I encrypted /e/, but it only took a second. It was supposed to take over an hour.
Is this properly encrypted?
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
Android really only encrypts the data partition.
On a newly installed phone with minimal Apps data and minimal user data present the encryption takes minimal time, so it is possible that encryption worked properly.
I’ve seen that myself several times on a Fairphone 2.
In the Settings where you started the process it should tell you whether encryption is in place.
In the Settings where I started the process it tell me same thing before I started encryption.
Is there any way to check if the encryption was done correctly?
Yes what AntoherELK said, go to the setting and look at encryption, if it say encrypted then it is.
I did mine the other day with minimal apps and it only took a few minutes. But your question is valid I thought the same thing.
Would be nice for better description of encryption. Is it the OS or just the data or both?
Please take a look at this.
I’ve already done this once and still get the same display as before.
Does this mean that the encryption is successful?
1 Like
Just the data, see https://source.android.com/security/encryption.
No, I think you shouldn’t even get to this screen anymore.
(Fairphone 2 screenshot, “Encrypt phone” does nothing anymore when I tap on it, and it already says “Encrypted” there, currently running /e/ 0.13-p, but this has been the same mechanism across different Android OSes on the phone since Android 6.)
2 Likes
Why can’t I encrypt my device?
I don’t have any experience with your device.
From what I’ve seen so far on my Fairphone 2 and in the web, it’s likely the encryption process doesn’t like something about your data partition.
I ended up not being able to encrypt my Fairphone 2 several times in the past when experimenting. Possible solutions which worked for me were …
- formatting the data partition (can be done in TWRP).
- if that wasn’t enough, resizing the data partition (can be done in TWRP).
- if that still wasn’t enough, destroying the LUKS header to really get rid of a priorly failed encryption attempt.
But I guess it would be better to first search the web for something which perhaps mentions your device specifically.
1 Like
I checked, but N7105 is old and I couldn’t find any information about encryption.
Can you tell me more about those three ways?
To format the data partition, start TWRP, then Wipe - Format Data.
To resize the data partition, start TWRP, then Wipe - Advanced Wipe - (select “Data”) - Repair or Change File System - Resize File System.
To destroy the LUKS header, just follow the link, section “Destroy the LUKS Header for Filesystem Encryption”. Be careful here and don’t do this if you are not certain what you are doing when following the steps, be especially certain that you really are applying the fix to the data partition.
I did this several times on my Fairphone 2 in the past, and for me it worked reliably to enable encryption again after everything else failed, but really heed the warning given in the article. I can’t say anything about your device.
2 Likes
I agree it is a bit confusing.
I enabled encryption and it also only took about 1 minute. I just flashed the phone same day so not many apps installed, nor much user data. It rebooted but still it did not say “Encrypted” for “Encrypted phone”. After a second try and a reboot (still short ecryption time) it turned into “Encrypted” in the menu. In the menu Trust, it was a yellow icon for Encryption saying it needed a strong password. I changed from graphical to ordinary password, after that it wanted my passphrase on boot and now is the icon green in Trust menu.
If I boot into TWRP it will ask for my password to mount /data but I cannot mount it, don’t know why.
Today I decided to check the contents of the “harddisk”. I ran
adb shell 'dd if=/dev/block/mmcblk0p43' > system.img
adb shell 'dd if=/dev/block/mmcblk0p42' > user.img
to extract the contents of my system and user data partition (you can check the partitions with sgdisk --print /dev/block/mmcblk0). The file system.img was a file that I could mount and it was obviously the system root partition (file command reported Linux rev 1.0 ext2 filesystem data). According to file user.img that file was just data. At first sight it looked like random data. However, I did this:
strings -8 user.img
and it actually printed some text that was not encrypted ( I grepped my name and found it for example!). That is probably some remains from before the encryption. Still it is not good. I believe that the encryption feature must run dd if=/dev/zero on the partition to remove all old remains.
2 Likes
Here is some additional notes to my previous post.
I am running Android 10, and when I read https://source.android.com/security/encryption/full-disk it says that FDE is only for Android 7-9, and from Android 10 only file-based encryption. So perhaps is my encryption working as expected/designed.
But on the other hand, my data partition does not contain a valid file system signature. I am confused…
1 Like
Maybe it just isn’t supported on your device, it’s not a guaranteed TWRP feature, see … https://twrp.me/faq/encryptionsupport.html.
On the Fairphone 2 for instance, TWRP decryption stopped working from Android 8 on and hasn’t been working ever since, despite some effort from the community.
2 Likes
adb shell ‘if=/dev/zero’
So after running this command, should I encrypt it?
Is that correct?
@rhek, I am sorry about the confusion. You should not run that command. I was not clear enough.
Basically, when people set up encryption on a ordinary computer, it is recommended to also write zeroes inside the encrypted partition (read more here at Arch Linux wiki). By doing so, the whole partition will be filled with garbled contents, so no possibility to recover clear text like I did. It also have the benefit that someone looking at the data cannot see how much is used (if it is a new clean flash memory (only zeroes) someone can tell what is encrypted data and what is not yet used (lots of 00000’s)).
So what I wanted to say was that I think that the encryption process should do something similar to remove old contents and also make it impossible for some sneaky person to find out how much disk space is used.
Unfortunately I am not sure how this can be accomplished.
I now tried this command on my phone:
dd if=/dev/zero of=/storage/self/primary/Documents/zero bs=1M
rm /storage/self/primary/Documents/zero
This will write a file with only zeros but of course look different since it is encrypted. Most of the strings I found before can now not be found, but I could see a few. These are probably from some unused space between some files (between end of a file and beginning of next file). There is still a chance of leaking information if the device is lost.