0

Every single piece of information I've come across warns me about issues with sane encryption when using custom recovery, unlocked bootloader and non-stock ROM (as in modified, not community AOSP based). Since I need following things:

  • ability to back-up/restore data from the recovery if needed
  • root, which means I have to flash things manually after flashing ROM
  • ability to flash/update the ROM (since this is the only way, OTA wont work in my setup)

I can live without the 1st, but there is no way to let go of the rest 2. If I enable encryption I wont have access to data from recovery or rather I will have access to encrypted data. This isnt the problem normally until I need to flash over updated ROM or swap ROM - now there is an issue because encryption key will change.

There is also no point to have password-locked TWRP since with unlocked bootloader it is easy to sideload new one.

Does the headache-less solution for power-users exist?

Kirikan
  • 79
  • 1
  • 6
  • 1
    (2) The encryption is password and system based. Some TWRP versions can access the encrypted user data after supplied with the correct password (3) I don't see any problem in flashing a new ROM as the system partition is not encrypted, only your data partition is. – Robert Aug 16 '20 at 18:31
  • What would be the password? How would it know which encryption method is used? – Kirikan Aug 16 '20 at 19:02
  • @Kirikan the same password you set in ROM. TWRP supports FDE as well as FBE on mostly devices. Decryption process is based on AOSP code and even supports hardware-backed encryption, if applicable to the device. – Irfan Latif Aug 16 '20 at 19:14
  • TWRP has issues with encryption, try Orange Fox Recovery instead. don't install Universal DM-Verity ForceEncrypt Disabler that will result in fingerprint not working – alecxs Aug 16 '20 at 19:33
  • @alecxs I had to use Force DMVerify-Encrypt inside the TWRP advanced settings itself to be able to install different region ROM. Right now when I try to cope any file form /data/ it just says using default password and copies with 0 issues. How would I switch to encryption mode without screwing things up? – Kirikan Aug 17 '20 at 09:37
  • you are mixing up dm-verity with encryption. it seems MIUI 11 is running android 9 with plain old FDE encryption with no passphrase at all (using default_password) – alecxs Aug 17 '20 at 09:43
  • although the Universal DM-Verity ForceEncrypt Disabler claims that forceencrypt can be disabled, it does destroy encryption completely (due to some combatibility changes regarding FBE android 10) for FDE no-verity-opt-encrypt is recommended instead as it does what it should – alecxs Aug 17 '20 at 09:48
  • Okay, I'm confused, how come it uses default passphrase if I have set up PIN? – Kirikan Aug 18 '20 at 09:13
  • encryption is independent and your device stays encrypted without any screenlock at all. if your login credentials would be part of encryption TWRP would ask you for pin/pattern (not the case for lot xiaomi devices) https://android.stackexchange.com/q/17292 – alecxs Aug 20 '20 at 09:24

0 Answers0