Is it possible to have file-based encryption on POCO F1? If it is, can anybody help me get it on my device? I already tried using the command "fastboot --wipe-and-use-fbe" but I got an error I saw something about putting changes to fstab file but didn't know how to perform those...
If you know how to enable it, please help...
(Source of Information: https://developer.android.com/training/articles/direct-boot )
Thanks.
Related
Question about encryption:
Is there a way to find out if a device uses the Full Disc Encryption or the File Based Encryption?
Thanks for help!
Is it possible to encrypt using any of the custom roms? I have tired Lineage, CrDroid and DotOs and when i encrypt phone, it never finishes encrypting and doesn't boot any more.
Is this something to do with these being Treble roms?
I'm about to buy the Xiaomi Redmi Note 5 Plus, but lack of encryption would be a show-stopper for me. Encryption doesnt work, even for Lineageos 14 ? (android 7).
I'm not sure of the statuses of Lineageos 14/15, just looking into it right now. I can live with LineageOS 14 for now, but not without encryption.
Mee too. Unable to find Custom ROM ENCRYPTED. It seems nobody concerned about encryption. Original ROM (MIUI9) is encrypted by default with File Based Encryption (FBE). A phone without encryption is called "a public phone". Is Treble causing trouble or TWRP need TWRP-FBE? Anyone success in encryption please create a thread "List FBE ROM including TWRP-FBE."
I found the solution.
Format data using TWRP, then resize the partition with adb shell :
resize2fs /dev/block/mmcblk0p50 51G
(my original size of filesystem /dev/block/mmcblk0p50 was 52.1G (you can find it with the command "df -h /dev/block/mmcblk0p50")
The encryption process need to take some place at the end of the partition or it will fail - this thread has helped me : github.com/CyanogenMod/android_device_motorola_xt907/issues/3
You can debug also the problem with the adb logcat command.
Is it possible to make TWRP skip Gatekeeper verification of a password and just go straight to attempting to use it to decrypt /data/misc/vold/user_keys/ce/0/current/encrypted_key? My phone is a Pixel running Pie and it uses file-based encryption (FBE) instead of FDE.
Who is knowledgeable about FBE?
Bumpity.
Bump.
More details: When it is given a password to decrypt a device that uses FBE at least, TWRP uses Gatekeeper, locksettings.db, gatekeeper.*.key, and /data/system_de/0/spblob/<SP-HANDLE>.{pwd,secdis,spblob} to verify the password. Presumably, this is how Android verifies a PIN/pattern/password for unlocking the device and NOT for verifying that the key derived from the password works in decrypting the data stored on the device.
What I want to do with TWRP is skip the password verification altogether and go straight to deriving the decryption key from password (and verify if that key works). I need to try this because I was modifying locksettings.db and gatekeeper.*.key in attempt to get TWRP to decrypt the device and now it's facing trouble handling this stuff.
How do I get it to skip the password verification?
Bump.
Bump.
Someone here must understand what I'm talking about.
Bump.
Specs:
Xiaomi Mi A2 (A/B part. scheme)
Android 10 Pixel Experience
I'm currently using F2FS for the added read/write speed but with no encryption at all. And that's not really ideal, as you might've guessed.
Code:
fastboot --wipe-and-use-fbe
formats to ext4 by default and there's no way to choose the FS. What I'm asking is is there a way to do this manually, via adb shell from recovery, for instance?
Edit: I mean, of course it's possible to use fscrypt directly but I'm not even sure that that's what Android uses by default and where it stores the passphrase to unlock it
enable file based encryption
yes you can do it.
let me search little bit about it.
i will be back to you soon
So, any new info?
Hello all,
I'm trying to enable avb on a user build and I don't really know where to start.
I signed the build with my own keys and I also wrote the key to the device (fastboot flash avb_custom_key).
I presume I also have to sign the vendor.img file as well. That is not included in the LOS build as it sits in its own partition. But I can extract it in img format with dd.
How should I go about this? Found barely any info on this subject. Asked around LineageOS channels but got no info on this.
As it stands the LOS build is not enforcing avb. I can basically modify anything in /vendor or /system and it persists on reboot.
If someone understands the whole thing any info is very appreciated.
I presume I must add my key to vbmeta.img?
Thank you
@mad_rock
You mean ADB?
jwoegerbauer said:
@mad_rock
You mean ADB?
Click to expand...
Click to collapse
nah, adb is ok.
avb as in Android Verified Boot
trying to figure out how to set it up properly.
found a flag in build config that's disabling avb but I need to understand the rest of the stuff so I can configure it properly before I remove the flag.
as I see it, vbmeta is using a testkey from the build sources, not using any key that I generated to sign apks/builds etc.