English

Encrypt phone with FairPhone Open OS

I encrypted my Phone with the user shipped (proprietary) FP2 OS and then switched over to the FPOSOS. In the beginning (16.04) I had to enter my PIN to decrypt my userdata. But now (16.06) i noticed, I no more have to enter my PIN to decrypt userdata. In Settings it still says “Encrypted” and also TWRP can´t access the userdata. I also switched it off totally and removed the the battery to be sure the PIN is not kept in memory.
This really strange, it would mean my encryption key is no more PIN-protected. This is not what the encryption should be. Is someone of you recognising the same issue, or Is there something wrong with my settings?

Encryption should be better tested and promoted, so users are more secure! Also TWRP needs a fix to be able to access decrypted /data for full backups.

There are two layers to encrypt the /data partition, one that is built into the hardware, and one is the password or pin you enter, and they are supposed to work together/be combined. So it should be possible theoretically that the encryption is in place without your password, by only using the hardware key.

I also experienced that already a few times during updates or OS changes that encryption seemed to be in place though I didn’t get asked for my pw, which is not the behaviour I expect or want to have, as it makes my data easier accessible.

I use the app snooperstopper to have a different password than for the lock screen, and resetting the password there solves the problem and I get asked again for my password on start up.

1 Like

What happens if you set a new PIN, pattern or password? My FP2 with 16.06 then asks me if this should also be needed at boot:

Thank you for the suggestion and the confirmation that this works on FP2. Is it compatible with a pattern to unlock the screen? Snooperstopper asks for my current password though I have a pattern. And what happens if you change the pattern or PIN afterwards, does it overwrite the encryption password as well?

Thank you @m4lvin for your hint, it was set to No thanks and I switched to Require password and it worked! Afterwards I installed snooperstopper which is really what I was “searching” for a long time. You may even set a pattern or short PIN for the display lock and have a long random passphrase for encryption.

Security note:
If you change the pattern, PIN or passphrase for the display lock it will automatically remove the encryption passphrase on Startup (Hardwarekey only) so make sure you set an encryption passphrase with snooperstopper directly after changing the display lock (snooperstopper will popup automaticaly!). Thank you @freibadschwimmer! :relaxed:

2 Likes

I also had the issue of not being able to encrypt my phone after changing to Fairphone Open OS.

My solution was, to resize the partition. Essentially only 16 KB need to be empty at the end of the partition.

That means for a partition size of 6798331 * 4KB blocks, the partition needs to be resized to 6798327 * 4KB blocks.

One option, using the adb shell:

  • Boot into recovery
  • Unmount data
  • e2fsck -y -f /dev/block/mmcblk0p20
  • resize2fs /dev/block/mmcblk0p20 6798327

Or, even simpler:

  • Boot into recovery
  • Select ‘Wipe’
  • Select ‘Advanced Wipe’
  • Select data partition
  • Select ‘Resize’

This automatically resizes the partition to the correct number of 4KB blocks.

12 Likes

My shell answers:
Please run 'e2fsck -f /dev/block/mmcblk0p20' first.

Since I have actually run this in advance, I just added the force parameter:
resize2fs -f /dev/block/mmcblk0p20 6798327

I’ll try to encrypt the phone later when the battery is fully charged.

Edit:
It worked very well. The process took about six minutes. :slight_smile:

1 Like

With the official build, version 16.12.0, I can encrypt the phone. Thanks to everyone.

1 Like

Trying to encrypt with Fairphone Open OS 17.02.
After starting the encryption an Android picture was shown, then the phone rebooted immediately and is now showing the flashing “LOADING” since approx. 3 hours …
I would guess that the phone is not encrypting, or is it?

Edit: Took the battery out, put it in again and started the phone, seems like nothing happened.

Edit:

Thanks @sil-van, that did the trick … now on to struggling with an unresponsive touchscreen …

Edit: Ok, checked this touchscreen thread and it seems my charger is causing the touchscreen issue … but only after encrypting the phone … This feels like an adventure game, I don’t know whether I like this gamification trend nowadays :slight_smile:

For some reason, the afforementionned commands does not work for me. No error, the logs show the commands are executed proprely. But when I reboot, system is still unencrypted (and relaunching the encryption setup does not work).

As I’m completely new to both android and fair phone, I’m not sure what I can do to achieve encryption on my system. It’s a FP2, running FairPhone Open OS 17.09.3 (I used the OTA build switcher from here.

At least the system is booting properly and my data still there. I just fill a bit naked with my data stored in clear :smiley:

This has worked for me a few days ago.

What do the logs say why the encryption doesn’t work?

I’ve got no log of any kind (at least nothing visible). The system simply reboot unencrypted.

Anyway, I’ve wiped the data partition from the phone, as suggestion in another post, and encryption worked. But I had to reconfigure everything from scratch, which is a bit sad :wink:

Okay, just for the sake of completeness:

You can capture the log by connecting your phone via USB (using WiFi probably won’t work as the connection gets lost in the reboot),
going to the settings and enabling the encryption.

The phone doesn’t completely reboot - the only part that is being restarted is the user interface. Your USB connection and both adb processes (the one on your phone and the one on your PC) will stay alive.

The first time, I tried to enable the encryption, I got the same error that someone posted here in this thread.
After resizing, everything went well for me.

1 Like

After my Android 6 upgrade was very time consuming (Upgrade + Encryption problem -> factory reset) I’m a bit afraid of encrypting my phone again.

The necessary steps you discuss here feels like another adventure.

  • Can I somehow check if the resize is really necessary?
  • Will I lose any settings or data when the resize will be performed?
  • Did anyone of you use SnooperStopper in addition (I would like to, but see my linked encryption problem after the upgrade)

It will only become an adventure if those steps don’t work :wink: .

You should make a backup of your stuff anyway before encrypting it all.
Remember you are using Android and have a look at the forum … Regardless of anybody telling you “worked fine for me” … there is a chance it might still not work fine for you, even if all prerequisites seem to be the same. On that note …

General note:

When I install or set up a computer (term includes smartphones) for the first time, I try to take the time and make a list of all the stuff I initially install, and all the settings I initially change. If I find something relevant later, I try to remember to update the list.
With the help of this list installing or setting up everything from scratch again if necessary still takes time and I try to avoid it with the help of backups, but it takes much less time than if I would have to think about every program to install and every setting to change all over again.

So prepare yourself for failure … this is a bit tedious, but there will be not much left to be afraid of afterwards :wink:

  • Make a list of your installed Apps
  • Go through the settings and make a list of every setting you remember to have changed or which seems somehow important to you
  • Backup your internal storage data (pictures, contacts, ringtones etc. …)
  • Make a TWRP backup of the OS (TWRP doesn’t backup internal storage anyway)

… then make sure you are not in a rush and have a go.

Hey @AnotherElk,

thanks for the fast reply.

You are probably right such a list might make sense to speed up all the necessary reinstall and reconfiguration steps. I will create one before I will try to encrypt my device.

At least I’m practiced in backup and recovery stuff, because of the last problems I had. ^^

So some addtional questions:

  • What is the correct amount 4K blocks? And in addition how to ensure that there is enough space in the encryption folder? I thought this is somehow equal for all FP2s?! (right now this procedure feels a bit hacky to me)
  • So you don’t use Snooperstopper? As my encryption password will probably be some kind of dice-ware near strong password I would really like to set a separarte simpler screen unlock password.

Today I will not going todo anything as I’m “on the rush” :wink:

I don’t know … I quickly tried to run the quoted e2fsck command on my phone to see whether its output gives a hint, but even with everything unmounted it just reported something is in use, perhaps because of the active encryption, no idea.
So I have no way of knowing whether the 4K block number given in the quoted resize2fs command does work for every Fairphone. I would try the TWRP “Resize” first and have a look whether all the data is still there and whether encryption works then … that would be nice :slight_smile: .

If that doesn’t work, I would of course try the more complicated stuff and confront losing my data and perhaps having to reinstall.

By the way … there is a nice bonus if you decide to go the 100% clean way, meaning to wipe everything, do the resize, install the OS from scratch and as soon as it successfully booted start the encryption … because there is almost no data at this point, encrypting will be lightning fast.
Of course you have to invest the time saved by that in reinstalling Apps and re-setting all those important settings :slight_smile: .

No, I can’t help with that, sorry.

Yes, for a long time already I use FP Open OS with encryption, pattern lock screen and a separate alphanumeric password which I installed with Snooper Stopper. I never had a problem with wrong partition size, I think.

Thanks @m4lvin for your reply.

So maybe I will just give it a try without resizing stuff in advance. (of course I will still take backups :wink: )

Can you have a short look to this thread: Encryption password does not work anymore for normal boot but for twrp (changed with snooperstopper)
I (as well as @freibadschwimmer ) ran into a problem while using Snooperstopper and I’m afraid that this will happen again. Not sure if this is a specific problem while resetting encryption password with Snooperstopper.

Eventually encryption password should only be set and changed via encryption menu of the OS. Snooperstopper should only be used to set a separate screen unlock password/pattern. Just a theory.

I saw the other thread before but don’t know how to help you because for me Snooperstopper did not generate this or any other problem.

I think it is the other way round: The separate password in SnooperStopper is for the encryption and the PIN or pattern for unlock is managed by android. I don’t have a separate encryption menu where I could change the encryption password.

Maybe first try encrypting and reboot a few times and also check that you can mount it in TWRP, and only after that install and use SnooperStopper?