FORUMS
Remove All Ads from XDA

[How-To] Disable Forced Encryption

1,889 posts
Thanks Meter: 2,634
 
By bbedward, Recognized Developer on 20th November 2014, 03:03 AM
Post Reply Email Thread
I'm not responsible for anything blah blah

This is intended to disable forced encryption on the nexus 6. You can still encrypt the device after doing this, but it won't be automatically done.

After observing how this force encryption stuff works, I got it mostly figured out. (It's entirely a SW layer, as is already widely known). Basically when all the devices from fstab are mounted in android with the forceencrypt option, fs_mgr sets a flag for encryption (something like IF This_Device_Isnt_Encrypted; then This_Device_Needs_Encryption). on devices (looks like android only allows you to encrypt 1 device, which is probably to prevent such cases as over-resource usage ,maybe some other conflict that it doesn't support over 1 device, idk) that have forceencrypt set on them, if it can't unmount the device before doing these encryption checks - in other words if it's usy (like a file is open) - it just skips encryption all together. So if the device had a file preventing it from being unmounted, it just says "oh well, skip encryption." I found this kinda odd behavior anyway :P

You can still encrypt the device, it just isn't forced. Some people are complaining about the slowness of the encryption SW-layer (why force SW encryption? At least put some HW for it in the device). This makes it the way it probably should be - optional.

Stock LMY47D/LMY47E/LMY47M/LMY47I (5.1.0) - No force encrypt:
https://www.androidfilehost.com/?fid=95916177934540533

Stock LRX22C (5.0.1) - No force encrypt:
https://www.androidfilehost.com/?fid=95857557620392411

Stock LRX21O (5.0) - No force encrypt:
https://www.androidfilehost.com/?fid=95784891001613336

Prerequisites:
- You should be running the same build as the kernel you install (E.G. if you are running 5.1.0 LMY47D you should install the LM47D no force encrypt kernel)
- Your bootloader must be unlocked (fastboot oem unlock)

How-to install kernel:
1.) Reboot to boot loader
2.) Download the appropriate boot.img above
3.) Install it via fastboot (fastboot flash boot boot_noforceencrypt.img)

To disable forced encryption after kernel is installed:
1.) Reboot to boot loader
2.) Format userdata (fastboot format userdata) - This will erase all of your data (apps, sd card, etc.) - so make appropriate backups
The Following 205 Users Say Thank You to bbedward For This Useful Post: [ View ]
 
 
20th November 2014, 03:09 AM |#2  
jjhiza's Avatar
Senior Member
Flag Dirty Jersey
Thanks Meter: 2,730
 
More
Look who's back!! 😉

Awesome work man... I'll be testing as soon as my whale arrives tomorrow.

*Also, hit me up on Hangouts... I might have something you'd be interested in. Mike is in, come December I think... Could be fun.
20th November 2014, 03:10 AM |#3  
bbedward's Avatar
OP Recognized Developer
Flag Cleveland, OH
Thanks Meter: 2,634
 
Donate to Me
More
Quote:
Originally Posted by jjhiza

Look who's back!! 😉

Awesome work man... I'll be testing as soon as my whale arrives tomorrow.

*Also, hit me up on Hangouts... I might have something you'd be interested in. Mike is in, come December I think... Could be fun.

Will do, I'm quite swamped in projects at the moment Got one app I'm supposed to finish up by the 30th. Will I get the time, who knows
The Following 2 Users Say Thank You to bbedward For This Useful Post: [ View ]
20th November 2014, 03:50 AM |#4  
adbFreedom's Avatar
Senior Member
Thanks Meter: 520
 
Donate to Me
More
Damn it feels good to be back on a Nexus, with all the dev support. You did awesome things back with toro. I enjoyed my time with the Moto X, but the development forums were like a ghost town. Thank you for taking the time to do this, I will be trying it out tomorrow.
The Following 4 Users Say Thank You to adbFreedom For This Useful Post: [ View ] Gift adbFreedom Ad-Free
20th November 2014, 03:51 AM |#5  
Member
Thanks Meter: 11
 
More
Ooo really interested in the read/write speeds between encrypted and non-encrypted!
The Following 2 Users Say Thank You to aznalan15 For This Useful Post: [ View ] Gift aznalan15 Ad-Free
20th November 2014, 04:00 AM |#6  
purian23's Avatar
Senior Member
Thanks Meter: 1,358
 
More
And we're back! Nice work @bbedward!
The Following 2 Users Say Thank You to purian23 For This Useful Post: [ View ] Gift purian23 Ad-Free
20th November 2014, 04:09 AM |#7  
Thumbs up
Quote:
Originally Posted by bbedward

I'm not responsible for anything blah blah

I haven't tested this, because I don't have a nexus 6 at the moment. But this is a boot.img that (should) disable forced encryption. Rooted and non-rooted versions available.

What this does is disables forced encryption (and adds root, or not)

This isn't tested, but I'm fairly confident it will work after observing how this force encryption stuff works. Basically when all the devices from fstab are mounted in android, fs_mgr sets a flag for encryption on devices (up to 1 device I guess) that have forceencrypt set on them, if it can unmount the device or it isn't busy (if it can't it just goes on without encryption )

You can still encrypt the device, it just isn't forced. Some people are complaining about the slowness of the encryption SW-layer. This makes it the way it probably should be - optional.

Rooted (Chainfire) - no force encrypt:
https://www.androidfilehost.com/?fid=95784891001613334

Stock - No force encrypt:
https://www.androidfilehost.com/?fid=95784891001613336

Stock (in case these don't work for some reason you can just use this one to go back):
https://www.androidfilehost.com/?fid=95784891001613337

How-to:
1.) Reboot to boot loader
2.) Unlock device (fastboot oem unlock) - will wipe all data
3.) I think unlocking the device will automatically run encryption jobs, so don't do anything important because you'll need to factory reset again
4.) Download 1 of the above no force encrypt files (Chainfire rooted one, or stock one - up to you)
5.) Flash it in the bootloader (fastboot flash boot boot_noforceencrypt.img)
6.) If it works, factory reset the device and it should no longer be automatically encrypted (check in Settings -> Security)
7.) If it doesn't work, go back into the bootloader and flash the stock image.

Like I said, I don't have my own nexus 6 to test yet, but I'm just trying to help out.

flashed the rooted one after data wipe/factory reset trying to normal boot with this version i get an infinite loop of the chainfire auto root script running. flashed the noenforce version and was able to boot up fine but super su says no root. the encryption disable did work however.
20th November 2014, 04:10 AM |#8  
adbFreedom's Avatar
Senior Member
Thanks Meter: 520
 
Donate to Me
More
Quote:
Originally Posted by purian23

And we're back! Nice work @bbedward!

Affinity Nexus 6 ROM uploaded for flashing tomorrow?
The Following 2 Users Say Thank You to adbFreedom For This Useful Post: [ View ] Gift adbFreedom Ad-Free
20th November 2014, 04:13 AM |#9  
bbedward's Avatar
OP Recognized Developer
Flag Cleveland, OH
Thanks Meter: 2,634
 
Donate to Me
More
Quote:
Originally Posted by djkinetic

flashed the rooted one after data wipe/factory reset trying to normal boot with this version i get an infinite loop of the chainfire auto root script running. flashed the noenforce version and was able to boot up fine but super su says no root.

I'm not sure how the chainfire stuff works entirely TBH. I saw in the thread over there people had it looping a few times before coming to.

You need to factory reset after flashing this, too. Which can be done with fastboot erase userdata.

Looks like, cf-auto root doesn't call "fastboot flash boot" just "fastboot boot" - is that a difference or is it the same thing?
20th November 2014, 04:17 AM |#10  
Senior Member
Thanks Meter: 46
 
More
Quote:
Originally Posted by djkinetic

flashed the rooted one after data wipe/factory reset trying to normal boot with this version i get an infinite loop of the chainfire auto root script running. flashed the noenforce version and was able to boot up fine but super su says no root. the encryption disable did work however.

What I'm sure everyone is dying to know is if you can run Androbench and report what the NAND scores are after disabling encryption.
The Following 4 Users Say Thank You to NeoteriX For This Useful Post: [ View ] Gift NeoteriX Ad-Free
20th November 2014, 04:18 AM |#11  
Quote:
Originally Posted by bbedward

I'm not sure how the chainfire stuff works entirely TBH. I saw in the thread over there people had it looping a few times before coming to.

You need to factory reset after flashing this, too. Which can be done with fastboot erase userdata.

Looks like, cf-auto root doesn't call "fastboot flash boot" just "fastboot boot" - is that a difference or is it the same thing?

i ended up flashing noencrypt, then factory reset, then running cf root after a full reboot, end result encryption off and root with twrp =) life is good.
The Following 4 Users Say Thank You to djkinetic For This Useful Post: [ View ] Gift djkinetic Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes