I've been curious as to whether or not I can use device encryption (root '/' filesystem encryption + SD card encryption via dm / luks / whatever android uses) and still be able to use TWRP, custom ROMs (I am using RR 6 w/ tuned kernel for s5 based on los 15)? When I boot into recovery TWRP, do I just simply enter my passphrase to unlock the partitions on the device such as root and sd card, or is there some other trick to it?
I don't want to encrypt to find out I screwed the pooch. I have searched various forums but for one reason or another been unable to find a good answer.
Thanks in advance,
dataslanger
dataslanger said:
I've been curious as to whether or not I can use device encryption (root '/' filesystem encryption + SD card encryption via dm / luks / whatever android uses) and still be able to use TWRP, custom ROMs (I am using RR 6 w/ tuned kernel for s5 based on los 15)? When I boot into recovery TWRP, do I just simply enter my passphrase to unlock the partitions on the device such as root and sd card, or is there some other trick to it?
I don't want to encrypt to find out I screwed the pooch. I have searched various forums but for one reason or another been unable to find a good answer.
Thanks in advance,
dataslanger
Click to expand...
Click to collapse
Any rom that fully supports selinux is able to use encryption and the latest version of twrp can decrypt it
It will ask for you to enter your decrypt key to decrypt data
Lineage 15.1 (and roms based on it) support encryption
The test versions of lineage 16 currently at time of writing don't support selinux (but will once they become official)
Thanks, I will perform a TWRP full system backup, copy it to computer, and then give the full encryption a try.
Related
I have a i9505 S4 with OmegaROM 4.3.1 and TWRP v2.6.3.1
Recently I had to encrypt my phone as a work policy and now I am unable to do backups via TWRP.
It keeps failing at trying to mount /data
It is not possible to do backups when encrypted or is there a work around?
You can't do the backups with encryption active. The custom recoveries don't support it, which is one reason the bootloader notifies you about the recovery whenever you boot into it.
Try to flash a different recovery like Philz or try some newer version of TWRP.
Some people claim that it should just work, so it's maybe a bug.
Or maybe you just can't do it like Strephon Alkhalikoi says, i have no idea tbh.
TWRP as of 2.2.0 supports decrypting an encrypted partition on the Galaxy Nexus, but that may well be an experimental thing. You'd need to enter the password used to encrypt the volume in TWRP's terminal window. However, the fact you're not being prompted likely means Android 5.x encryption works in a completely different fashion from the Galaxy Nexus, which is why you're getting an error. Whether the TWRP team is aware of the issues with encryption is something I don't know, but I have found plenty of anecdotes from other Android users regarding encryption issues. The general consensus is that encryption does in fact render the recovery less useful because of the inability to make a nandroid backup.
I don't believe CWM currently supports encrypted volumes. Philz will never support encrypted volumes as it's no longer being maintained.
Hi
I am unable to understand the concept of Decryption. I have been rooting my phone since the time of Samsung S3. I currently own a 64gb Nexus 6p with build number N4F26T. I use the sticky guide given here to root my phone and install custom recovery.
Now I want to apply pixel mods, but they demand verity check disabled. When I go in the security of my phone, it says Phone Encrypted in Encryption. I have checked all of the threads and forums regarding this but there is no clear guideline.
Do I have to decrypt my data? If yes, how will I be going on with this process? I see the format user data command but I am on Nougat 7.1.1 so I think this is not applicable to me. But no where has it been mentioned that I have to decrypt any other way.
Any help would be appreciated as I have always received from this community. How will I go on about the decryption? Please help soon as I currently have no data in it so its easier to format it.
You do not have to decrypt your data to use those MOD's. To disable variety check all you need to do is install a custom kernel or rom that does this by default. You will not lose any data by doing this. If you wanted to decrypt your data then you would have to format the data partition on your phone. This would obviously wipe your data so you would need to make a backup first on your PC. Some people think that decrypting your data will give you a slight speed bump but I've tried both ways and haven't noticed any real difference. So far I haven't run into any reason that the data partition would need to be decrypted to install anything.
This is a Question, so you are supposed to post in the Q/A section, not General.
First, you can't just decrypt the existing data on the phone, you'll have to wipe the device first and then NOT allow the encryption to happen on your fresh install. Make sure you already have USB debugging enabled. You need to perform a factory reset to wipe the phone. Then transfer from your PC either SuperSU (zipfile) or a no force-encrypt custom kernel such as EX Kernel or Franco (zipfile) to the root of the phone (or both). You can do this with TWRP's file manager. Before booting for the first time use TWRP's "Install" to flash either SU or your kernel. Now you can boot to system and your device will not be encrypted by default. Going forward with any updates that include flashing a new boot.img you need to reflash SU or the kernel (before booting) to avoid encryption.
First of all apologies about posting in the wrong section. Secondly, I have already rooted with Supersu. So now all I need to do is format the user data and I will have decrypted data right? It won't again get encrypted, right?
Secondly, thanks alot for such prompt responses. I am unable to find the thanks button that used to be there.
i encrypted my phone after i root it. It's running Lineageos. Encryption works, but if i boot in recovery i can enter folders but don't see any data. I can not mount data folder or add/install anything. Looks logic because it's encrypted, but i read somewhere that twrp will ask for a password when system is encrypted. I don't get this message.
Any suggestion how i need to do it correct? that i can enter twrp with pass
whitetornado said:
i encrypted my phone after i root it. It's running Lineageos. Encryption works, but if i boot in recovery i can enter folders but don't see any data. I can not mount data folder or add/install anything. Looks logic because it's encrypted, but i read somewhere that twrp will ask for a password when system is encrypted. I don't get this message.
Any suggestion how i need to do it correct? that i can enter twrp with pass
Click to expand...
Click to collapse
AFAIK you need a recovery that supports encryption.
strongst said:
AFAIK you need a recovery that supports encryption.
Click to expand...
Click to collapse
i have twrp 3.2.1-0, question, how to start the ask password in terminal or recovery mode, if it is possible?
The only recovery i know which does support encryption is the 32 Bit shreps recovery. Do keep in mind that if you encrypt your device and use that recovery you won't be able to flash 64 bit roms since no 64 bit recovery supports encryption
Hi, ive been wondering why all those roms folks put out are unable to encrypt the /data partition.
Any rom i tried so far is soft rebooting after i invoked the encryption option. No encyption happening at all.
And if i do it manually via adb shell > su # vdc cryptfs enablecrypto wipe password somethingpw
I sort of soft brick the device boot until i whipe the data partion via twrp.
Thereof i am wondering why its broken in the first place and if theres a chance if folk will fix this over time or any 3rd Party Roms will be stuck w/o a chance to encrypt personal data.
Myau said:
Hi, ive been wondering why all those roms folks put out are unable to encrypt the /data partition.
Any rom i tried so far is soft rebooting after i invoked the encryption option. No encyption happening at all.
And if i do it manually via adb shell > su # vdc cryptfs enablecrypto wipe password somethingpw
I sort of soft brick the device boot until i whipe the data partion via twrp.
Thereof i am wondering why its broken in the first place and if theres a chance if folk will fix this over time or any 3rd Party Roms will be stuck w/o a chance to encrypt personal data.
Click to expand...
Click to collapse
I was facing issues with my LOS 15.1, afaik unencrypted. Then I flash stock Oreo Feb using Mi Flash tool, with option 'clean all and lock'. Then I root it with magisk and flash LOS 15.1. The next thing I know, my phone is encrypted
kopitalk said:
I was facing issues with my LOS 15.1, afaik unencrypted. Then I flash stock Oreo Feb using Mi Flash tool, with option 'clean all and lock'. Then I root it with magisk and flash LOS 15.1. The next thing I know, my phone is encrypted
Click to expand...
Click to collapse
Did you dirty flash or whipe the installed OS?
Myau said:
Did you dirty flash or whipe the installed OS?
Click to expand...
Click to collapse
Clean install, i.e. wipe all.
kopitalk said:
Clean install, i.e. wipe all.
Click to expand...
Click to collapse
Thank You, for confirming that Encryption works, i was almost at the verge of returning the phone.
Got it to work now.
....
The tldr of all i tested and messed around with is:
If you whipe Data trough twrp, with the special dialog where you have to type in YES. which folk reccomend to use to remove encryption,
will mean you brick the encryption and requires a re-flashing of the stock rom.
Secondly if you only go into advanced whipe, Art, System and data and then install a rom, it should say 'decrypted with default password'
Which is a dead give away that encryption might going to work just fine, rebooted into bootloader w/o into system, installed gapps pico, (eeh) and magisk, which also mentioned something about encryption as the log ran trough. Then rebooted into system, and now it says encrypted. And i can set up a boot pin/password before it fully boots. GREAT!
Soo.... If it says decrypted and won't encrypt, you have to flash stock, check its encrypted. Then install costum rom without removing encryption.
Once you removed it, its back to stock rom for new a /data setup/encryption.
Hi
I was trying to flash xiaomi.eu (xiaomi.eu_multi_HMK20MI9T_V12.5.2.0.RFJCNXM_v12-11) custom rom to my Mi 9T device via TWRP recovery
I booted into recovery then I noticed TWRP isn't asking for a password for decryption
So dumb me ignored it and "Advance Wiped" all partitions except "Internal Memory" and flashed the rom from "USB OTG"
then problems started to appear
first the rom didn't boot and was stuck in a boot loop
so I wiped and reflashed the original "miui_DAVINCIGlobal_V12.1.4.0.RFJMIXM_e0ac13ed89_11.0" rom via TWRP from "USB OTG" to be able to back up my files and do a proper format/decrypt
but the internal storage is now still encrypted and cannot be accessed
I tried twrp decrypt command with all combinations of passwords pins pattern numbers that I used since first bought the phone but none of them worked
I know I should have backed up my files
Now I want to know how can decrypt /data/media/0 aka /sdcard aka Internal Memory and get my files
like mounting it in windows through some adb and other software and decrypting with known key combinations and passwords
or through twrp or whatever that maybe work
I really can't afford to lose my data AGAIN
yes, that wasn't my first time!!!!!
I promise if this gets right I devote the rest my life to the open-source community
excuse me for my bad English.
When flashing a custom ROM, or going back from, you HAVE to Format (not just Wipe) Data
(And you don't need to wipe System because new ROM will overwrite it anyway, and you better never wipe Persist and so)
Obviously, you must backup your photos, data, etc, before switching the ROM
Data on Internal memory is encrypted, and not by your unlock pin (unlock pin just serves to verify and read the key).
New ROM reinitializes the encryption key
Hence, AFAIK, you cannot decrypt anymore because you don't know the encryption key that was used for data on your Internal memory
Seems you have similar problem as I have
zgfg said:
When flashing a custom ROM, or going back from, you HAVE to Format (not just Wipe) Data
(And you don't need to wipe System because new ROM will overwrite it anyway, and you better never wipe Persist and so)
Obviously, you must backup your photos, data, etc, before switching the ROM
Data on Internal memory is encrypted, and not by your unlock pin (unlock pin just serves to verify and read the key).
New ROM reinitializes the encryption key
Hence, AFAIK, you cannot decrypt anymore because you don't know the encryption key that was used for data on your Internal memory
Click to expand...
Click to collapse
ok
a question
why the twrp was not asking for decryption in first place?
ehsan1326 said:
ok
a question
why the twrp was not asking for decryption in first place?
Click to expand...
Click to collapse
No idea - ask devs of your custom ROM how they implement encryption and what is the proper way to install the ROM