Hey guys! I was wondering why can't we encrypt /sdcard as we do for /data?... In my opinion my files/documents/photos are sensitive information as my data partition is...
Up?
Seriously, no one?
Unipo said:
Seriously, no one?
Click to expand...
Click to collapse
Little late... Anyways, I too am wondering all the time why encryption seems to be relevant for only a really small number of users.
Since you can only encrypt your SD Card with LOS when formatting it as internal storage via assistant, I chose to go this way:
https://guardianproject.info/2011/02/02/create-an-encrypted-file-system-on-android-w-luks/
Did you find another solution?
@two_handed
Sorry I moved to CopperheadOs, my Mi5 was only pure lineage with F-Droid as system app.
I noticed that you don't have access to /data on you encrypted lineageOs phone which means apps data, pictures, music, etc... But you still have access to everything else (/system included) through adb/fastboot.
I wanted a secure phone without google crap, only FLOSS apps, and CopperheadOs is one of the few allowing you (more like forcing you) to relock you bootloader to activate boot secure and prevents anyone to use fastboot/adb shell if your phone gets stollen.
Concerning your question, maybe this http://sovworks.com/eds/ ? Sort of veracrypt for android, also working with veracrypt containers.
A couple of days ago I flashed Lineageos 16 onto my Pocophone F1 with the opengapps package (MTG was giving problems).
Now the main issue I have is that my banking apps, Netflix and 1 or 2 other apps won't work because it says the device is rooted. This is actually incorrect , just the bootloader is unlocked. But I realise this is the new security system of Android.
However, here are the problems that I found while investigating for a solution to the root problem:
1. Trust security system says, "This build was signed with public keys". How to I get a build with a private key? I have never compiled my own build.
2. TWRP 3.2.3 is installed, but the pin/pattern/no password etc does not allow twrp to decrypt the phone. I can use the "cancel" option to get to the menu but then twrp has limitations, see point 3.
3. I am trying to install Magisk on the phone to see if that is a solution for the non-working apps. But after I have transferred the zip file onto /sdcard I cannot see it it when I am in recovery. I guess because of the decrypt issue in point 2.
I have tried to Google for solutions to these issues, but no answers see to be clear as to what the solution is.
So can somebody advise what my best course of action is to get the apps complaining about root to work? Back to the stock android with all the bloatware?
Thanks a million in advance to the person who can help with this.
Is there any Q rom that has
1. Safety Net passing without magisk
2. Supports encryption ( so that if I lose my phone, someone can't access data easily. Earlier P elms used to support encryption)
3. Selinux enforcing
Strangely a few months ago, there were many P roms that had all of the above, but I can't find Q roms that have these features. Is it something about Q. Also, even the recent update of Los 16 don't pass Safety Net. Has something changed about android/google that is causing it?
Thanks
Android Q has File based Encryption (FBE) not Full Disk encryption. And at present TWRP cannot decrypt FBE. And this it cannot Mount /data partition to do OTA updates or anything of the sort. The main TWRP maintainer is presently busy with other very important things in his life so FBE for TWRP may take a while.
Plus Xiaomi has not yet released Android 10 for Poco so it could also be that some firmware component is missing to support FBE (I'm not sure). If so it could be why the ROMs have trouble implementing it.
Regarding selinux, it will be a while before ROMs become really stable.
@ziglar24 if you're willing to learn you can contribute to twrp at Gerrit Code Review TWRP
So, I've been wanting the Galaxy Tab S7+ for months. But I haven't had the money for it until now (yeah, you guesses it, stimulus payment). But I'm still on the fence about buying it. I know bootloader unlock, TWRP and Magisk root is available for this tab. But I don't want to be limited to just running stock-based ROM's. My plan is to flash a Project Treble-based firmware like Phh Treble, Resurrection Remix.
The questions I'd like to ask are:
1. This tab appears to be Treble compatible, it is listed on the Treble device compatibility page as working. But I would like to hear from an actual owner of this device that has successfully booted and ran a Treble/GSI ROM
2. The partition layout is ARM64 A/B and system-as-root?
3. Besides unlocking bootloader and flashing TWRP, are there any other special considerations I would need to know about?
Without this info, I won't buy, and Google doesn't always produce solid answers. I would like to become an active developer for this device as well, but I need compelling reasons to buy it, besides just great hardware, the latest Android 10/11, that kind of thing....the superficial stuff.
I could just buy now and test when I get it, Amazon has a 30 day return policy. But I don't think they will accept a tablet return if the warranty has been voided by the user. So this really isnt an option.
AnonVendetta said:
So, I've been wanting the Galaxy Tab S7+ for months. But I haven't had the money for it until now (yeah, you guesses it, stimulus payment). But I'm still on the fence about buying it. I know bootloader unlock, TWRP and Magisk root is available for this tab. But I don't want to be limited to just running stock-based ROM's. My plan is to flash a Project Treble-based firmware like Phh Treble, Resurrection Remix.
The questions I'd like to ask are:
1. This tab appears to be Treble compatible, it is listed on the Treble device compatibility page as working. But I would like to hear from an actual owner of this device that has successfully booted and ran a Treble/GSI ROM
2. The partition layout is ARM64 A/B and system-as-root?
3. Besides unlocking bootloader and flashing TWRP, are there any other special considerations I would need to know about?
Without this info, I won't buy, and Google doesn't always produce solid answers. I would like to become an active developer for this device as well, but I need compelling reasons to buy it, besides just great hardware, the latest Android 10/11, that kind of thing....the superficial stuff.
I could just buy now and test when I get it, Amazon has a 30 day return policy. But I don't think they will accept a tablet return if the warranty has been voided by the user. So this really isnt an option.
Click to expand...
Click to collapse
1. At present, AOSP v304 GSI can be booted, but no Magisk yet. This is if you have Android 11 stock FW. The situation with GSI might be different (probably better) with Android 10 stock FW, but I can no longer test this, as the latest BUC1 build blocked the downgrade path. You can still downgrade to Android 10 (up to ATK3) if you're on build BUBB or below.
2. This device uses a Super partition (also called dynamic partitions) for system, vendor, etc.. Because of this, flashing GSI is no longer trivial. You can try using this tool to flash a GSI from TWRP.
3. Currently TWRP cannot access /data if it's encrypted. You need to flash Multi-Disabler to disable encryption (which requires formatting /data) if you want TWRP to access it. Also, while Magisk works on stock FW, be careful when debloating as some Samsung components are not happy with certain components removed and would cause trouble.
LSS4181 said:
1. At present, AOSP v304 GSI can be booted, but no Magisk yet. This is if you have Android 11 stock FW. The situation with GSI might be different (probably better) with Android 10 stock FW, but I can no longer test this, as the latest BUC1 build blocked the downgrade path. You can still downgrade to Android 10 (up to ATK3) if you're on build BUBB or below.
2. This device uses a Super partition (also called dynamic partitions) for system, vendor, etc.. Because of this, flashing GSI is no longer trivial. You can try using this tool to flash a GSI from TWRP.
3. Currently TWRP cannot access /data if it's encrypted. You need to flash Multi-Disabler to disable encryption (which requires formatting /data) if you want TWRP to access it. Also, while Magisk works on stock FW, be careful when debloating as some Samsung components are not happy with certain components removed and would cause trouble.
Click to expand...
Click to collapse
Thanks for the info, I honestly didn't think I would ever get an answer.
You say the AOSP GSI can be booted. But do you speak from experience? Or just from what others have said?
The part about BUC1 blocking the downgrade path is useful, I'll keep that in mind before installing any OTAs or flashing firmware with Odin. Yes, I do imagine that Magisk is more compatible with AOSP based ROMs vs stock, that has always been my experience on other devices.
I already did some reading, I'm aware of the super partition thing. I know I'll have to unpack and repack the super.img, replacing the system.img with a Treble one.
I'm also aware of the file based encryption that TWRP can't read, I don't encrypt my devices, and plan to disable it.
I know all about debloating troubles, I've done it on numerous devices, important stuff can definitely break if you're not careful.
I'm wondering if you can answer a few more questions:
1. Are you rooted?
2. Can the system partition be remounted as read/write from within Android on stock firmware? I have heard cases where the dynamic partitions can prevent this, but supposedly it's not usually an issue on custom ROMs, just stock. I ask because I will be debloating, but if remounting system isnt possible, then I'll need to rely on Magisk for systemless debloating. Or just remain unrooted and debloat with ADB package disable commands (this doesn't really delete anything, and works without root).
3. If you are running Magisk,can you upload a screenshot of the main screen? I just want to see the A/B and SAR values.
4. Can you install the free version of Treble Check from Play Store, and post screenshots of the main info screen?
5. Is it possible to moves apps to SD without enabling adoptable storage (on stock, I know custom AOSP firmwares will require AS, or a root app like Apps2SD and a 2nd partition on SD.
I'm hoping to hear from at least another confirming user before I make a buying decision, spending $1k+ on a high end tablet is a big deal.
And if I do buy, I am serious about becoming a developer.
LSS4181 said:
1. At present, AOSP v304 GSI can be booted, but no Magisk yet. This is if you have Android 11 stock FW. The situation with GSI might be different (probably better) with Android 10 stock FW, but I can no longer test this, as the latest BUC1 build blocked the downgrade path. You can still downgrade to Android 10 (up to ATK3) if you're on build BUBB or below.
2. This device uses a Super partition (also called dynamic partitions) for system, vendor, etc.. Because of this, flashing GSI is no longer trivial. You can try using this tool to flash a GSI from TWRP.
3. Currently TWRP cannot access /data if it's encrypted. You need to flash Multi-Disabler to disable encryption (which requires formatting /data) if you want TWRP to access it. Also, while Magisk works on stock FW, be careful when debloating as some Samsung components are not happy with certain components removed and would cause trouble.
Click to expand...
Click to collapse
Thanks for the info, I honestly didn't think I would ever get an answer.
You say the AOSP GSI can be booted. But do you speak from experience? Or just from what others have said?
The part about BUC1 blocking the downgrade path is useful, I'll keep that in mind before installing any OTAs or flashing firmware with Odin. Yes, I do imagine that Magisk is more compatible with AOSP based ROMs vs stock, that has always been my experience on other devices.
I already did some reading, I'm aware of the super partition thing. I know I'll have to unpack and repack the super.img, replacing the system.img with a Treble one.
I'm also aware of the file based encryption that TWRP can't read, I don't encrypt my devices, and plan to disable it.
I know all about debloating troubles, I've done it on numerous devices, important stuff can definitely break if you're not careful.
I'm wondering if you can answer a few more questions:
1. Are you rooted?
2. Can the system partition be remounted as read/write from within Android on stock firmware? I have heard cases where the dynamic partitions can prevent this, but supposedly it's not usually an issue on custom ROMs, just stock. I ask because I will be debloating, but if remounting system isnt possible, then I'll need to rely on Magisk for systemless debloating. Or just remain unrooted and debloat with ADB package disable commands (this doesn't really delete anything, and works without root).
3. If you are running Magisk,can you upload a screenshot of the main screen? I just want to see the A/B and SAR values.
4. Can you install the free version of Treble Check from Play Store, and post screenshots of the main info screen?
I'm hoping to hear from at least another confirming user before I make a buying decision, spending $1k+ on a high end tablet is a big deal.
And I am serious about developing for this device if I do buy. Mainly for AOSP firmwares or porting LineageOS, but maybe for stock too.
It looks like I can't delete the previous double posts, and editing causes it to be posted again. I hate the new XDA layout, the old was so much better.
AnonVendetta said:
Thanks for the info, I honestly didn't think I would ever get an answer.
You say the AOSP GSI can be booted. But do you speak from experience? Or just from what others have said?
The part about BUC1 blocking the downgrade path is useful, I'll keep that in mind before installing any OTAs or flashing firmware with Odin. Yes, I do imagine that Magisk is more compatible with AOSP based ROMs vs stock, that has always been my experience on other devices.
I already did some reading, I'm aware of the super partition thing. I know I'll have to unpack and repack the super.img, replacing the system.img with a Treble one.
I'm also aware of the file based encryption that TWRP can't read, I don't encrypt my devices, and plan to disable it.
I know all about debloating troubles, I've done it on numerous devices, important stuff can definitely break if you're not careful.
I'm wondering if you can answer a few more questions:
1. Are you rooted?
2. Can the system partition be remounted as read/write from within Android on stock firmware? I have heard cases where the dynamic partitions can prevent this, but supposedly it's not usually an issue on custom ROMs, just stock. I ask because I will be debloating, but if remounting system isnt possible, then I'll need to rely on Magisk for systemless debloating. Or just remain unrooted and debloat with ADB package disable commands (this doesn't really delete anything, and works without root).
3. If you are running Magisk,can you upload a screenshot of the main screen? I just want to see the A/B and SAR values.
4. Can you install the free version of Treble Check from Play Store, and post screenshots of the main info screen?
I'm hoping to hear from at least another confirming user before I make a buying decision, spending $1k+ on a high end tablet is a big deal.
And I am serious about developing for this device if I do buy. Mainly for AOSP firmwares or porting LineageOS, but maybe for stock too.
Click to expand...
Click to collapse
I actually booted it myself and kept a backup of it so I can test it a bit further if needed. With TWRP and appropriate backups it's not difficult to switch back and forth.
Since Magisk can't work with Android 11 vendor at the moment, and that recent GSI builds are not certified for some reasons (which blocks Google login), my current use of GSI is still a bit limited, so I'm mostly still doing stuffs on stock.
As for other questions:
1. I'm rooted on stock ROM with Magisk (it works there). Magisk does not work on GSI with Android 11 vendor at the moment.
2. I haven't tried mounting system r/w from within Android, but TWRP certainly could mount it r/w, as Multi-Disabler needs to modify stuffs there. For GSI, you need to use vndklite variants in order to be able to mount system r/w.
Honestly, this is my first Samsung Android device and is also my first device with a super partition, so I still have a lot to learn...
EDIT: I'm using a Galaxy Tab S7+ 5G variant. I think for Wi-Fi variant most things should be similar... but I'm not really sure.
LSS4181 said:
I actually booted it myself and kept a backup of it so I can test it a bit further if needed. With TWRP and appropriate backups it's not difficult to switch back and forth.
Since Magisk can't work with Android 11 vendor at the moment, and that recent GSI builds are not certified for some reasons (which blocks Google login), my current use of GSI is still a bit limited, so I'm mostly still doing stuffs on stock.
As for other questions:
1. I'm rooted on stock ROM with Magisk (it works there). Magisk does not work on GSI with Android 11 vendor at the moment.
2. I haven't tried mounting system r/w from within Android, but TWRP certainly could mount it r/w, as Multi-Disabler needs to modify stuffs there. For GSI, you need to use vndklite variants in order to be able to mount system r/w.
Honestly, this is my first Samsung Android device and is also my first device with a super partition, so I still have a lot to learn...
EDIT: I'm using a Galaxy Tab S7+ 5G variant. I think for Wi-Fi variant most things should be similar... but I'm not really sure.
Click to expand...
Click to collapse
I am using the WIFI variant (SM-T870) on the latest stock release (T870XXU2BUC6) with root and Magisk 22.1 running just fine. Root was accomplished by flashing a Magisk modified boot image with Odin found here https://forum.xda-developers.com/t/...-updated-3-29-21.4159291/page-2#post-84843377 on this thread. I used Titanium Backup to debloat and have had no issues at all. The performance is great and the stability sound. I would suspect that a similar arrangement could accomplished on the other versions of the tablet but cannot speak from experience. Personally I have never had much luck flashing Project Treble GSIs on any of my devices. They tend to be very unstable and iffy at best and I always wind up returning to stock or another custom ROM choice.