I encrypted /e/, but it only took a second. It was supposed to take over an hour.
Is this properly encrypted?
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
Android really only encrypts the data partition.
On a newly installed phone with minimal Apps data and minimal user data present the encryption takes minimal time, so it is possible that encryption worked properly.
Iâve seen that myself several times on a Fairphone 2.
In the Settings where you started the process it should tell you whether encryption is in place.
In the Settings where I started the process it tell me same thing before I started encryption.
Is there any way to check if the encryption was done correctly?
Yes what AntoherELK said, go to the setting and look at encryption, if it say encrypted then it is.
I did mine the other day with minimal apps and it only took a few minutes. But your question is valid I thought the same thing.
Would be nice for better description of encryption. Is it the OS or just the data or both?
Please take a look at this.
Iâve already done this once and still get the same display as before.
Does this mean that the encryption is successful?
1 Like
Just the data, see Encryption | Android Open Source Project.
No, I think you shouldnât even get to this screen anymore.
(Fairphone 2 screenshot, âEncrypt phoneâ does nothing anymore when I tap on it, and it already says âEncryptedâ there, currently running /e/ 0.13-p, but this has been the same mechanism across different Android OSes on the phone since Android 6.)
2 Likes
Why canât I encrypt my device?
I donât have any experience with your device.
From what Iâve seen so far on my Fairphone 2 and in the web, itâs likely the encryption process doesnât like something about your data partition.
I ended up not being able to encrypt my Fairphone 2 several times in the past when experimenting. Possible solutions which worked for me were âŚ
- formatting the data partition (can be done in TWRP).
- if that wasnât enough, resizing the data partition (can be done in TWRP).
- if that still wasnât enough, destroying the LUKS header to really get rid of a priorly failed encryption attempt.
But I guess it would be better to first search the web for something which perhaps mentions your device specifically.
1 Like
I checked, but N7105 is old and I couldnât find any information about encryption.
Can you tell me more about those three ways?
To format the data partition, start TWRP, then Wipe - Format Data.
To resize the data partition, start TWRP, then Wipe - Advanced Wipe - (select âDataâ) - Repair or Change File System - Resize File System.
To destroy the LUKS header, just follow the link, section âDestroy the LUKS Header for Filesystem Encryptionâ. Be careful here and donât do this if you are not certain what you are doing when following the steps, be especially certain that you really are applying the fix to the data partition.
I did this several times on my Fairphone 2 in the past, and for me it worked reliably to enable encryption again after everything else failed, but really heed the warning given in the article. I canât say anything about your device.
2 Likes
I agree it is a bit confusing.
I enabled encryption and it also only took about 1 minute. I just flashed the phone same day so not many apps installed, nor much user data. It rebooted but still it did not say âEncryptedâ for âEncrypted phoneâ. After a second try and a reboot (still short ecryption time) it turned into âEncryptedâ in the menu. In the menu Trust, it was a yellow icon for Encryption saying it needed a strong password. I changed from graphical to ordinary password, after that it wanted my passphrase on boot and now is the icon green in Trust menu.
If I boot into TWRP it will ask for my password to mount /data but I cannot mount it, donât know why.
Today I decided to check the contents of the âharddiskâ. I ran
adb shell 'dd if=/dev/block/mmcblk0p43' > system.img
adb shell 'dd if=/dev/block/mmcblk0p42' > user.img
to extract the contents of my system and user data partition (you can check the partitions with sgdisk --print /dev/block/mmcblk0). The file system.img was a file that I could mount and it was obviously the system root partition (file command reported Linux rev 1.0 ext2 filesystem data). According to file user.img that file was just data. At first sight it looked like random data. However, I did this:
strings -8 user.img
and it actually printed some text that was not encrypted ( I grepped my name and found it for example!). That is probably some remains from before the encryption. Still it is not good. I believe that the encryption feature must run dd if=/dev/zero on the partition to remove all old remains.
2 Likes
Here is some additional notes to my previous post.
I am running Android 10, and when I read https://source.android.com/security/encryption/full-disk it says that FDE is only for Android 7-9, and from Android 10 only file-based encryption. So perhaps is my encryption working as expected/designed.
But on the other hand, my data partition does not contain a valid file system signature. I am confusedâŚ
1 Like
Maybe it just isnât supported on your device, itâs not a guaranteed TWRP feature, see ⌠https://twrp.me/faq/encryptionsupport.html.
On the Fairphone 2 for instance, TWRP decryption stopped working from Android 8 on and hasnât been working ever since, despite some effort from the community.
2 Likes
adb shell âif=/dev/zeroâ
So after running this command, should I encrypt it?
Is that correct?
@rhek, I am sorry about the confusion. You should not run that command. I was not clear enough.
Basically, when people set up encryption on a ordinary computer, it is recommended to also write zeroes inside the encrypted partition (read more here at Arch Linux wiki). By doing so, the whole partition will be filled with garbled contents, so no possibility to recover clear text like I did. It also have the benefit that someone looking at the data cannot see how much is used (if it is a new clean flash memory (only zeroes) someone can tell what is encrypted data and what is not yet used (lots of 00000âs)).
So what I wanted to say was that I think that the encryption process should do something similar to remove old contents and also make it impossible for some sneaky person to find out how much disk space is used.
Unfortunately I am not sure how this can be accomplished.
I now tried this command on my phone:
dd if=/dev/zero of=/storage/self/primary/Documents/zero bs=1M
rm /storage/self/primary/Documents/zero
This will write a file with only zeros but of course look different since it is encrypted. Most of the strings I found before can now not be found, but I could see a few. These are probably from some unused space between some files (between end of a file and beginning of next file). There is still a chance of leaking information if the device is lost.