[Q] Why do Custom Roms break Device Encryption - Galaxy Note II Q&A, Help & Troubleshooting

I've noticed that often when loading a custom rom on Note II or any other device for that matter, device encryption (full disk encryption) doesnt work anymore. If you try it, device will just reboot and give you a message that encryption failed.
So the question Im asking is, why do custom roms break the device encryption feature?
What do I need to do to restore this functionality? (Aside from the obvious, which is to restore stock rom)

rndinit0 said:
I've noticed that often when loading a custom rom on Note II or any other device for that matter, device encryption (full disk encryption) doesnt work anymore. If you try it, device will just reboot and give you a message that encryption failed.
So the question Im asking is, why do custom roms break the device encryption feature?
What do I need to do to restore this functionality? (Aside from the obvious, which is to restore stock rom)
Click to expand...
Click to collapse
I wish I knew the answer to this question as well. I am going back to stock, because work requires me to encrypt my phone for email to work. I've heard that there is an alternative version of the email app that bypasses the security policies, but it's not worth my job over a custom rom... for now :laugh:

Related

[Q] Encryption and CWM/ Custom ROM?

Good evening (subjectively) all.
I've just recently encrypted an HD 2.* ROM on my Nexus. After encrypting the device today, it appears I have no access to the SDCard in CWR.
Can anyone give me any advice? How do I unencrypt (if I must) or fix the situation ?
My impression is that right now, you can either encrypt the device and keep it stock, or stay unencrypted if you want to mod the device/enjoy CWM. Maybe I'm wrong (I hope I am!), but I've just heard that encryption causes too much pain to be worthwhile if you want to do anything non-stock.
Rules.r said:
Good evening (subjectively) all.
I've just recently encrypted an HD 2.* ROM on my Nexus. After encrypting the device today, it appears I have no access to the SDCard in CWR.
Can anyone give me any advice? How do I unencrypt (if I must) or fix the situation ?
Click to expand...
Click to collapse
I had this problem! CWM can't see the sd card as it is encrypted. You need to do a full factory reset to remove the encryption. Google does't allow the option to decrypt yet.
Unfortunetly when you do a factory reset it wont work as it is looking for the stock bootloader to complete the wipe and it won't be able to use your existing bootloader. World of hurt!
The only way I got around this was to adb/fastboot the original stock rom. This caused me so much pain! Even then I had to do it once or twice before it fully worked.
Let me know how you get on.

Question on "Phone Encryption"

Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.
Hopefully someone knows.
kisekio said:
Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.
Click to expand...
Click to collapse
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.
jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
Click to expand...
Click to collapse
I assume any kind of flashing won't work with encryption, including rom, kernel, radio, circlesmod, and all other kinds of mods that require flashing from CWM.
Is that correct?
If that's the case looks like I'm not going to use my work email on my phone.
Yeah your assumptions are correct!
jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.
Click to expand...
Click to collapse
I'm in exactly the same situation, unfortunately found out that i can't decrypt it with factory reset after I'm already encrypted
Do you happen to know good tutorial for flashing via ADB/fastboot?
I flashed my CM10 4.1.1 using galaxy nexus toolkit
http://forum.xda-developers.com/showthread.php?t=1830108 You're welcome.

[Q][P] Using encryption on your tablet

Hello!
I'd really like to use encryption on my tablet on a custom ROM but am failing spectacularly. Neither on Schischu's Lollipop nor on Schischu's Marshmallow ROM my encryption attempts were successful.
As nobody answered to my posts at all, I am starting to wonder if encryption is used by anybody on our P605. So I'd like to setup this poll to get a rough overview about the use cases of people and understand if it's simply my fault or if this feature is not used and therefore not tested.
Of course, I'd be happy to read some comments below if somebody made it working on a custom ROM (like Schischu's) how this was achieved.
OlafLostViking said:
Hello!
I'd really like to use encryption on my tablet on a custom ROM but am failing spectacularly. Neither on Schischu's Lollipop nor on Schischu's Marshmallow ROM my encryption attempts were successful.
As nobody answered to my posts at all, I am starting to wonder if encryption is used by anybody on our P605. So I'd like to setup this poll to get a rough overview about the use cases of people and understand if it's simply my fault or if this feature is not used and therefore not tested.
Of course, I'd be happy to read some comments below if somebody made it working on a custom ROM (like Schischu's) how this was achieved.
Click to expand...
Click to collapse
Hi,
The fault does not lie with you. I havn't checked encryption on the note 10.1 2014 custom roms but I did check it out on the Note 4 forums. And all the custom roms that I've come across there don't support encryption, either because the dev's don't view it as important (because no one uses it) or because it's see as secondary compared to speed and battery life.
It's a pretty dangerous game to play without encryption, knowing that the lock screen is so easy by-passable. I was able to flash TWRP and root the note 4 without the device auto wiping user data. So e.g. flashing a custom rom onto the device in order to bypass the lockscreen, and therefore being able to access all the person's personal data and apps is pretty much childsplay for a person that's the least bit into tech.
Sad to hear that, but thank you very much for taking your time to post a reply! :good:
Vasishtha said:
It's a pretty dangerous game to play without encryption, knowing that the lock screen is so easy by-passable. I was able to flash TWRP and root the note 4 without the device auto wiping user data. So e.g. flashing a custom rom onto the device in order to bypass the lockscreen, and therefore being able to access all the person's personal data and apps is pretty much childsplay for a person that's the least bit into tech.
Click to expand...
Click to collapse
Indeed - a mobile device is lost or even stolen quite fast. And since we already use custom ROMs and TWRP it's trivial to just access the data via ADB. *sigh* Well, I'm even thinking about going back to a rooted stock ROM with firewall to increase the safety of my local data.... Let's just hope the custom ROMs will support it eventually.
OlafLostViking said:
Sad to hear that, but thank you very much for taking your time to post a reply! :good:
Indeed - a mobile device is lost or even stolen quite fast. And since we already use custom ROMs and TWRP it's trivial to just access the data via ADB. *sigh* Well, I'm even thinking about going back to a rooted stock ROM with firewall to increase the safety of my local data.... Let's just hope the custom ROMs will support it eventually.
Click to expand...
Click to collapse
What are you using a firewall for? Can you link me the firewall your using?
I use xprivacy in combination with a firewall(it's an old one and not available anymore on the app store).
There exists some apps that can wipe your phone automatically if you enter the wrong password to many times, I was using one but I can't find it anymore (locker).
-V
Sure! I am using AFWall+ which makes it easy to select the right processes thanks to the log. And it's not a proxy or so (iptables frontend), so it works on all processes and all connections (WiFi, Cell, Roamin, LAN, VPN).
The firewall in XPrivacy is much more finegrained, as it allows you to block certain IPs/Domains while AFWall+ is blocking the whole network access. So I'd say it depends on your needs and, to be honest, the time you want or can invest into setting up your tablet. I bought XPrivacy and am just downloading the profiles from the net as it takes too much time for me at the moment to find the settings on my own
I have upgraded to Android Lollipop + Root + TWRP.
I would use the full data encryption but it seems that you always have to enter a (long) password each time, when you start or unlocking (!) the Note 10.1 (2014 Edit.)
On my Huawei Mate 7 with Android 5, i can use a Passwort for the start and a pattern for unlocking. So, thats very good and fast, if i have to unlock the smartphone.
Only on my Samsung Note 10.1 there is no pattern methode for unlocking the tablet available.... (the same sh** as in Android 4.4)
While you can change the encryption password to be different from the unlock password (using the CLI), you can also use application like f.ex. Delayed Lock that modify the locking behaviour. I am not letting my phone lock when I am at home (WiFi, not that unuseable GPS/cell from the new Android ), for example. With those two approaches using a good encryption password is no hassle at all

How to do full device encryption with custom recovery and 5.0+?

A while ago I posted a workaround to use custom recovery and full device encryption and it seems like it's STILL needed, meaning I can't use TWRP, unless someone has found a ROM that has working encryption with TWRP? I've tried a few ROMs so far, as well as the latest stock ROM (NJ2 - 4.4.2). TWRP just gives the error "cannot find crypto footer" and the devs have said in the past this is a "wontfix" problem. I'd really, really like to put Marshmallow on here but I need full device encryption and TWRP support. So frustrating.
I don't mind wiping this device and re-encrypting as many times as needed, I just need it working.

Does Encryption NEVER work in ROMS

So I kind of like the fact encryption is turned on automatically by Nextbit (and I did figure out how to get out of my encryption loop)
And I have tried to encrypt the disk with
-Pacman ROM
-Reserrection ROM
-Paranoid Android
and all of them bootloop and never actuall boot up once you press "encrypt".... so is it impossible to encrypt once you have an unlocked bootloader and recovery installed? I get its detrimental to the whole process of flashing incessantly but still
Grrrrrrr
Can sum1 confirm
tlxxxsracer said:
If you unlock the bootloader,that alone won't cause encryption issues. You have to flash a specific boot.img or zip that will disable encryption.
Don't unencrypt and should be fine.
Not sure why you'd want to encrypt if your BL is unlocked. Encryption only hurts performance
Click to expand...
Click to collapse
thanks for the reply
I wanted to encrypt my current ROM to just get the extra protection from theft or lost device.
I really like the current ROM im using and dont need to flash anymore currentlty, so i would be fine locking it down with encryption
But i cant get ANY of the ROMS to encrypt like they normally do say compared to the G3
So there is a solution to this. Basically, when you encrypt the file system on one rom, even when you wipe the data certain things are still tied to the old file system. That's why when you go to encrypt the encryption fails, because the remnant stuff from the other rom is in the way. The solution is to completely reformat the data partition (using TWRP, select format data, or change the data file system to F2FS and then back to ext4.). This will clear the conflicts causing encryption to bootloop. However, this process will need to be repeated every single time you switch roms (updating a rom is fine).
I believe Cyanogenmod supports encryption, though I have never tried it.
yanowman said:
So I kind of like the fact encryption is turned on automatically by Nextbit (and I did figure out how to get out of my encryption loop)
And I have tried to encrypt the disk with
-Pacman ROM
-Reserrection ROM
-Paranoid Android
and all of them bootloop and never actuall boot up once you press "encrypt".... so is it impossible to encrypt once you have an unlocked bootloader and recovery installed? I get its detrimental to the whole process of flashing incessantly but still
Click to expand...
Click to collapse
If you flashed the custom boot image, you CANNOT re encrypt your phone. Won't work.

Categories

Resources