English

Mounting encypted system with TWRP possible meanwhile?

I have TWRP 2.8.7.0 and Fairphone Open 16.12.0 and it is not possible to mount my encrypted system in TWRP. As far as I can see there isn’t any solution for this, yet. Or did I overlook something?

This is an interesting question. (I’ve encrypted my FP1 and being able to mount /data in recovery would be great.)

Android uses dm-crypt which is one of the most used options for full disk encryption on Linux.

I haven’t done this, but I found a few interesting links:

Perhaps that’ll help.

(I don’t think TWRP supports this out of the box. But it my be possible to connect your phone to your PC and mount /data using adb.)

If there is a community solution out there, it’ll likely surface here:

Judging by the info there, and info in TWRP’s github, decryption requires some vendor-specific stuff to be built into the image, possibly together with some ROM-dependent stuff.
One comment there is:

There’s not necessarily a “right direction” that anyone can lead you. On some recent devices, you have to hvae qseecomd running in recovery. On some devices you have to mount another partition like the modem or firmware partition. It’s easier when you have full source for the ROM (Nexus or Cyanogen Inc devices) because you can compile an engineering boot with full adb root and grab logcats and run test binaries during a normal boot and use a process of elimination to help identify what needs to be done.

I think the Fairphone developers are busy working on the Android upgrade, so don’t expect it to be solved by them before that lands (as probably the new android version would break decryption from recovery again anyway).

1 Like

Oh, of course there are vendor specific quirks. :frowning:

Just for the record: this

Thanks, guys, for your immediate responses. As far as I can see now, it’s a lot of trouble having FP OSOS with an encrypted device. I have been trying to get adb running on my linux pc (kubuntu 14.04) for hours now - no success. As I want to have a rooted fairphone the only option seems to have it uncrypted. That’s sort of sad and I hope an upgrade is going to improve this.

Cheers
Martin

Umm, that should be very easy.

Did you try sudo apt install android-tools-adb?

No, not at all. Works just fine.

Unless, though, it is crucial for you to get ADB access to an encrypted /data partition in recovery.
You can, however, revert to the default Android recovery. Just flash it over TWRP, works fine.
If you are looking for ADB access in TWRP, you can achieve this after flashing a community port of TWRP. However, you also won’t be able to mount encrypted /data with it.

I have been following this instruction:
http://bernaerts.dyndns.org/linux/74-ubuntu/328-ubuntu-trusty-android-adb-fastboot-qtadb

But my fairphone cannot connect properly. (To be honest, linux never ever is hassle-free if you want to do some stuff apart from browsing, emailing or office work. This has been my experience for the last eight years.)

Have you activated USB debugging on the phone in the developer settings?
have you put the phone in installation mode when connected (i.e. not MTP, PTP, but nothing checked)?

Yes, USB debugging was activated. Sorry, but what is the installation mode and what do you mean by MTP and PTP?

… and you are right, the OSOS works fine, but I can’t update my openGApp as I don’t have access to my encrypted data partition.

MTP I have discovered meanwhile in TWRP, my be I have to disable it. What could be a solution for the main issue is to have the opengapps installation file on a separate sd that is not encrypted. I have to try this.

This tutorial looks not that bad. (If you want to access a current version of Android with a three year old version of Ubuntu.)

I’m using Ubuntu for almost seven years now. And it gets better every release.

(And it’s way better than my old Windows 7 where I came from. Although Windows 10 has gotten way better, too.)

Well sorry, when you’re in recovery you don’t need to be in installation mode. This is, when you have Android booted and plugged in at a computer, you can swipe down from the top and select the mode in which the phone connects to the computer. There you get all these selections and if you want to use ADB nothing need to be selected.

But back to recovery. You could also safe the openGAPPS package on the SDcard, for a temporary workaround, and install it from there. If you don’t have a card inserted by default, maybe you can “borrow” a card from another device.

1 Like

This screen I have never seen yet and I suppose I had to go deep into linux via command line to find out why. I have never been very good at this but as I am fed up with such kind of work I just don’t do it any more if there is any other way out.

It worked. I wonder if the SDcard will stay uncrypted. If it does - great. If it doesn’t - no way. As far as I can see openGApps are updated every couple of days and it is not an option to pull out and in the SDcard all the time.

If it stays uncrypted I had to find out what kind of SDcard is good enough and works quickly. The one I have in use now slows the whole system.

Not at all. This has nothing to do with Linux. Whenever you plug your phone with a data cable to a computer Android gives you a couple of of choices with which protocol to connect. E.g., you can only mount the SDCard, or, via the MTP protocol, also your phone’s internal drive. Just when you want to use ADB you need to uncheck all possibilities, which Android calls installation mode.

So whenever you connect a phone with a computer, you should get that kind of choice by swiping down from the top. If you don’t, maybe you are not using a data cable (4 pin cable).

If you don’t encrypt it manually (e.g. with some 3rd party app; Android doesn’t do it by default, unfortunately), it will stay unencrypted.

You don’t need to flash openGAPPS for every update: A) openGAPPS updates may only be updates in the code of how to install GAPPS; B) GAPPS, or I call it here GMS (Google mobile services) will get updated automatically when theu are installed (and you have a Google account account) in the background; pulling the updates right from Google.

So once you have openGAPPS installed, you will only need to reinstall it, when you update your FPOOS version.

1 Like

Thanks a lot, I didn’t know and understand this before, that I have to uncheck everything. I knew that MTP is for Windows but thought it would be emulated somehow. Connection works now and I can see the screen in qtADB. I don’t have any file access and don’t see the unencrypted SDcard. This is due to the encryption of the system, I suppose. But I can connect my phone now and this is great.

I thought updating could be wise for security reasons/patches (ok, I could have a look at the release notes).

This I had understood, but thanks for taking your time to explain it all, you never know :wink:

I had seen your wiki post before - it has already been helpfull for my understanding.

So having a fast unencrypted SDcard I shouldn’t have a problem with an encrypted FPOSOS anymore :relaxed::relaxed::relaxed:

And now I even have access to the whole file system via QtAD. I don’t know yet what made the difference, but I’ll find it out.

You have access while the system is booted, right?
So you can’t access /data from recovery.

I have full access including /data via qtADB while the system is booted. I can’t access data from recovery mode (TWRP).