[Q] Custom ROMs + Encryption

[bakura82]

Having trouble finding a firm answer on this. I have read that encryption has NO effect on Recovery mods since it only encrypts apps, data, and a few other pieces of info. (I thought that there was full disk encryption, but I guess not). So I would like to verify the following questions regarding the use of custom ROMs and Android encryption and I would like to do both, back them up, and maybe even change ROMs without issue.

1. I am fairly certain I can boot into a recovery mod (CWM or Twerp) without any problems while encrypted. Is this true? (I have seen conflicting answers here and on the interwebs).
2. If I back up a ROM and data (assuming this is done together in one backup), will I be able to recovery the backup properly and use it even when it was encrypted?

Thanks in advance.

Bakura

 

[Hexgore]

You can boot into recovery and flash zips but you will not be able to access your /data partition since that's what's encrypted. For flashing ROMs this doesn't matter since those don't touch /data. However if you have to wipe your user data you will have to set up the encryption all over again.

What this also means is you cannot store your zips on the internal memory of your phone because those will not be accessible to the recovery. You will have to store them on either an unencrypted microSD or sideload them with adb (easy enough to do on CWM, not sure about other recoveries).

Backing up should be fine as long as you backup to somewhere other than the internal memory for the reasons I stated above.

 

[Far_SighT]

Will the wipe and restore options work?

You can boot into recovery and flash zips but you will not be able to access your /data partition since that's what's encrypted. For flashing ROMs this doesn't matter since those don't touch /data. However if you have to wipe your user data you will have to set up the encryption all over again.

What this also means is you cannot store your zips on the internal memory of your phone because those will not be accessible to the recovery. You will have to store them on either an unencrypted microSD or sideload them with adb (easy enough to do on CWM, not sure about other recoveries).

Backing up should be fine as long as you backup to somewhere other than the internal memory for the reasons I stated above.

I have a full Nandroid Backup of my phone with 4ext Revovery Touch. So if I encrypt Internal Storage only and if it's screwed up, will I be able to restore the Nandroid backup from recovery (I mean, is it possible to modify (rwx) the encrypted partition from recovery?

 

[Hexgore]

I have a full Nandroid Backup of my phone with 4ext Revovery Touch. So if I encrypt Internal Storage only and if it's screwed up, will I be able to restore the Nandroid backup from recovery (I mean, is it possible to modify (rwx) the encrypted partition from recovery?

If the Nandroid backup is stored on your SD card, I think so, but you might have to wipe the partition first. As far as I know (someone please correct me if I'm wrong) you can still wipe the encrypted partition, you just can't access any of the encrypted data from recovery.

 

[Far_SighT]

Yeah, the recovery works just fine!

If the Nandroid backup is stored on your SD card, I think so, but you might have to wipe the partition first. As far as I know (someone please correct me if I'm wrong) you can still wipe the encrypted partition, you just can't access any of the encrypted data from recovery.

^+1. So I went ahead and encrypted the internal storage. The process was fairly fast (took me under 10 mins).
But entering a password was too much of a hassle. So I performed a full system wipe and restored the backup. No problems.

 

[Hexgore]

That actually didn't work for me on the Nexus 7.

I tried to wipe the tablet from recovery but it couldn't mount the /data partition.

I tried to wipe the tablet from the OS but it didn't like the custom recovery so it just rebooted without changing anything.

In the end I had to run "fastboot erase userdata" to wipe it. That worked.

I have now installed CM 10.1 and can report that the encryption process seems to be working fine on the N7. It's taking a while but it is the 32GB model.

Encryption on Android is very temperamental. The general pattern seems to be that if the ROM you're using is based on the stock OS for your device (as AOSP is for Nexus devices) encryption will work fine, but due to the way the memory is mounted on modern Nexus devices, recoveries may be unable to mount the /data partition at all.

However if you are using a ROM based on a non-stock OS for your device (e.g. AOSP on an HTC Sensation) encryption may not even be able to turn on, and sadly fixing this problem when it arises is not high on the list of priorities for most developers, especially if your device isn't popular.

We are lucky that CyanogenMod seems to care a lot about privacy and security recently however. That may mean they focus more on encryption compatibility in the future, and most AOSP ROMs are based on CM, so fingers crossed for that.

But basically be aware YMMV when it comes to encryption on custom ROMs.

 

[Isnetso]

I tried to encrypt two Moto G's with the new official CM11, but after reboot and enter pin to unlock, the devices crashes with a black screen.
Encryption with stock firmware works fine.