• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.
  • If you are experiencing issues logging in, we migrated and software and made it more secure. We recommend trying to reset your password.

[ROOT] SuperSU 2.74-2 With ForceEncrypt Set to Default

topjohnwu

Senior Recognized Developer / Recognized Contribut
Jan 31, 2012
1,849
60,388
0
Taipei
Update (May 20): Update to latest version 2.74-2
All versions after SuperSU 2.72 has force encrypt support built in. However it will still disable force encryption by default, you have to set flags manually.
I only modified the default value of the force encrypt flag in the flashing script, so no need to worry that this might break things :)
If your OCD forces you to use the official version, please look here for instructions to set the flag manually by yourself.


Hi, many people have their hands on the HTC 10, and you may found out that wiping data after rooted with SuperSU, your signal will be broken.
This is caused by the fact that by default, SuperSU's flashing script will change the data encryption flag from "forceencrypt" to "encryptable". If you wiped data after the flag is set to "encryptable", your data partition will be decrypted. In many times, decrypted data is good, but on the HTC 10, for some unknown reason the signal will break with data decrypted.
More info here:
[PSA][MUST SEE] New HTC Policy : Things You Should Know Before Unlocking Bootloader

This issue has caught more attention after an S-OFF method is available. You're required to have root and wipe data after gaining S-OFF. The developer of the S-OFF tool has created a tutorial for this particular problem, you can find it here:
[Guide] Root (Optionally s-off) and Keep your radio working

I slightly modified the SuperSU flashing script, so now it won't change the encryption flag.
This zip will remain useful until we find a way to decrypt our data partition with working signal.
 

Attachments

Last edited:

MNoisy

Member
Oct 15, 2013
201
57
28
Chicago
www.brightbrain.com
Big thanks. I wish I would have had this yesterday afternoon!

Now I just need to get a stock 1.21.617.3 image to start again with my US unlocked. If anyone has it, please let me know.

Is there a way to manually change the flag back to forceencrypt?
 
Last edited:

datafoo

New member
May 11, 2010
451
203
0
Big thanks. I wish I would have had this yesterday afternoon!

Now I just need to get a stock 1.21.617.3 image to start again with my US unlocked. If anyone has it, please let me know.

Is there a way to manually change the flag back to forceencrypt?
I have TWRP images for system_image and boot if you need them to fix broken signal as per @jcase. We're both 1.21.617.3
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,765
0
Sequim WA
Hi, many people have their hands on the HTC 10, and you may found out that wiping data after rooted with SuperSU, your signal will be broken.
This is caused by the fact that by default, SuperSU's flashing script will change the data encryption flag from "forceencrypt" to "encryptable". If you wiped data after the flag is set to "encryptable", your data partition will be decrypted. In many times, decrypted data is good, but on the HTC 10, for some unknown reason the signal will break with data decrypted.
More info here:
[PSA][MUST SEE] New HTC Policy : Things You Should Know Before Unlocking Bootloader

This issue has caught more attention after an S-OFF method is available. You're required to have root and wipe data after gaining S-OFF. The developer of the S-OFF tool has created a tutorial for this particular problem, you can find it here:
[Guide] Root (Optionally s-off) and Keep your radio working

Here I come up with a more elegant solution. I slightly modified the SuperSU flashing script, so now it won't change the encryption flag, and also won't remove dm-verify.
NOTE: If your boot image is already modified, it will not reset the flag back to forceencrypt. You have to restore to the stock boot image, then flash this zip. The way I accomplished this is reverting a few modification from the previous ramdisk, so the ramdisk itself has to be stock.
Devs can include this zip into their rom, so users can wipe their whole data with your rom installed.
This zip will be useful until we find a way to decrypt our data partition with working signal.
I would NOT use this zip to root the HTC 10, you really need to remove verity, this is going to cause many many many issues, its going to softbrick a huge number of phones, anything from a lot of root apps, to restoring a twrp backup is going to trip dm-verity
 
Last edited:

Captain_Throwback

Recognized Developer
Aug 22, 2008
20,068
22,335
113
The Nothing
SuperSU v2.72 has all of this built in via KEEPVERITY and KEEPFORCEENCRYPT flags. It's not publicly released yet but will be within a few days.
Out of curiosity, where will we put those flags? /data/.supersu isn't an option, because /data is encrypted and unmountable, and /system/.supersu isn't an option if /system is read-only and we want to preserve dm-verity.
 

topjohnwu

Senior Recognized Developer / Recognized Contribut
Jan 31, 2012
1,849
60,388
0
Taipei
I would NOT use this zip to root the HTC 10, you really need to remove verity, this is going to cause many many many issues, its going to softbrick a huge number of phones, anything from a lot of root apps, to restoring a twrp backup is going to trip dm-verity
My system is modified, but everything is working fine. I'm using this without a problem so I shared it.
Is it because my device is S-OFF? If this is the case, then I'll remove the link. Thanks for the kind remind.
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,765
0
Sequim WA
My system is modified, but everything is working fine. I'm using this without a problem so I shared it.
Is it because my device is S-OFF? If this is the case, then I'll remove the link. Thanks for the kind remind.
I'd have to look at the zip and test to see why. It could be that your particular firmware isn't actually enforcing dm-verity (I believe google mandates this on 6.0+), that HTC disables enforcing when s-off or the zip isn't properly enforcing verity.

Best advice is not to enforce verity on system if you are rooted.

What should (and did for my phone) happen if you have dm-verity enabled on system and a modified system is the phone shouldn't successfully boot.
 
  • Like
Reactions: refedit

Chainfire

Moderator Emeritus / Senior Recognized Developer -
Oct 2, 2007
11,421
87,559
0
www.chainfire.eu
Out of curiosity, where will we put those flags? /data/.supersu isn't an option, because /data is encrypted and unmountable, and /system/.supersu isn't an option if /system is read-only and we want to preserve dm-verity.
I've added /cache/.supersu as location specifically for those devices with a TWRP that can't read encrypted /data.

Still, you can echo to /data/.supersu even if /data isn't mounted and that'll still work. It just will not persist between boots.

Custom ROM devs should put it in /system/.supersu, though, or set the variable in shell and export that variable (important!) before running the SuperSU ZIP.
 

dottat

Retired Forum Moderator
Jan 10, 2011
7,092
4,454
113
york, pa
I've added /cache/.supersu as location specifically for those devices with a TWRP that can't read encrypted /data.

Still, you can echo to /data/.supersu even if /data isn't mounted and that'll still work. It just will not persist between boots.

Custom ROM devs should put it in /system/.supersu, though, or set the variable in shell and export that variable (important!) before running the SuperSU ZIP.
Will that cause complications for users who wipe cache often?
 
  • Like
Reactions: refedit

topjohnwu

Senior Recognized Developer / Recognized Contribut
Jan 31, 2012
1,849
60,388
0
Taipei
Sorry everyone, didn't though much about the dm_verity.
Re-uploaded one with dm_verity removed.
Everyone should re-flash this zip if you've used the old one, thanks a lot.
@LeeDroid, could you please test if this works on your rom? :)
 
  • Like
Reactions: Shaffer678

nkk71

Inactive Recognized Developer / Inactive Recognize
May 26, 2010
8,745
7,569
0
49
Beirut
ah, perhaps encountered a blarf

you wanna stick with blarp ... he's much nicer :D
 
Last edited:

topjohnwu

Senior Recognized Developer / Recognized Contribut
Jan 31, 2012
1,849
60,388
0
Taipei
Yeah... Just tested myself and it won't boot.
It's weird though, it can boot on my modified system:confused:
I might need more investigation, or just wait for Chainfire to release the new update.
Ahh, I knew why.
I cannot separate the forceencrypt flag patch and verify flag by modifying the script.
Had to wait for Chainfire to release new version, or we have to manually modify the boot image.
 
Our Apps
Get our official app! (coming soon)
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone