[ROOT] SuperSU 2.74-2 With ForceEncrypt Set to Default - HTC 10 ROMs, Kernels, Recoveries, & Other Developm

Update (May 20): Update to latest version 2.74-2
All versions after SuperSU 2.72 has force encrypt support built in. However it will still disable force encryption by default, you have to set flags manually.
I only modified the default value of the force encrypt flag in the flashing script, so no need to worry that this might break things
If your OCD forces you to use the official version, please look here for instructions to set the flag manually by yourself.
Hi, many people have their hands on the HTC 10, and you may found out that wiping data after rooted with SuperSU, your signal will be broken.
This is caused by the fact that by default, SuperSU's flashing script will change the data encryption flag from "forceencrypt" to "encryptable". If you wiped data after the flag is set to "encryptable", your data partition will be decrypted. In many times, decrypted data is good, but on the HTC 10, for some unknown reason the signal will break with data decrypted.
More info here:
[PSA][MUST SEE] New HTC Policy : Things You Should Know Before Unlocking Bootloader
This issue has caught more attention after an S-OFF method is available. You're required to have root and wipe data after gaining S-OFF. The developer of the S-OFF tool has created a tutorial for this particular problem, you can find it here:
[Guide] Root (Optionally s-off) and Keep your radio working
I slightly modified the SuperSU flashing script, so now it won't change the encryption flag.
This zip will remain useful until we find a way to decrypt our data partition with working signal.

Hi,
this works without problems, big tanks. Device is rooted now.
regards
starbase64

Big thanks. I wish I would have had this yesterday afternoon!
Now I just need to get a stock 1.21.617.3 image to start again with my US unlocked. If anyone has it, please let me know.
Is there a way to manually change the flag back to forceencrypt?

MNoisy said:
Big thanks. I wish I would have had this yesterday afternoon!
Now I just need to get a stock 1.21.617.3 image to start again with my US unlocked. If anyone has it, please let me know.
Is there a way to manually change the flag back to forceencrypt?
Click to expand...
Click to collapse
I have TWRP images for system_image and boot if you need them to fix broken signal as per @jcase. We're both 1.21.617.3

datafoo said:
I have TWRP images for system_image and boot if you need them to fix broken signal as per @jcase. We're both 1.21.617.3
Click to expand...
Click to collapse
Yes yes yes please! THANK YOU!
Where can I find them?

Nice buddy, will update the method used in my build, makes life a lot easier.
I had considered making similar modifications but you appear to have beaten me too it

topjohnwu said:
Hi, many people have their hands on the HTC 10, and you may found out that wiping data after rooted with SuperSU, your signal will be broken.
This is caused by the fact that by default, SuperSU's flashing script will change the data encryption flag from "forceencrypt" to "encryptable". If you wiped data after the flag is set to "encryptable", your data partition will be decrypted. In many times, decrypted data is good, but on the HTC 10, for some unknown reason the signal will break with data decrypted.
More info here:
[PSA][MUST SEE] New HTC Policy : Things You Should Know Before Unlocking Bootloader
This issue has caught more attention after an S-OFF method is available. You're required to have root and wipe data after gaining S-OFF. The developer of the S-OFF tool has created a tutorial for this particular problem, you can find it here:
[Guide] Root (Optionally s-off) and Keep your radio working
Here I come up with a more elegant solution. I slightly modified the SuperSU flashing script, so now it won't change the encryption flag, and also won't remove dm-verify.
NOTE: If your boot image is already modified, it will not reset the flag back to forceencrypt. You have to restore to the stock boot image, then flash this zip. The way I accomplished this is reverting a few modification from the previous ramdisk, so the ramdisk itself has to be stock.
Devs can include this zip into their rom, so users can wipe their whole data with your rom installed.
This zip will be useful until we find a way to decrypt our data partition with working signal.
Click to expand...
Click to collapse
I would NOT use this zip to root the HTC 10, you really need to remove verity, this is going to cause many many many issues, its going to softbrick a huge number of phones, anything from a lot of root apps, to restoring a twrp backup is going to trip dm-verity

SuperSU v2.72 has all of this built in via KEEPVERITY and KEEPFORCEENCRYPT flags. It's not publicly released yet but will be within a few days.

Chainfire said:
SuperSU v2.72 has all of this built in via KEEPVERITY and KEEPFORCEENCRYPT flags. It's not publicly released yet but will be within a few days.
Click to expand...
Click to collapse
Out of curiosity, where will we put those flags? /data/.supersu isn't an option, because /data is encrypted and unmountable, and /system/.supersu isn't an option if /system is read-only and we want to preserve dm-verity.

jcase said:
I would NOT use this zip to root the HTC 10, you really need to remove verity, this is going to cause many many many issues, its going to softbrick a huge number of phones, anything from a lot of root apps, to restoring a twrp backup is going to trip dm-verity
Click to expand...
Click to collapse
My system is modified, but everything is working fine. I'm using this without a problem so I shared it.
Is it because my device is S-OFF? If this is the case, then I'll remove the link. Thanks for the kind remind.

topjohnwu said:
My system is modified, but everything is working fine. I'm using this without a problem so I shared it.
Is it because my device is S-OFF? If this is the case, then I'll remove the link. Thanks for the kind remind.
Click to expand...
Click to collapse
I'd have to look at the zip and test to see why. It could be that your particular firmware isn't actually enforcing dm-verity (I believe google mandates this on 6.0+), that HTC disables enforcing when s-off or the zip isn't properly enforcing verity.
Best advice is not to enforce verity on system if you are rooted.
What should (and did for my phone) happen if you have dm-verity enabled on system and a modified system is the phone shouldn't successfully boot.

Captain_Throwback said:
Out of curiosity, where will we put those flags? /data/.supersu isn't an option, because /data is encrypted and unmountable, and /system/.supersu isn't an option if /system is read-only and we want to preserve dm-verity.
Click to expand...
Click to collapse
I've added /cache/.supersu as location specifically for those devices with a TWRP that can't read encrypted /data.
Still, you can echo to /data/.supersu even if /data isn't mounted and that'll still work. It just will not persist between boots.
Custom ROM devs should put it in /system/.supersu, though, or set the variable in shell and export that variable (important!) before running the SuperSU ZIP.

Chainfire said:
I've added /cache/.supersu as location specifically for those devices with a TWRP that can't read encrypted /data.
Still, you can echo to /data/.supersu even if /data isn't mounted and that'll still work. It just will not persist between boots.
Custom ROM devs should put it in /system/.supersu, though, or set the variable in shell and export that variable (important!) before running the SuperSU ZIP.
Click to expand...
Click to collapse
Will that cause complications for users who wipe cache often?

Sorry everyone, didn't though much about the dm_verity.
Re-uploaded one with dm_verity removed.
Everyone should re-flash this zip if you've used the old one, thanks a lot.
@LeeDroid, could you please test if this works on your rom?

topjohnwu said:
Sorry everyone, didn't though much about the dm_verity.
Re-uploaded one with dm_verity removed.
Everyone should re-flash this zip if you've used the old one, thanks a lot.
@LeeDroid, could you please test if this works on your rom?
Click to expand...
Click to collapse
Will have a bash tonight mate

topjohnwu said:
Sorry everyone, didn't though much about the dm_verity.
Re-uploaded one with dm_verity removed.
Everyone should re-flash this zip if you've used the old one, thanks a lot.
@LeeDroid, could you please test if this works on your rom?
Click to expand...
Click to collapse
still no go on boot

LeeDroid said:
still no go on boot
Click to expand...
Click to collapse
Yeah... Just tested myself and it won't boot.
It's weird though, it can boot on my modified system
I might need more investigation, or just wait for Chainfire to release the new update.

Is it OK to use SYSTEMLESS with your current build?
Thanks

ah, perhaps encountered a blarf
you wanna stick with blarp ... he's much nicer

topjohnwu said:
Yeah... Just tested myself and it won't boot.
It's weird though, it can boot on my modified system
I might need more investigation, or just wait for Chainfire to release the new update.
Click to expand...
Click to collapse
Ahh, I knew why.
I cannot separate the forceencrypt flag patch and verify flag by modifying the script.
Had to wait for Chainfire to release new version, or we have to manually modify the boot image.

Related

[Q] Clockworkmod and ICS-encryption

I found following article: "android.stackexchange.com/questions/19286/will-a-custom-recovery-work-with-an-encrypted-device"
According to this description, it should be possible to use the ICS encryption after partitioning the SDcard. Has anyone already tried it?
Article:
"Mount one partition on /sdcard so that it could be used by system & leave other one (Clockwork Mod can do mounting too)."
How can I do this?
Bump
Nobody tried it yet???
i think is better u dont use encryption at all...
if u need encryption for security reason, then u have to stay stock (botloader locked, no root, no cwm, otherwise the encryption has no sense to be done)..in case u want leave the encryption mode, u have to factory reset the phone
clockwork mod is not able to to backup, restore or flash a zip on an encrypted rom (easy to search around to discover this, as i just did now)
Why do you think there are no point with encryption with unlocked bootloader and root?
To me it seems thats when its most important, since its then very easy to get to your data and the only way to protect them?
I am using Titanium Backup and send the backups encrypted to Dropbox, not that much work to wipe and flash ROMS. Kernels you can still flash, at least With Francos app. The only downside is that need a PC to wipe since you have to do it through fastboot.
andQlimax said:
i think is better u dont use encryption at all...
if u need encryption for security reason, then u have to stay stock (botloader locked, no root, no cwm, otherwise the encryption has no sense to be done)..in case u want leave the encryption mode, u have to factory reset the phone
clockwork mod is not able to to backup, restore or flash a zip on an encrypted rom (easy to search around to discover this, as i just did now)
Click to expand...
Click to collapse
B1ny said:
Why do you think there are no point with encryption with unlocked bootloader and root?
To me it seems thats when its most important, since its then very easy to get to your data and the only way to protect them?
Click to expand...
Click to collapse
yes, infact what i mean is that if u want protect more ur data, then stay also with the bootloader locked etc (even if the encryption should be enough)
Have thought about also locking the bootloader since you have to wipe anyways, and need a PC. Will not be much more work/time. But is it really any need?
andQlimax said:
yes, infact what i mean is that if u want protect more ur data, then stay also with the bootloader locked etc (even if the encryption should be enough)
Click to expand...
Click to collapse
if u need encryption for security reason, then u have to stay stock (botloader locked, no root, no cwm, otherwise the encryption has no sense to be done)..in case u want leave the encryption mode, u have to factory reset the phone
Click to expand...
Click to collapse
From my point of view I also think that encryption is very important for rooted devices. If you loose your phone, it's very easy to get your privat data on the sdcard and app-data (acounts,...). With an encrypted device, the data are safe and that's all what I want.
clockwork mod is not able to to backup, restore or flash a zip on an encrypted rom
Click to expand...
Click to collapse
Also if you create a seperate partition - see article in my first post ???
I would also be interested if this was possible.
Reason being - my employer requires that my phone be encrypted and unrooted. I have been investigating a dual boot setup where I could boot my unrooted, encrypted, stock android image so that I can use it for corporate email and when I need root for something like tethering I could boot off the rooted image.
This way my corporate data would be encrypted and I would be adhering to company policy but I can also enjoy the flexibility of a rooted phone when I need it without wiping my phone every time I want to switch back and fourth.
the /cache partition is the answer, i think
I found out that the stock recovery, as expected, also cannot access the /SDcard partition. However, it looks in the /cache partition for update.zip files when the phone is encrypted. I was able to copy the 4.0.4 update to the cache partition and load it from there. Seems like CWM just needs to be updated to have an option to look there for zip files and we should be able to load them up.
chhall said:
I found out that the stock recovery, as expected, also cannot access the /SDcard partition. However, it looks in the /cache partition for update.zip files when the phone is encrypted. I was able to copy the 4.0.4 update to the cache partition and load it from there. Seems like CWM just needs to be updated to have an option to look there for zip files and we should be able to load them up.
Click to expand...
Click to collapse
The problem is /cache is 100 MB, and some (most?) ROMs are way more than that.
So I don't think using /cache is a fix.
I'm not sure of how CWM mounts the external SD card, but if it uses /mnt/sdcard/external_sd then it's impossible to use the external SD card because it depends on the internal SD for the mount point.
If this isn't the case, then it should be possible to partition the external SD card... Is it?
That leaves us with the only possible solution the partitioning of the internal SD card as mentioned in the link provided by OP.
Has anyone done this?
EDIT:
According to CM9's nightlies "know issues" list, encryption has already been solved and is working. I'm wondering how did they fix it.
bump
anybody knows the answer?
ghost shell said:
According to CM9's nightlies "know issues" list, encryption has already been solved and is working.
Click to expand...
Click to collapse
Could you give me a link to this?
There is a work around for flashing in CWM recovery by using the system ram as a temp file system.
You can use the dd command in adb to backup the entire current firmware and restore it in fast boot.
You can also use the backup and restore feature in ics to backup your sdcard contents and some apks.
There is a dev who is working on a full nandroid equivalent on an encrypted system. He is half way there. It requires cm recovery which has dmcrypt support.
http://forum.xda-developers.com/showpost.php?p=25635462&postcount=54
Check out the entire thread for other info for flashing custom roms via system ram.
ghost shell said:
bump
anybody knows the answer?
Click to expand...
Click to collapse
DanderMan said:
Could you give me a link to this?
Click to expand...
Click to collapse
http://teamhacksung.org/wiki/index.php/CyanogenMod9:GT-I9100:Nightly:Known_issues
Encryption used to be on the know issues, but not anymore. I don't know the status for the Nexus.
Also: http://forum.xda-developers.com/showpost.php?p=25515675&postcount=53
@bunklung
Thanks.
I'm still digesting the information.
The sad part is that even a normal factory reset doesn't allow removing encryption. If at least that would be possible it wouldn't be that bad.
EDIT2:
I've been reading and not even the ram trick would work with me because I can't get adbd running in CWM.
adb doesn't detect any device when the phone is in CWM-recovery mode.
Anyone found a way to revert to stock with cwm already installed for an encrypted phone?

Some doubts need to be clarified

I am going to root my Nexus 5x very soon. I have some doubts, please help me to clarify those.
1. If I want to go with systemless root, I wouldn't have to flash modified boot.img. In that case will I be able to disable force encryption? If yes how?
2. If I have understood it correctly, in order to have disabled force encryption, I have to wipe user data after flashing SuperSU zip. Now in order to keep the encryption disabled, I have to wipe user data each time I flash a custom ROM or kernel?
I may seem noob in this question, but I am going through these encryption business for the very first time, so I thought its better to clarify rather than bricking my first Nexus [emoji6]
Thanks in advance.
Sent from my C6902 using Tapatalk
nondroid said:
I am going to root my Nexus 5x very soon. I have some doubts, please help me to clarify those.
1. If I want to go with systemless root, I wouldn't have to flash modified boot.img. In that case will I be able to disable force encryption? If yes how?
2. If I have understood it correctly, in order to have disabled force encryption, I have to wipe user data after flashing SuperSU zip. Now in order to keep the encryption disabled, I have to wipe user data each time I flash a custom ROM or kernel?
I may seem noob in this question, but I am going through these encryption business for the very first time, so I thought its better to clarify rather than bricking my first Nexus [emoji6]
Thanks in advance.
Sent from my C6902 using Tapatalk
Click to expand...
Click to collapse
You need to reformat userdata to remove the encryption. You do not need to continue to wipe after that for encryption purposes since it wont get re-encrypted unless forced encryption is enabled or you encrypt it. You will need to have a kernel/boot.img without forced encryption or it will re encrypt itself.
Systemless root has nothing to do with encryption and you could flash TWRP and root with SuperSU 2.6+ and still be encrypted.
A good starting place here
If I have got it right then I have to either flash boot.img or a kernel that disables force encryption in order to continue disabled force encryption.
Thanks for the clarification.
Sent from my C6902 using Tapatalk
Keithn said:
Systemless root has nothing to do with encryption and you could flash TWRP and root with SuperSU 2.6+ and still be encrypted.
Click to expand...
Click to collapse
Right and wrong at the same time...
Systemless root does disable force encryption: http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344
The stock kernel will force encryption.
The stock kernel + systemless SuperSU will not force encryption.
Assuming you have all stock but TWRP installed, you would format data to remove encryption, then flash systemless root to stay unencrypted.
berndblb said:
Right and wrong at the same time...
Systemless root does disable force encryption: http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344
The stock kernel will force encryption.
The stock kernel + systemless SuperSU will not force encryption.
Assuming you have all stock but TWRP installed, you would format data to remove encryption, then flash systemless root to stay unencrypted.
Click to expand...
Click to collapse
I see that the posted boot images don't have forced encryption along with other changes, but I didn't see anything saying it was necessary to use a kernel without forced encryption to have root. Does flashing 2.60+ also modify the kernel to disable force encryption (If enabled) when it does the necessary modifications for root? You can still be encrypted with systemless root so I figured that forced encryption would have no impact on the systemless root.
Edit- Looked at the script and it looks like it is supposed to. So whether it actually matters or not, it won't force encrypt after flashing SuperSU.

Still confused about how to install Magisk/Automagisk on my HTC 10

I have been trying to Google this but am a little confused on all the steps I need to (and don't need to) take at this point, especially since I am a little behind. So I wanted to ask for help on forums, if anyone is willing to give some advice on this.
First of all, I have a Sprint version of the HTC 10. I don't know if that matters or not (I recall back when I was trying to figure out the original Magisk, someone mentioned that a Sprint model HTC 10 could be an issue, but I am not sure why).
Also, so far all I have done in terms of rooting it is:
- Use the HTC Bootloader unlock
- Install TWRP Touch Recovery with the option of not modifying the system partition (From what I understand, this would cause it to be a temporary install that would go away after a reboot, but it seems to have stayed installed)
- Perform backups with TWRP
- Flash the SuperSU zip with TWRP
And... that's it, still on stock ROM and everything, didn't install anything else that depends on root like Xposed or whatever (That wasn't automatically installed by TWRP or SuperSU or something was it?). I am pretty sure root access is working because two of my apps (Titanium Backup and Chase) tried to request it, and I can see those requests in SuperSU, but other apps don't seem to act like I am rooted. Namely, Google Pay.
From what I understand, Google Pay is not supposed to work if you have root due to that SafetyNet API. However, when I start Google Pay, I see no error message or anything, it seems to work. Granted, I haven't added a credit card to it yet, does the error only happen when you try to make a payment or try to add a card or something? Or should I see it on starting the app? Did I somehow inadvertently setup my phone in a way where root is not being detected?
I also seem to be getting conflicting information on how I should install everything. The guide I followed for rooting my phone said to install SuperSU by flashing the zip, not through the app store.... but the guide for Magisk seems to claim to uninstall SuperSU and install phh's Superuser from the app store. Is there a reason I should do this one way, or another?
Also, all the guides for Magisk say that it is heavily recommended that I reset my phone to stock system, and I really can't reset the data on my phone. Can it be done without erasing anything? I am unclear what resetting to "stock system" would do exactly.
It sounds a little too simple: Uninstall SuperSU and install Superuser (though the method I should do it through is not clear), flash Magisk through TWRP, and then flash AutoMagisk through TWRP. I feel like I am definitely forgetting steps. That, and if somehow I am getting past SafetyNet with Android Pay I don't want to mess with something that might break however I managed to pull it off.
Another worry is breaking my cellular radio. I remember that SuperSU for a while did something (or rather, didn't do something with encryption that the HTC 10 needed which resulted in the cellular radio not working once it was flashed, and that for a while there was a special fork of SuperSU for HTC 10 phones to fix this until the main SuperSU app implemented it. I have no idea if Superuser or Magisk also could cause this issue. Does anyone have any idea?
Oh, and finally, my phone is complaining that an update is available, has been complaining for a while, update 1.80.651.6. Can I safely install this OTA update while rooted? Will it remove or break root if I do? And would it be recommended to install it now before I mess with Superuser and Magisk, or after?
Ummm, anyone?
Cyber Akuma said:
Ummm, anyone?
Click to expand...
Click to collapse
Its all there in the op of the magisk thread.
I read that thread, as I said, I still don't understand some parts.
Cyber Akuma said:
Ummm, anyone?
Click to expand...
Click to collapse
Have you tried posting in the dedicated Magisk thread?
Try installing leedroid nightly latest it has magisk available when you install rom
i did not try it, till now. I read something a few weeks ago.
But in the magisk thread the op said something that SuperSu is not the supported SU method? only phh superuser?!
I would ask the question in magisk thread.
Firstly: You ask a lot of semi-related questions, a lot of these are already answered, out there, in the appropriate threads.
Let me systematically try to answer your questions
What you have done:
- Use the HTC Bootloader unlock
- Install TWRP Touch Recovery with the option of not modifying the system partition (From what I understand, this would cause it to be a temporary install that would go away after a reboot, but it seems to have stayed installed)
- Perform backups with TWRP
- Flash the SuperSU zip with TWRP
Click to expand...
Click to collapse
When you install the TWRP recovery, you actually install it to the recovery partition of your device.
the option the "not modify system" has nothing to do with installing TWRP, but with installing other mods/roms
It's there so you can make a backup without modifying the system partition, that way you can go back to a working isntall if you do happen to mess something up.
And... that's it, still on stock ROM and everything, didn't install anything else that depends on root like Xposed or whatever (That wasn't automatically installed by TWRP or SuperSU or something was it?). I am pretty sure root access is working because two of my apps (Titanium Backup and Chase) tried to request it, and I can see those requests in SuperSU, but other apps don't seem to act like I am rooted. Namely, Google Pay.
From what I understand, Google Pay is not supposed to work if you have root due to that SafetyNet API. However, when I start Google Pay, I see no error message or anything, it seems to work. Granted, I haven't added a credit card to it yet, does the error only happen when you try to make a payment or try to add a card or something? Or should I see it on starting the app? Did I somehow inadvertently setup my phone in a way where root is not being detected?
Click to expand...
Click to collapse
SuperSu *should* break safetney and thus should break android pay, as Chainfire says in the following thread: http://forum.xda-developers.com/apps/supersu/supersu-safetynet-android-pay-t3298115
"In case any SuperSU-rooted device passes SafetyNet, that is a bug in SafetyNet, not a feature of SuperSU."
I also seem to be getting conflicting information on how I should install everything. The guide I followed for rooting my phone said to install SuperSU by flashing the zip, not through the app store.... but the guide for Magisk seems to claim to uninstall SuperSU and install phh's Superuser from the app store. Is there a reason I should do this one way, or another?
Click to expand...
Click to collapse
Installing SuperSu trough TWRP installs the dependencies (the actual root) and the application (which just manages the root access), the magisk guide tells you to first flash the preferred root (SuperSu or SuperUser phh's) trough recovery and then install the correct manager app trough the playstore.
This is probably so John doesn't have to keep on updating his zips everytime the makers of the manager apps update their apps, users can just download the latest version.
Also, all the guides for Magisk say that it is heavily recommended that I reset my phone to stock system, and I really can't reset the data on my phone. Can it be done without erasing anything? I am unclear what resetting to "stock system" would do exactly.
Click to expand...
Click to collapse
Resetting to stock is important for 2 reasons:
1. it cleans out all "old" root apps and methods
2. it cleans up a patched boot.img (kernel)
Then again, if you haven't flashed any other mods, you would probably be safe to install magisk on your rom.
One important thing everyone will always tell you: make a backup! (make a nandroid)
To do this, boot to TWRP and choose "backup" make sure to select: Boot, System and Data
It sounds a little too simple: Uninstall SuperSU and install Superuser (though the method I should do it through is not clear), flash Magisk through TWRP, and then flash AutoMagisk through TWRP. I feel like I am definitely forgetting steps. That, and if somehow I am getting past SafetyNet with Android Pay I don't want to mess with something that might break however I managed to pull it off.
Click to expand...
Click to collapse
The proper steps would be:
0. Make a nandroid backup in TWRP!!
1. Open SuperSU and choose to completly unroot (somewhere near the bottom of the settings menu)
2. Boot to TWRP and flash Magisk
3. Flash the phhh superuser zip file (from the magisk thread)
4. boot android and install the superuser app from the playstore
5. boot twrp and install AutoMagisk
That's it!
Another worry is breaking my cellular radio. I remember that SuperSU for a while did something (or rather, didn't do something with encryption that the HTC 10 needed which resulted in the cellular radio not working once it was flashed, and that for a while there was a special fork of SuperSU for HTC 10 phones to fix this until the main SuperSU app implemented it. I have no idea if Superuser or Magisk also could cause this issue. Does anyone have any idea?
Click to expand...
Click to collapse
Radio shouldn't be broken unless you flash very old zips, don't worry about it
Oh, and finally, my phone is complaining that an update is available, has been complaining for a while, update 1.80.651.6. Can I safely install this OTA update while rooted? Will it remove or break root if I do? And would it be recommended to install it now before I mess with Superuser and Magisk, or after?
Click to expand...
Click to collapse
I allmost enver use official OTA's so I can't say for certain buttttt as you used SuperSU, the root should be systemless so it should accept OTA updates..
What I would do:
1. make a nandroid
2. install OTA
3. See if everything works as expected
4. restore backup if something doesnt work properly =D
I would install the OTA before trying Magisk
Thank you, that was very helpful. I did try Googling all this, but couldn't find clear answers, which is why I am asking here.
And yes, I am definitely going to make a backup before messing with it. Is there any reason to make a Titanium backup too, or will the nandroid one be enough?
As for removing SuperSU, what would that system/boot stock reset delete? Would it delete any installed applications or application settings? Or undo updates to pre-installed system apps? Or reinstall apps that came with the phone that I uninstalled?
Got it working, thanks. (Though, AutoMagisk seems to only be available as an APK, not as a zip that can be installed from TWRP).
Seems like a few configuration settings got wiped due to the system partition being reset, but other than that most of my data seems perfectly intact.

Decrypting Storage

I know on most devices I've owned you needed a non-encrypted kernel and I had to perform a format of data to remove encryption. I have seen a few posts in a couple of other threads but nothing I saw was definitive. Does anyone know if unencrypting the XL is even possible? If so, which kernel are you using?
I also have the same question, I just want descrpt data partition to avoid risk when I turn to TWRP and MultiROM in future,
So anyone try this? I can not understand why I need Magisk here??
http://androiding.how/disable-verity-force-encryption-pixel-xl-decrypt/
Mike02z said:
I know on most devices I've owned you needed a non-encrypted kernel and I had to perform a format of data to remove encryption. I have seen a few posts in a couple of other threads but nothing I saw was definitive. Does anyone know if unencrypting the XL is even possible? If so, which kernel are you using?
Click to expand...
Click to collapse
Azlun said:
I also have the same question, I just want descrpt data partition to avoid risk when I turn to TWRP and MultiROM in future,
So anyone try this? I can not understand why I need Magisk here??
http://androiding.how/disable-verity-force-encryption-pixel-xl-decrypt/
Click to expand...
Click to collapse
Notice in the attached that it states that TWRP plus SuperSU decrypts file based encryption.... https://www.xda-developers.com/supersu-updated-to-work-with-twrp-on-pixel-and-pixelxl/
cam30era said:
Notice in the attached that it states that TWRP plus SuperSU decrypts file based encryption.... https://www.xda-developers.com/supersu-updated-to-work-with-twrp-on-pixel-and-pixelxl/
Click to expand...
Click to collapse
" Dees_Troy to allow TWRP to decrypt the data partition involves modifying the same init binary " is NOT what I want according developer's
https://plus.google.com/+DeesTroy Pixel update 4 picture.
What I want is need the full device decryption permanently, on Anroid running time, not only on TWRP.
so, I think that is maybe more than TWRP can do, I guess a special boot.img or a kernel patch zip is need to reach what I need.
Mike02z said:
I know on most devices I've owned you needed a non-encrypted kernel and I had to perform a format of data to remove encryption. I have seen a few posts in a couple of other threads but nothing I saw was definitive. Does anyone know if unencrypting the XL is even possible? If so, which kernel are you using?
Click to expand...
Click to collapse
Decrypting your pixel is possible. The process isn't much different than any previous Nexus. It differs due to the removal of the recovery partition thus the recovery fstab is now in the kernels ramdisk. So you must edit out forecencryption in both fstabs. (fstab.marlin,fstab.recovery).
Fastboot format userdata, flash a modified kernel, done..
Haven't seen any custom kernels that remove the flag yet so I modified ElementalX.
http://forum.xda-developers.com/pix...oem-unlock-t3498287/post69733387#post69733387
blueyes said:
Decrypting your pixel is possible. The process isn't much different than any previous Nexus. It differs due to the removal of the recovery partition thus the recovery fstab is now in the kernels ramdisk. So you must edit out forecencryption in both fstabs. (fstab.marlin,fstab.recovery).
Fastboot format userdata, flash a modified kernel, done..
Haven't seen any custom kernels that remove the flag yet so I modified ElementalX.
http://forum.xda-developers.com/pix...oem-unlock-t3498287/post69733387#post69733387
Click to expand...
Click to collapse
I did use your modified Elemental kernel that was in the thread about the ability to show that your bootloader is unlocked.
Here is what I did...
Went into TWRP and did a format data from the wipe menu.
Flashed your kernel via USB SD dongle.
Rebooted.
Took about 5-8 minutes to boot but when I went into "Security" it still showed my phone was encrypted. I did this with every Nexus device I've owned but not sure what I'm doing wrong.
Mike02z said:
I did use your modified Elemental kernel that was in the thread about the ability to show that your bootloader is unlocked.
Here is what I did...
Went into TWRP and did a format data from the wipe menu.
Flashed your kernel via USB SD dongle.
Rebooted.
Took about 5-8 minutes to boot but when I went into "Security" it still showed my phone was encrypted. I did this with every Nexus device I've owned but not sure what I'm doing wrong.
Click to expand...
Click to collapse
Don't you need to format user data with fast boot to decrypt?
Sent from my Google Pixel XL using XDA Labs

Disabling system encryption on 8.1.0?

I was wondering if there existed a 'no-force encrypt' kernel I could flash to the Pixel C on 8.1.0?
Format data and then install magisk.
Monazite said:
Format data and then install magisk.
Click to expand...
Click to collapse
Thanks. I wish it had been that simple .If I do this I think (and Iam not so sure) that wiping the data partition did remove the encryption. I then flashed Magisk. But when I rebooted to TWRP, the system was encrypted again, asking me for a password which I haven't got. Is there not a 'no-force encryption file I am supposed to flash before or after I flash Magisk, to prevent the system from encrypting again?
fgaine said:
Thanks. I wish it had been that simple .If I do this I think (and Iam not so sure) that wiping the data partition did remove the encryption. I then flashed Magisk. But when I rebooted to TWRP, the system was encrypted again, asking me for a password which I haven't got. Is there not a 'no-force encryption file I am supposed to flash before or after I flash Magisk, to prevent the system from encrypting again?
Click to expand...
Click to collapse
Have you checked encrypted status in settings? Magisked boot.img should have disabled encryption if data partition is not encrypted. Or you need flash another kernel?
Sent from my Google Pixel 2 using XDA Labs
fgaine said:
Thanks. I wish it had been that simple .If I do this I think (and Iam not so sure) that wiping the data partition did remove the encryption. I then flashed Magisk. But when I rebooted to TWRP, the system was encrypted again, asking me for a password which I haven't got. Is there not a 'no-force encryption file I am supposed to flash before or after I flash Magisk, to prevent the system from encrypting again?
Click to expand...
Click to collapse
https://forum.xda-developers.com/pi...yflasher-make-install-custom-kernels-t3537487
JUST WANT TO DISABLE VERITY/ENCRYPTION?
You can build lazyflasher by itself, empty, without a kernel Image.fit or modules and flash it!
It's already set up to automatically disable verity and make encryption optional.
Alternatively, there's a branch already set up called no-verity-opt-encrypt. You can find prebuilt official zips at:
https://build.nethunter.com/android-tools/no-verity-opt-encrypt/
Install as last step - after Magisk installation .. but normally Magisk is removing force-encryption too.
Are you sure you did format /data ?
Just wiping is not enough !
As it's not a development topic this thread should be moved to QA section ..
Anyway .. Good luck !
followmsi said:
https://forum.xda-developers.com/pi...yflasher-make-install-custom-kernels-t3537487
JUST WANT TO DISABLE VERITY/ENCRYPTION?
You can build lazyflasher by itself, empty, without a kernel Image.fit or modules and flash it!
It's already set up to automatically disable verity and make encryption optional.
Alternatively, there's a branch already set up called no-verity-opt-encrypt. You can find prebuilt official zips at:
https://build.nethunter.com/android-tools/no-verity-opt-encrypt/
Install as last step - after Magisk installation .. but normally Magisk is removing force-encryption too.
Are you sure you did format /data ?
Just wiping is not enough !
As it's not a development topic this thread should be moved to QA section ..
Anyway .. Good luck !
Click to expand...
Click to collapse
Thanks for the info. I'll try that later on. Don't fancy formatting and having to reinstall everything again for now. Cheers.

Categories

Resources