells you what it says. You then tell your friend what it says (in English, of course). Your friend writes down what you told him, in English, then tells you something in reply. You tell your Urdu translator what your friend said (again, in English). Your Urdu translator then translates (in his head) what you said from English to Urdu, and writes it down in the book in Urdu.
At no time do you understand Urdu, nor does your friend. Your friend doesn't even know the book is written in Urdu and doesn't care. He never sees it or accesses it directly. If anyone ever steals your book, they can't read it unless they can read Urdu. The book is only useful to you and your friends if you have an Urdu translator sitting there in the loop. (the analogy is imperfect and incomplete but you get the idea).
So, getting back to your phone, if you have it encrypted, the underlying file system deals with translating things on the fly if you've given it the correct password at boot and login time. No apps ever know about the encryption - they just see data as normal (unencrypted). So any app that wants to copy a photo to Dropbox just sees a normal photo - it never sees the underlying encrypted data. But if you don't enter the correct password at boot time, the phone can't boot, and anyone trying to access the data on the phone won't be able to read it unless they know the password.
Does that help or confuse?
Zombtastic said:
I currently have photos and such backing up to copy, and I often move backups made through recovery to Dropbox and such. If I were to have photos automatically sync to copy or move system backups to Dropbox wouldn't that render them basically useless as I am assuming they move out of the phone encrypted (not being decrypted as they exit).
Click to expand...
Click to collapse
Hmm, this does my head in a bit but lets untangle it:
- you boot into Recovery. The Recovery you're using (obviously) understands encrypted file systems (some versions of CWM do, some versions of TWRM don't for instance - see near the end of this post for a bit more on this). So when you boot into Recovery and enter your PIN/password, it can then read your file system. You can then do a Recovery-based backup of your file system (or individual files, though I'm not aware that you can do this). The backup it creates is written to the encrypted file system and thus encrypted with the same encryption keys used for everything else.
- You boot the phone back up as normal and enter your PIN/password, and start up Android. You then use Dropbox to copy the Recovery backup files to the cloud. So the question is, "Are these files encrypted?" and I think the answer is, "No". Why? Read the rest of this post and hopefully you'll work out the same conclusion. But I'm pretty sure that the data that ends up on the Cloud is not encrypted.
One general comment worth pointing out as an aside (sorry, this paragraph isn't really related to the above but I wanted to point this out somewhere and its still useful) is that each time you encrypt your phone, it creates a unique encryption key - even if you give it the same PIN/password to use. So if you're forced to rebuild/reflash/wipe your phone in the future, it won't be able to access any data that is still on there (in internal or SD memory) since it won't know the previous encryption key. So you'll have to wipe all data and start again. And at that point, if you choose to encrypt your fresh, newly initialized phone, it will have a new, unique encryption key that won't work on any encrypted data from previous. So if for instance, you plug in an SD card that was encrypted on your phone in an earlier ROM, it won't be readable even if you know the correct PIN/password, since your phone will be using a different underlying unique key.
Zombtastic said:
The photos would be unusable anywhere besides my phone right? So moving them off my phone to share vacation photos for instance would be impossible, and if my phone were to crash they'd be irretrievable? Making the backup process pointless.
Click to expand...
Click to collapse
So, if you're following this, you'll now understand that moving your photos off your phone could be done two ways:
- while you're using the phone as normal (ie. you've booted it, entered your PIN/password, and copying your photos to Dropbox via an app while you're logged on. If you do it this way, you're simply copying photos as normal that can be viewed as normal in Dropbox.
- by copying backups generated while in Recovery. But Recovery will be firstly mounting the encrypted file system successfully (if you gave it the right PIN/password and your version of Recovery supports encryption), which means it can read your photos as normal files, then backs them up into its own normal Recovery file/folder structure and writes them to your encrypted file system, so the underlying data is encrypted unbeknownst to Recovery. Then when you boot up your phone and log in successfully to Android, you can access that data as normal (and unencrypted). So when you then copy it to Dropbox, all you're copying is normal Recovery-created backup files. The copied data won't be encrypted (unless Recovery encrypts them itself, independently, which I don't think it does). So you could copy this data to anybody's phone, so long as they were using a compatible Recovery version and probably compatible ROM.
Zombtastic said:
Wouldn't the back up be rendered useless as well, exactly when I might need said backup? If my phone were to ever crash or die for some reason, I would lose the encryption key, would even be able to do a full system restore through the recovery? It would seem that the encryption key wouldn't be kept with those back up files, so while it might place everything back in its correct place, it would still be unreadable. Or does it maybe keep the key in system files somewhere so that a full backup would restore the key as well?
Click to expand...
Click to collapse
I'm not 100% sure on this, but I think your logic is correct. The backup would be useless if the phone loses the encryption key, which it would do if you re-initialized your phone and/or did a new encryption. So you can only recover your backed up data if you haven't done either of those things. A solution to this is to use backup software that runs on your phone (Titanium Backup) that gives you the option to encrypt your data. Some caveats to this approach should be obvious:
- you firstly need to decide if you trust your backup software's encryption
- you need to use a strong password and be able to recall it months/years from now when you go to restore your data
- you need to copy your backups off your phone (such as onto your SD card, cloud, dropbox, etc.) in case you lose your phone.
Zombtastic said:
And my second round of questions (regarding recoveries and what not):
I am also under the impression that I would not be able to flash through custom recovery either as the internal SD would be inaccessible from the recovery being it doesn't have the encryption key. I am currently running OmniROM and it is in a nightly stage still for my phone. I wouldn't be able to update nightly would I? I am assuming since it basically flashes/overwrites system each time, that I would be losing my encryption key and making everything besides system unusable then right?
Click to expand...
Click to collapse
Tricky - if you flash/update your phone with a new ROM, you will probably be OK so long as you haven't wiped the part of your phone's storage that holds the encryption information. I don't know where this is. But the nightly updates I do to my phone don't normally touch my data - all my apps are still there and it boots identically to the way it did before I updated it. HOWEVER, its possible that an update may force me to wipe my phone for some reason - the update may fail, it may contain significant changes, or I might screw something up. I probably end up completely wiping my phone at least once every 2 months just because I like to play with the latest and greatest ROMs, or I screw something up. So if that happens, I'm going to lose the encryption information and thus would lose everything on the phone.
Of course, I can always restore my apps and data via Titanium Backup, since I back up my stuff quite often and then copy it to Dropbox.
Zombtastic said:
And what about downloading ROMs to flash/update directly to my phone? As I download them from in browser or another app and they go to the default /downloads folder they would be encrypted. They wouldn't be accessible from there in recovery, but if I were to try and move them out of internal SD to the external SD they would retain encryption and still be inaccessible? So the only way to download ROMs and updates would be from PC and only move them to the external SD?
Click to expand...
Click to collapse
Hmmm - good question. A simpler question is, "Is my encrypted file system accessible while in Recovery?" I believe the answer is, "Yes, if you use CWM, No if you use TWRM". But I say that because from what I've been reading, some versions of CWM/TWRM can/can't handle encrypted devices. But you'll already have sorted this out at the time you're trying to encrypt your device anyway since the encryption process involves rebooting your phone into recovery I believe - and if you're not using the correct supported Recovery, this step will fail. But if you are using a supported recovery, this step will work, and therefore logically I'd assume that you can access your encrypted file system while in Recovery in the future. I'd imagine Recovery would prompt you for your PIN/password in order to mount the encrypted file system.
So assuming the above is correct, you would be able to access the newly-downloaded ROMs while in Recovery and thus can flash them. But of course, Caveat Emptor with flashing the new ROM - if it forces you to wipe anything, you may end up unable to access any of the data.
Zombtastic said:
Overall, this seems to be crippling a lot of the way I use my phone...
Click to expand...
Click to collapse
From what I've been researching, you won't have a problem anyway, because I haven't come across anyone that has successfully encrypted their phone using a custom ROM. Strangely, this ability seems to be unwanted by XDA people. My tinfoil hat tells me that there are people ensuring that this ability continues to not work on custom ROMs until/unless a backdoor capability is found. Hopefully I'm wrong on many counts.
douginoz said:
From what I've been researching, you won't have a problem anyway, because I haven't come across anyone that has successfully encrypted their phone using a custom ROM. Strangely, this ability seems to be unwanted by XDA people. My tinfoil hat tells me that there are people ensuring that this ability continues to not work on custom ROMs until/unless a backdoor capability is found. Hopefully I'm wrong on many counts.
Click to expand...
Click to collapse
Amazing post by the way! It does seem very helpful.
BUT it's very funny you mention it not working. Because that's exactly what happened. After not getting a response here or in the ROM's forum for a few days, I decided to just take the plunge and do it. I was just planning on testing everything out my self and figuring it out as I went. The first time it seemed fine, the encryption went through it seemed.
Being as I didn't know any of the info you just enlightened me with, I did fear that nothing was truly encrypted though. Everything was transferring to my computer with a drag and drop and working fine, so I was afraid (without evidence) that nothing was truly encrypted. I asked on the ROM's forum again (still waiting for an answer).
That night, my phone was left plugged in charging, yet some how had turned off in the night. I awake to my phone asking for an encryption key. I enter my key in to no avail. Nothing works and my phone is left unable to boot. It was utterly denying my password. I had to reflash. I asked about that in the forums as well, whether that was normal or if encryption was maybe not implemented yet, etc. The dev running the nightlies for my device has responded to the forum multiple times but not to me. Another user mentioned it might be that it is now merged together as a Galaxy Note 2 ROM and not specifically a T-mobile Galaxy Note 2 ROM (might be possible. Idk.).
Now, I have tried to re-encrypt. Multiple times. But I cannot for the life of me get it to even start now. Every time I go to start the encryption process it shows me the fullscreen image of the android unzipped horizontally (at which point it is supposed to reboot and start encrypting) and it hangs/sits there forever. Not rebooting, not anything. If I hit the back button, the image disappears and it goes back to my phone. Working perfectly fine, like it never even started doing anything. I am not doing anything differently. I don't know what could be happening to stop it from even getting as far as it did last time. Unless the devs maybe started working on it and have disabled it for the time being/screwed it up worse, I dunno.
Not you got me crafting a tin-foil hat...

Cannot Perform Factory Reset, or Install New ROMs - booting into current OS = FCs

Hi folks.
I've just acquired a Xiaomi Redmi Note 3, and I have officially unlocked the bootloader, and installed Redwolf Recovery, Magisk, and the Pixel Experience Oreo ROM, and the phone was working for a few days without issues.
Today however, whenever I boot into my phone, force close errors pop up at three errors per second, and when I try to perform a factory reset and reinstall a ROM, the current, yet corrupt installation remains, and I cannot get rid of it.
Is there any way to solve this issue, as this is the first time I have experienced this?
Thanks.
aha360 said:
Today however, whenever I boot into my phone, force close errors pop up at three errors per second, and when I try to perform a factory reset and reinstall a ROM, the current, yet corrupt installation remains, and I cannot get rid of it.
Click to expand...
Click to collapse
Hi, you need to do advanced wipe in recovery and wipe /system, /data, /cache, /dalvik, /ART before installing a new ROM.
Should your preferred ROM still produce this issue, please try for a quick test https://download.lineageos.org/kenzo
You don't need Magisk to root LOS.
:good:
k23m said:
Hi, you need to do advanced wipe in recovery and wipe /system, /data, /cache, /dalvik, /ART before installing a new ROM.
Should your preferred ROM still produce this issue, please try for a quick test https://download.lineageos.org/kenzo
You don't need Magisk to root LOS.
:good:
Click to expand...
Click to collapse
Thank you very much for that. I actually did that before you suggested this to me, and I'm back up and running now.
However, one thing I have learned is that you shouldn't add any files to internal storage AFTER doing a full, destructive wipe and AFTER installing anything from there, as those files will disappear while the storage gets occupied in the process, so I ended up having to repeat the process, but with the required files ON THE microSD CARD.
Another thing I have learned from this is to not install a custom ROM on encrypted storage and double-check the encryption status BEFORE flashing a ROM as I now know that some stock ROMs automatically encrypt the /data/ and /data/media/ partitions, which is a huge pain in the backside.
Lesson of the day: even if you think you're familiar with custom ROMs and installing them, there are times whereby you'll end up hitting brick wall dilemmas like this one.
aha360 said:
Thank you very much for that. I actually did that before you suggested this to me, and I'm back up and running now.
However, one thing I have learned is that you shouldn't add any files to internal storage AFTER doing a full, destructive wipe and AFTER installing anything from there, as those files will disappear while the storage gets occupied in the process, so I ended up having to repeat the process, but with the required files ON THE microSD CARD.
Another thing I have learned from this is to not install a custom ROM on encrypted storage and double-check the encryption status BEFORE flashing a ROM as I now know that some stock ROMs automatically encrypt the /data/ and /data/media/ partitions, which is a huge pain in the backside.
Lesson of the day: even if you think you're familiar with custom ROMs and installing them, there are times whereby you'll end up hitting brick wall dilemmas like this one.
Click to expand...
Click to collapse
U only need to do format data option if u come from miui rom. Coz miui encrypts the data and internal sd. So format data option is must.
Moving from one custom rom to another u dont need format data. Only wipe data reset is enough.
If u have any important document . keep it in external sd. If something goes wrong or custom rom cant boot then we use format data option which erases ur internal sd too.
No need to encrypt the device. Just install the rom which comes with selinux enforcing which is enough to protect ur userspace.
naik2902 said:
U only need to do format data option if u come from miui rom. Coz miui encrypts the data and internal sd. So format data option is must.
Moving from one custom rom to another u dont need format data. Only wipe data reset is enough.
If u have any important document . keep it in external sd. If something goes wrong or custom rom cant boot then we use format data option which erases ur internal sd too.
No need to encrypt the device. Just install the rom which comes with selinux enforcing which is enough to protect ur userspace.
Click to expand...
Click to collapse
Muchos gracias.
Also, I have a microSD card for that very reason, which is to keep all my files that I want to keep separate and safe from destructive deletion, and I have now learned that stock ROMs like the MIUI ROM encrypt the data and internal shared storage partitions, and that I have to do a full, destructive, internal storage wipe whenever I migrate to a custom ROM FROM a stock ROM.
Also, I frankly don't give a two sh!ts about storage encryption and SElinux policies as they're far too inconvenient for the trade-off in terms of technological security versus technological freedom, so I installed The SELinux Switch app from here, and I intend to leave the device decrypted for the aforementioned reasons.
aha360 said:
Also, I frankly don't give a two sh!ts about storage encryption and SElinux policies as they're far too inconvenient for the trade-off in terms of technological security versus technological freedom, so I installed The SELinux Switch app from here, and I intend to leave the device decrypted for the aforementioned reasons.
Click to expand...
Click to collapse
Exactly. When we unlock bootloaders and root our devices we choose freedom and the remaining constrictions like SElinux and encryption are, in this context, completely useless shackles. Furthermore, encryption contributes to NAND flash wear and premature device failure.
:highfive:
k23m said:
Exactly. When we unlock bootloaders and root our devices we choose freedom and the remaining constrictions like SElinux and encryption are, in this context, completely useless shackles. Furthermore, encryption contributes to NAND flash wear and premature device failure.
:highfive:
Click to expand...
Click to collapse
Not only that - SELinux, when set to Enforcing, restricts certain simple commands and shoves them unnecessarily behind root privileges, like "reboot bootloader", or "reboot -p", or "reboot fastboot", or "reboot recovery", or "reboot". I'm not going to wait 60 seconds for a device to reboot into recovery - screw that.
Hell, even having SELinux set to Enforcing can interfere with or block infrared beam access. Stupid crap I tell ya.

Categories

Resources