Originally Posted by Calavera1
How did you create the encrypted partitions? Could you give some pointers for that. I am familiar with using dmcrypt/cryptsetup on desktop linux, I guess this works similar. What are the relevant device names? Did you run into any problems?
Hi, sorry for the late answer,
/dev/block/mtdblock5 is the "userdata" partition. I formatted it and mount it to /encrypted-data during init:
mount yaffs2 mtd@userdata /encrypted-data nosuid nodev
The only file on this partition is "data.encrypted" file, which gets created in init.rc as a loopback device:
exec /system/bin/losetup /dev/block/loop0 /encrypted-data/data.encrypted
I created the "data.encrypted" file on my computer with cryptsetup and losetup, and copied all files from my old unencrypted userdata partition to it and then copied it back as a file to the formated userdata partition.
The sdcard "/dev/block/mmcblk0p2" partition is formated with "cryptsetup luksFormat", I did this also on my computer, saves some time. And then copy everything from the old unencrypted sdcard.
I did run in to one problem recently, my phone hung during boot, about 4 months after I started encrypting my phone.
Had to copy my data.encrypted file to my computer, mount it as a loopback device and do a fsck, and then copy it back to my phone.
I suspect this has to do with the filesystem not being umounted properly. (I have had this on my to do list for a while hehe)
Probably should make a script run during shutdown to cleanly "luksClose" the encrypted partition and then umount them. Not doing this is probably very crazy
I also want to fix it so my "/dev/block/mmcblk0p2" partition gets presented to my computer when i attach my usb cable (as it should do), so i can unlock it in ubuntu and copy images and files. Right now i have to take my memorycard out and put it into the computer.
I hope this post makes sense, it was written in haste =) Good luck!