-
Notifications
You must be signed in to change notification settings - Fork 10
Encryption auto detection
Note: We no longer offer encryption auto detection on XOS 11.0 and later. By default, and if supported, your device will be FBE-encrypted. This is important to protect your data and keep spying eyes out of your device, should they gain physical access to it.
- Check if FDE encrypted
-> if yes, dynamically set flags for FDE
-> if no, proceed with 2.
- Check if FBE encrypted
-> if yes, dynamically set flags for FBE
-> if no:
-> check if /data/media exists
-> if it does not exist, check if /data/decrypt exists:
-> if it does, proceed with 3.
-> if not, enable encryption
-> if it does exist, proceed with 3.
- Assume device is decrypted, remove all encryption flags
This means your users no longer need to flash noverity zips, force decrypt, whatever.
Devices with formatted /data will be FBE-encrypted by default unless the file /data/decrypt is created before first boot.
If /data is not formatted, the ROM will automatically detect its encryption state and use that.
This implementation is a lot more tolerant and offers users easy control over encryption
https://github.com/halogenOS/android_system_core/commit/301f4659bf83063a186249742dda8e9ae44eeb00
https://github.com/halogenOS/android_system_core/commit/604da74a79aa95c43525203024da56e80ad35207
https://github.com/halogenOS/android_system_core/commit/0ff53949b0f384909727427e28ce9dd24708cee2
https://github.com/halogenOS/android_system_core/commit/e50dd23338a67d4cf9d890e93276e92bb727ac9f
Do this in your device tree:
https://github.com/halogenOS/android_device_oneplus_msm8998-common/commit/9ebd98f2d6627281f0a074d1d27e7652e2c11dde
Basically this adds autodetect_crypt and make sure you keep the FBE and FDE configs for your device, e. g. fileencryption=ice,encryptable=footer,length=-16384
Have fun