Hi
We already know that device encryption has almost no impact on performance in Galaxy S6 (http://forum.xda-developers.com/galaxy-s6/general/impact-encryption-t3081728) but how does it look in the case of LG G4?
Has anyone tried encryption?
Is it possible to use knock code to unlock screen on encrypted device?
Mac
Snapdragon 808 does AES encryption and, iirc, SHA checksums in hardware, just like S6's 64-bit Exynos. That means that unless LG screwed up, encrypting the phone should have at most negligible effect on G4's performance.
Screen unlocks have nothing to do with phone encryption. The latter simply means encrypting its file system, nothing more. So, the answer should be "Yes."
However, it's up to the security implementation on the phone. For example, on my GS3 enabling phone encryption disabled pattern unlocking. But that was Samsung's doing, not some inherent property of encryption.
---------- Post added at 10:10 AM ---------- Previous post was at 09:52 AM ----------
Correction: You are not encrypting the file system, but the underlying NAND.
Lack of sleep.
With an encrypted G4, the only options available for screen lock are PIN and Password. All others cannot be selected.
So they did restrict it.
That sucks. Personally, I think the knock code is more secure than a pin.
That should be fixable in a ROM, though.
I think the main reason is because knock code and pattern inputs aren't available in the boot time password entry screen. You'd have to have an independent password for decryption, which can't be done with the stock software (which is an incredibly stupid design choice - I can't wait for root so I can set a different encryption password).
Great point. I forgot about that.
AFAIK, that workaround, with two different methods for two different authentication stages, has already been implemented in some ROMs for other phones, so it definitely should be doable.
hendusoone said:
With an encrypted G4, the only options available for screen lock are PIN and Password. All others cannot be selected.
Click to expand...
Click to collapse
So every time when I want unlock the phone I need to type password (or PIN)? Right?
Any impact on performance?
I know that Snapdragon has hardware encryption but as far as I understand this is not obligatory to use it (like Google did in Nexus 6 where encryption had huge impact on performance).
Makster said:
Great point. I forgot about that.
AFAIK, that workaround, with two different methods for two different authentication stages, has already been implemented in some ROMs for other phones, so it definitely should be doable.
Click to expand...
Click to collapse
Agree. They should ask for password after power up and then allow to use knock code.
Correct me if I'm wrong, but isn't Nexus 6 built on top of the 32-bit ARMv7 805? It wouldn't support hw encryption.
As for the G4, the way I understand it, LG would have to disable it at compile time specifically not to support it.
MBroda said:
So every time when I want unlock the phone I need to type password (or PIN)? Right?
Any impact on performance?
I know that Snapdragon has hardware encryption but as far as I understand this is not obligatory to use it (like Google did in Nexus 6 where encryption had huge impact on performance).
Click to expand...
Click to collapse
Yes. You'll need to enter the password (or PIN) when you boot your phone, during the boot process. You'll also need to enter it any time you unlock the screen. You can still use Smart Lock to unlock the phone automatically when certain conditions are met, but that won't help during the boot process.
I haven't run any benchmarks... if you have one in mind, give me a link and I'll give it a run on the encrypted device. Someone else will have to provide unencrypted benchmarks, though.
I found a couple benchmarks to run. This is on an encrypted device.
RLBenchmark:
Code:
LG-H811 (SDK:22; LMY47D)
Benchmark Results:
1000 INSERTs - 2.766 sec
25000 INSERTs in a transaction - 1.106 sec
25000 INSERTs into an indexed table in a transaction - 1.112 sec
100 SELECTs without an index - 0.015 sec
100 SELECTs on a string comparison - 0.006 sec
Creating an index - 0.246 sec
5000 SELECTs with an index - 0.304 sec
1000 UPDATEs without an index - 0.972 sec
25000 UPDATEs with an index - 2.019 sec
INSERTs from a SELECT - 0.527 sec
DELETE without an index - 0.526 sec
DELETE with an index - 0.42 sec
DROP TABLE - 0.117 sec
Overall - 10.136 sec
AndroBench:
Code:
#Microbenchmark
Target: /data (ext4, -)
64MB / 32768KB / 4KB / 8
SEQ RD: 137.9 MB/s
SEQ WR: 94.46 MB/s
RND RD: 5124.93 IOPS
RND WR: 6315.32 IOPS
#SQLite benchmark
Insert: 300.91 TPS
Update: 382.51 TPS
Delete: 461.88 TPS
#Macro benchmark
Target: /data (ext4, -)
Browser: 38.75 msec
Market: 82.75 msec
Camera: 106.25 msec
Camcorder: 264.5 msec
Here are my results (unencrypted device - H815).
Code:
# Microbenchmark
Target: /data (ext4, cfq)
64MB / 32768KB / 4KB / 8
SEQ RD: 243.95 MB/s
SEQ WR: 95.51 MB/s
RND RD: 7325.22 IOPS
RND WR: 3823.68 IOPS
# SQLite benchmark
Insert: 295.18 TPS
Update: 327.57 TPS
Delete: 435.55 TPS
# Macro benchmark
Target: /data (ext4, cfq)
Browser: 45.5 msec
Market: 78.0 msec
Camera: 84.0 msec
Camcorder: 248.0 msec
RLBenchmark is almost the same.
I have better sequential read speed but you have better random write IOPS. Strange.
Before I encrypt my device, does anyone know if we can decrypt it? The menu says it is not reversible. I am not rooted, and don't plan to yet (I have a sprint model and there's no kdz file to get back to stock if I break something)
Sent from my LGLS991 using Tapatalk
daddymikey1975 said:
Before I encrypt my device, does anyone know if we can decrypt it? The menu says it is not reversible. I am not rooted, and don't plan to yet (I have a sprint model and there's no kdz file to get back to stock if I break something)
Sent from my LGLS991 using Tapatalk
Click to expand...
Click to collapse
Yes, you can. Factory reset will remove encryption, but only on 5.1
On 6.0 encryption is mandatory so you can't use your phone without encrypting data first..
Awesome. Thanks!
Sent from my LGLS991 using Tapatalk
Perceived performance
For anyone on 6 (especially if you use xTreme rom) and has encrypted.. what is the perceived performance like?
About to take the plunge, but curious about other people's experience post full disk encryption.
Thanks!
Can someone run this app who is on 6.0 and encrypted G4?
https://play.google.com/store/apps/details?id=us.hipxel.performance.disk.speed.test
and post the results of internal storage test?
would be much appreciated!
I am rooted running Genysis 3.8. To encrypt, I had to unroot (within SuperSU app) && wipe cache && reboot THEN encrypt. Do NOT choose bootup PIN/PW, only lockscreen. There are a lot of FC's that prevent you from loading the keyboard to input anything.
As far as the PIN/PW thing on lockscreen, Genysis allowed me to have ALL lockscreen options including no lockscreen. Don't know if that is a bug or a feature.
As far as performance, I would say that I can tell no difference from unencrypted to encrypted.
Related
I downloaded and installed official LineageOS to my Galaxy Note 10.1 (2014 Edition) P-605 from
https://download.lineageos.org/lt03lte
Install TWRP Recovery
Install latest downloaded file from the link given above
Install open gapps (mini)
Everything working fine except
Usb MTP connection is not working
On boot Setting app closes
Less battry life than the stock rom
MTP connection issue is a huge problem for me. Do anyone know a fix? I searched everywhere and couldn't find anything
I confirm all the above issues with the nightly build 2018-02-22.
Let me add another (serious) one: if you encrypt the storage, every time you reboot a bunch of applications go in restart loop, until eventually the device restart. This is basically a bootloop. I will try to wipe cache and dalvik and restart to see if the problem persists.
I'm not used to rant just for the sake of, also considered the amazing work devs do, but this time I'm a bit pissed. I bought this tablet specifically because it is listed in the "Lineage OS supported devices" list. It would be nice to put a big disclaimer if the current build has so many crippling issues.
---------- Post added at 10:39 AM ---------- Previous post was at 10:16 AM ----------
That's annoying... TWRP does not manage to decrypt the storage partition... So I'm pretty much screwed.
I will try to format the storage to remove the encryption, and then re-install the latest Lineage nightly using either adb sideload or a micro-USB pendrive.
OK, kind of works. I started TWRP recovery and formatted all the device (removing encryption), then copied back the lineageOS (I used the last nightly, 2018-02-22) and addonsu zip files using a microUSB stick. Reinstalled everything. It works, the only annoying thing is that by formatting the sdcard I lost the backup I had previously done with TWRP of the original firmware, but that's fine, I was not planning of using it anyway.
- enabled USB debugging, root apps+ADB, enable third-party apps
- added F-Droid repo
- downloaded CryptFS from F-Droid
- Settings -> Security -> set up a temporary password for screen unlock
- Plugged in tablet, Settings -> Security -> encrypt device (using the temporary password above)
- reboot, this time seems to work (modulo the usual annoying "settings app has stopped working" one-time popup)
- changed encryption password with CryptFS (requires root of course)
- Settings -> Security -> changed screen unlock to a normal PIN
Everything seems to work so far: the device asks for the long decryption password at boot but only short PIN to unlock screen.
Planning to install WrongPINshutdown now, to complete anti-theft security setup.
So far so good, except ADB still doesn't work. Keeping a close eye on battery usage.
Coming next:
- testing whether TWRP can decrypt storage
- making sure at least LineageOS can mount USB drives... since MTP doesn't work it would be annoying having to use network or ADB to transfer large files...
---------- Post added at 01:17 PM ---------- Previous post was at 12:59 PM ----------
Babality!
- TWRP still cannot decrypt storage, does not even ask for the passphrase, just does not see the partition
- after trying the above, somehow the encrypted partition header got screwed: if I start Lineage OS, when I'm prompted for the passphrase. I always got "wrong password". Either using the "right" password, or using the old temporary password I used before, or the current device PIN, nothing: everything is "wrong password".
I'm reinstalling everything again and do a couple of final tests before giving up and forgetting about encryption.
I suspect this might be an issue of TWRP. I'm using version 3.0.2-0. I'm installing now the latest version (3.1.1-0) and see if things change.
Also, coming next MTP test.
---------- Post added at 01:37 PM ---------- Previous post was at 01:17 PM ----------
TWRP 3.1.1-0 bootloops tablet... I have to start from Odin again.
F**k all this s**t, my next device's gonna be an Apple :angryface:
I managed to make the double-encryption work: now when I boot the tablet it requests the passphrase, but to unlock the screen just a PIN (however, Wrong PIN Shutdown powers off the tablet after a few wrong PIN trials).
I'm not entirely sure how I did it to be honest, but I suspect the reason is the following: the encryption of the tablet can only be done by setting up a password for screen unlock at first.
Then you use Cryptfs to change the encryption password.
Then you change the screen protection option to "PIN" instead of password. If you are running one of the latest Lineage OS builds, when you are asked "do you want to require a PIN also at boot?", counterintuitively, answer "yes".
THEN you must run Cryptfs again and re-set the storage encryption password. This way it works.
I did not dare starting TWRP again in recovery mode , I'm afraid it would mess up with the encryption.
Keeping an eye on the battery: it's pretty bad to be honest. I was used to my beloved Lenovo tablet, I was using it only as a PDF reader (flight mode, uninstalled all the crap etc) and, with the stock firmware, it had pretty much the same battery life of a real Ebook reader, I could easily leave it in the closet for weeks and find it still charged when I needed it. This Galaxy Note 10.1 is not even close with Lineage 14.1, now I killed all the unnecessary processes and set battery mode to maximum span, let's see if it gets better.
After a few days of test I can confirm poor battery life. Less than two days in complete standby, flight mode, energy saving mode. That really sucks.
I have to add: SIM card not recognized, only WiFi works.
TL;DR: do not install this ROM.
Did anybody test the official LineageOS build for the SM-P605 (lt03lte) ?
Is it working by now?
Has anybody an old (Octobre or Septembre) version of the official LinageOS for SM-P605 (lte03lte)? Unfortunately after the decision to no longer maintain that ROM all older downloads have been deleted and I have some problems with the december version
Ok so I'm a little bit of a security freak, I care about how my data are secure on my device and make sure that not a single bit of Google's code is left and tracking me (I debloat roms myself).......... The biggest issue is Encryption
I have both OP3 and 3T
Pre OS setup
OP3:
- OB 28 firmware
- Blu.Spark TWRP 8.61
OP3T
- OB 19 Firmware
- Blu.Spark TWRP 8.61
The issue I faced is that once I set an encryption password I either cannot change it, or a garbage password will be set and I won't be able to boot to my phone again unless I "fastboot format userdata"
- Type 1 issue, Set encryption password but can't change later: happens in all RR and LOS based roms (I even read somewhere that this bug was reported but due to it not being a popular feature the issue was cancelled", they suggested that in order to change it I have to make a complete back up, decrypt, restore back up, and encrypt again with a new password.... And this is a no go for me.
- Type 2 issue, Set encryption password and a rubbish password will be set: this happened to me in a few AOSP based roms (CardinalOS for example), so if I set a pattern for example, the encryption password will not be the same pattern I set, thus I'll be locked out of my phone unless I format userdata
I tried the cryptfs command
"vdc cryptfs changepw password '<old encryption password>' <new password>"
But nothing changes
Not all AOSP roms have this issue tho, PureFusion ROM (which is AOSP based) is fine, and all OOS based roms are fine too
Is there any fix for such issue? I'd love to use another rom,
possibly RR (Currently using FreedomOS), but the encryption issue is bothering me
According to latest part of your post, the "buggy" cryptfs concerns only some custom roms.
How would you solve that issue? It's depending by rom developer, the only attempt you could try is a bug report.
But there's a good risk to be ignored, because many people are not so obsessed by security, developers won't to find time for very rare issues.
DaKing1512 said:
Ok so I'm a little bit of a security freak, I care about how my data are secure on my device and make sure that not a single bit of Google's code is left and tracking me (I debloat roms myself).......... The biggest issue is Encryption
I have both OP3 and 3T
Pre OS setup
OP3:
- OB 28 firmware
- Blu.Spark TWRP 8.61
OP3T
- OB 19 Firmware
- Blu.Spark TWRP 8.61
The issue I faced is that once I set an encryption password I either cannot change it, or a garbage password will be set and I won't be able to boot to my phone again unless I "fastboot format userdata"
- Type 1 issue, Set encryption password but can't change later: happens in all RR and LOS based roms (I even read somewhere that this bug was reported but due to it not being a popular feature the issue was cancelled", they suggested that in order to change it I have to make a complete back up, decrypt, restore back up, and encrypt again with a new password.... And this is a no go for me.
- Type 2 issue, Set encryption password and a rubbish password will be set: this happened to me in a few AOSP based roms (CardinalOS for example), so if I set a pattern for example, the encryption password will not be the same pattern I set, thus I'll be locked out of my phone unless I format userdata
I tried the cryptfs command
"vdc cryptfs changepw password '<old encryption password>' <new password>"
But nothing changes
Not all AOSP roms have this issue tho, PureFusion ROM (which is AOSP based) is fine, and all OOS based roms are fine too
Is there any fix for such issue? I'd love to use another rom,
possibly RR (Currently using FreedomOS), but the encryption issue is bothering me
Click to expand...
Click to collapse
If you really are concerned with security then stay on stock and lock your bootloader. Anything else weakens the security of a device.
But really really. Mobile security is a myth. It is a fear mongering tool used by people to keep you in line. If someone wants your info they will get it and they dont need your device.
this might happen with you , happened with me (✖╭╮✖)
I have a question about VPN and certificate installation. My phone is H818P and I'm on stock android 6. If I want to set up a connection to a VPN (home server), the table with the settings covered by the unlock pattern - I type the pattern (correctly) but the table with settings disappears - this is repeated all the time. Same problem for android 5.1.
My other problem is installing the certificate for AdCleaner - the installation requires a pattern + pin (the pin needs to be created whenever I create a pattern). When installing a certificate, I enter the pattern and pin correctly, but the pin returns my phone as faulty and the installation does not take place. Same problem with Android 5.1.
Android 7 (v29a) is working correctly. Unfortunately, I can not use this version because it is not possible to shoot video at 60fps (V10 camera port does not work). Is there any possibility to shoot in android 7 videos at 60 fps - some hack stock applications?
I am sorry for my bad English
If anyone can help that would be awesome - this is the first time i have encountered this problem on an android device.
one of the first things i do is remove encryption on my android phones because
1. i like the option
and 2. i notice a considerable amount of difference.
now starting from Pie we have metadata encryption with file encryption
removing metadata encryption causes 0 problems.
however when i remove file encryption i run into a problem
i am un-able to setup a fingerprint (the option isnt even there anymore)
also when i set up a PIN, i am unable to change it (it says incorrect pin)
when i use the pin to unlock the phone, it says "wrong pin" but it works in unlocking the phone.
i didnt experience this on my oneplus 5/6 or samsung / huawei devices having them decrypted.
does anyone know how we can get fingerprint / pin working without encryption?
i notice the phone is more responsive and snappy without encryption
How does it affect device encryption by enabling or disabling the 'Encrypt using lock screen password' option (in privacy settings)? What is opposite? What password is used for encryption if this turned off?
If this is enabled, then a password is required before running the android.
But when this option was not turned on, the menu showed "encrypted" anyway and the Terminal (termux), after entering 'getprop ro.crypto.state' and 'getprop ro.crypto.type' I received the message 'encrypted' and 'block'. So, the device was encrypt anyway (at least in theory).
The question is what changes the inclusion of this option and is it really worth?
wholegrain said:
... The question is what changes the inclusion of this option and is it really worth?
Click to expand...
Click to collapse
The result will be that Android (and TWRP) will not start until you enter the lockscreen password. If you don't reboot your phone very often, then you may be able to live with the hassle (bootup will be much slower). And you'd better not forget the lockscreen password. But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Does it give you any extra protection over standard encryption + fingerprint or lockscreen password? If your bootloader is locked, then maybe. Is it worth it? That is a matter of opinion - but I personally wouldn't bother with it. The greatest security risk lies in unlocking the bootloader. Once you unlock it, the phone itself is easy to commandeer, even if your data is safe because of encryption.
DarthJabba9 said:
But if the bootloader is unlocked, and/or TWRP is installed, nothing stops anyone from formatting the data partition and using the phone for their own purposes.
Click to expand...
Click to collapse
You mean 'using for their own purposes' with my data or after wiped? Anyway, I enabled this additional authentication. I don't have unlocked bootloader or TWRP. If the phone is turned off, then stranger can wipe (by holding power + volume up) and use it as its own.
I'm interested in what the difference in access to my data by a stranger is when the option is enabled or disabled. When enabled - I understand that when the bootloader is locked and there is no TWRP, the stranger can't access the device's data. When disabled - data supposedly encrypted, but is not the "default" password recoverable too easily?
wholegrain said:
You mean 'using for their own purposes' with my data or after wiped?....
Click to expand...
Click to collapse
Your data cannot exist after the data partition has been formatted. If your bootloader is locked, then you don't need to worry too much - just don't forget your lockscreen password.
As for standard encryption with default password, this enables TWRP to access the encrypted storage without asking for a password. This is what a lot of people expect (and demand). Some people who are very concerned about data security often prefer to have to enter a password, even to start TWRP. It is all down to individual taste.