In order to improve the installation documentation, we are trying to figure out which devices support user data encryption, and which devices do not support it.
At the moment we have found that those devices don’t support data encryption:
LeEco Le2 (“s2”) for /e/-oreo and /e/-pie
In order to check if your smartphone is already encrypted or not, go to Settings->Security
If it’s already encrypted, “Phone encrypted” is displayed:
For the S2 part, are you aware of this topic? As you might know i did a lot of encryption testing on S2, and found some problems (it has to do with the data partition size). When you dirty flash the Leeco S2 encryption does not work. I also found that after wiping the device and format data the encryption does work. If you like i can do some testing on this.
first of all the encryption works on all the smartphones that I could test on.
these are,
Samsung Galaxy S4 mini; serranoltexx
HTC one (GSM); m7
Xiaomi Redmi Note 4x; mido
Xiaomi Pocophone f1; beryllium
for Samsung Galaxy S4 mini I tested the updating from official nougat version to, as of yesterday, latest official nougat version and then upgrading to a Pi/e/ build that I made for it, all that worked well if done manually. So to say, I had to download or extract the update from updater and then boot into recovery, decrypt data partition and then update. it did not work automatically yet. on the nougat versions the decrypt screen during boot up was not showing the dialpad to unlock, but after a screen lock and unlock it worked, as well as after upgrading to pi/e/, out of the box.
for HTC one I could only test wit an unofficial nougat build made by unknown anonymous last year, I did not encounter any bugs at all.
for Xiaomi Redmi Note 4x I came from a testing version, so I had to do a factory wipe to install the official nougat version, that went good and encryption remained also the following upgrade to unofficial Pi/e/ went well. only thing again on official nougat, is some lag during the decrypt process in boot up, the phone doesn t recognize the touches, dial pad is shown, either waiting some time or screen lock and unlock is fixing that.
for Xiaomi Pocophone f1 I couldn’t do that wide range of tests, as I use it as daily driver. anyway I use it with encryption, only bug I faced is again the screen of decryption during boot process, that seems to be dependent of firmware and drivers installed as with different vendor, firmware or kernel it is different experiences.
All these tests were made on clean installs without formating data partition.
Hi Gaël
For your information: I just encrypted my as of yesterday brand-new /e/-provisioned and -provided Samsung Galaxy S9+ (SM-G965F) without a hich.
I also wanted to thank you and your people for all the excellent work and efforts you are providing since so long.
For example: I’ve ordered and payed for the /e/-S9+ and a mere 25 hours later, I held it in my hands and was able to finaly use my very own smarthphone the way it should have been from the beginning: Without the likes of Google, Apple, Samsung etc., etc. cluttering up my device and constantly watching over my shoulder!
3 thumbs up… out of three!
I also want to congratulate you on the core-usage of Nextcloud… : Exactly right!!
I will refer to /e/ in the future when ever appropriate, as THE alternative.
Please keep it up. To offer fully configured /e/-devices is the way to go for the vast majority of end-users. Maybe you should also offer /e/-tablets from Samsung and Huawei, since there is a specific use-case for tablets.
The encryption works but I think I had to do something, like “Resize data partition” in TWRP. I’m not sure at all if it’s still the case, but I think it was.
(On other similar Samsung phones with LineageOS that’s also the case, but it’s worse, I had to change the value of the data partition with the terminal in TWRP)
What is sure is that once the phone is encrypted, TWRP can’t decrypt it (I think it’s a Samsung specific issue). Which means I can’t use the backup and restore feature of TWRP for instance.
[[ When I do an OTA update, it just brings me into TWRP main menu, without installing. After a fresh install and encryption, it works once or twice and then it doesn’t work anymore. Probably because of Magisk or Xposed so not sure it’s directly an issue of /e/OS. ]]
(Since it’s my main phone, and that the backup and restore feature can’t be used, I can’t redo everything in order to test, it would take too much time)
EDIT : somebody with the same phone not encrypted AND without Magisk have the same OTA update issue, so looks like it’s not an encryption issue.
EDIT : I finally re-installed everything and I confirm the encryption issue.
After further tests with encrypted Samsung Galaxy A5 2017 (a5y17lte) I had a major issue: Reboot Loop after installing Magisk on encrypted device!
Steps to reproduce:
Installed e-0.8-p-2020041049061-dev-a5y17lte.zip -> OK
encrypted device -> OK
Installed Magisk-v20.4.zip using TWRP (Version 3.3.1-1) -> Reboot loop (only gets to Samsung start-screen before device reboots again)
Same issue with version e-0.7-p-2020033047438-dev-a5y17lte.zip
On one attempt /e/ started successfully after about 15 reboots. But I only saw this once.
No problems with Magisk on not-encrypted device
Encryption works, but only if not installing Magisk!
I found some time to check the issue. The encryption does not work indeed (using LineageOS source).
To fix this the BoardConfig.mk in the source must be changed. For the 32GB version:
BOARD_USERDATAIMAGE_PARTITION_SIZE := 25765040128
The current configuration is incorrect, the encryption needs 16kb of space for the encryption key.
A quick fix are these commands in TWRP:
mount|grep /data
/dev/block/mmcblk0p56 on /data type ext4 (rw,seclabel,relatime,resgid=1065,data=ordered)
(For 32Gb version, i don’t have 64Gb to test)
But again this issue comes from wrong board configuration.
Edit: For people interested in the math (i would have been)
Original size from LineageOS sources:
Size is first 6290297 4k blocks, (1k = 1024 bytes, so 4 of them are 4096 bytes.)
Total bytes: 6290297*4096 = 25765056512 bytes
Encryption needs 16k bytes at the end of the data partition, 16*1024 =16384 bytes.
To get them we subtract 4*4k blocks of the data partion (4*4096).
New size:
6290293 4k blocks, 6290293*4096 = 25765040128 bytes.
Check (old - new)
25765056512 - 25765040128 = 16384
16384/1024 = **16** So now it should work.
Edit 2:
Just verified above, i’ve build /e/ Pie for S2 using the mentioned board config and it works. Method to encrypt:
Use TWRP 3.3.1.0
Wipe > Advanced wipe : select all and wipe.
Wipe > Format Data : type yes and format.
Install the new /e/ ROM
Advanced > ADB side load
open cmd or terminal
adb sideload e-rom-name.zip
After that boot /e/ and setup a pattern or pin, after that encryption works. So @GaelDuval the BoardConfig.mk must be changed in s2 source, but i’m not sure how to do it for 32Gb AND 64Gb. Maybe your dev’s know this, or maybe seperate the roms depending on the model.
This could also be the reason for encryption errors for other models.
My understanding of the value of encrypting our phone is thaT if someone has physical access to our phone, they could access the DATA on the SD CARD OR connected the phone to a USB Cable and access or DATA (internal storage).
But, does it make the phone slower ? I bought that Motorola to test /e/ as I’m an iPhone user ( all my life), now that I love /e/ I will may be buy a faster one but while I’m still using my Moto E, I wanted to be sure ENCRYPTING the phone will not make it painful to use…
In case it’s really slow, you will still be able to wipe everything and re-install thanks to “Backup” and “Restore” features of TWRP. (Of course do a backup before encrypting). Everything will be as it was before.
(Do another backup with another method in case this method fails to restore)
This is correct, they also can remove your pin and fingerprint. Encryption helps here. I use encrypted Leeco S2 and do not notice speed issues. Not sure about Motorola.
(i would have been)