Device Encryption and Root
it's my first post on the xda-developers forum, so if the kind of my posting mismatches any rules, please let me know!
I'm using this forum for quite long time now, but so far all of my questions were answered by search & read... Some weeks ago I had another question, for which I colun't find an explicit answer yet. So based on some hints from different sources (thanks to google!) I did some experiments aka try and error
and would like to share my experience with you (to give something back to the comunity, who helped me a lot in the past) and see whether I finally found the answere to my question... So please let me know, whether it worked for you as well or whether you know a different / better way to solve this kind of problem.
As usual: Use this guide at your own risk!
I wanted to have my SM-P900 (stock rom) both rooted
and encrypted (using device encryption
). I've already done this for GT-I9100 (Galaxy S II) and GT-I9192 (Galaxy S4 Duo) in the past and it worked like a charme. But for some reason I couldn't get it working on the SM-P900...
Trial log (for short version see below):
I have successfully rooted this device via the CF-Auto-Root method by Chainfire
(many thanks for the greate job!). When I later tried to activate the device entcryption, it first looked like the process has started (I got a black screen with a green android manikin), but after some time (~1min) the device just re-started and booted in normal mode. I tried it several times with the same end of story - no success, no harm either.
After some time of googling I found a hint, that on KitKat devices Superuser should be temporarily de-activated in order to get the device encryption starting properly and activate it after the encryption process has finished. So I tried that and indeed, this time the encryption process started after the reboot. I let it finish and after a reboot it looked like I was where I wanted to be at. But then I realized that I wasn't able to activate the Superuser back (SuperSU said "Can't find the su binary... You need to restore it manually" or something similar). Damned! I thought "OK, let's try CF-Auto-Root again". The root process itself seemed to work, but after that the device just hang at boot... Soft-brick...
Taking a more deeper look at the script source of an Update-Super-SU package from Chainfire I realized that it also does some writes to the /data partition. Well, I guess this broke the partition, since it was encrypted... (If anyone has a better explanation for this, please let me know!)
So everything back to the start: I flashed the stock rom, did a factory reset and re-ran CF-Auto-Root... Now the device was operating properly and was rooted, but no encryption. Before starting another try of encryption, I wanted verify that the temoprary un-root wasn't broken by the encryption. So I did a temorary un-root (by removing the tick at the option "Activate Superuser" in SuperSu settings) and then activated it back right away. This worked fine. I rebooted (just to confirm everything is still working) and Superuser still worked as expected. Then (to try one more thing) I "de-activated" su again and rebooted. Trying to activate it back after the reboot, I realized that I now was at the same situation as just after the encryption, but without the encryption. I.e. the problem was not the encryption itself, but kind of a bug in SuperSU - it was not able to activate su back after a reboot (I'll try to check it via a bug report to Chainfire).
So I digged a bit deeper into this and realized that SuperSU was simply deleting the su binary in /system/xbin on de-activation and writing it back on activation. And it looked like it wasn't able to write it back after a reboot (probably because of missing permission).
Knowing that, I decided to go a step further: I flashed the TWRP
(many thanks to the TeamWin guys!), booted into recovery, mounted /system and copied the su binary manually to /system/xbin. After a reboot I tried once again open SuperSU, but it still said, it couldn't find the su binary. Hmmm... There must be something more... Having another look at the script source of the Update-Super-SU package I found that at the end it was calling the su binary with the option "-install". So I booted back to recovery and tried that as well... Hurra!!! After a reboot SuperSU was finally starting and the root-apps were able to get su access... So this seemed to be the desired solution.
I deactivated su again, rebooted and started the encryption. It ran and finished successfully, as expected. After that I booted to recovery and installed su manually, as I've done it before... Reboot... finger crossed... Tadaa!!! System is back, encrypted and root is working!
- Device is not rooted and not encypted (if already rooted, scip 2; if already encrypted, decrypt or do a factory-reset - don't try CF-Auto-Root on an encrypted device, it'll soft-brick)
- Root the device (e.g. using Auto-Root-CF by Chainfire (it'll trigger the Knox-counter)
- Temporarily un-root the device (when using SuperSU: go to Settings and remove the tick at the option "Activate Superuser")
- Activate the device encryption (the battery must be at least at 80% and the device must be plugged in the wall charger)
- The device will restart after a short period of time and start the encryption (this will take some time, but you should see a progress bar indicating how far it is)
- After the encryption is finished the device will reboot and ask for the password, just log in
- If not yet done, flash a custom recovery where you have a console access or can use ADB as root (I used TWRP)
- Boot into recovery
- Mount /system (it's not mounted automatically, at least not in the version I used - TWRP 220.127.116.11).
- Open the console or ADB shell
- Copy the su binary (if you use SuperSU: cp /system/xbin/daemonsu /system/xbin/su)
- Execute the installation (if you use SuperSU: /system/xbin/su --install)
- You should be done