Android x86 oreo full disk encryption issue

1,124 views
Skip to first unread message

Luigi Savarese

unread,
Jun 14, 2019, 6:32:14 AM6/14/19
to Android-x86
Hi everyone,

I'm trying to perform a complete disk encryption with the following command:

x86_64: / # vdc cryptfs enablecrypto inplace default
x86_64: / #
200 5464 0

After a few minutes if I try to execute the following command, I have the following error:

x86_64: / # getprop | grep cry 
[ro.crypto.state]: [not supported] 
vold.encrypt_progress]: [error_not_encrypted]
x86_64: / #

Any suggestion?

Best regards

Luigi

Luigi Savarese

unread,
Jun 17, 2019, 4:48:50 PM6/17/19
to Android-x86
Hello everyone guys.

Has anyone encrypted the entire disc or a partition?

Could  you help me?

Best regards

Luigi

Chih-Wei Huang

unread,
Jun 17, 2019, 10:59:08 PM6/17/19
to Android-x86
Luigi Savarese <savar...@gmail.com> 於 2019年6月18日 週二 上午4:48寫道:
>
> Hello everyone guys.
>
> Has anyone encrypted the entire disc or a partition?
> Could you help me?

Android-x86 uses a different disk layout than
a traditional Android device.
The /data is usually not mounted on a single partition.
It's just a directory in the partition you installed android-x86.
In short, I don't think it's possible to encrypt it.

Of course, you can change to use the traditional
Android disk layout. Then it may work.
(I'm not sure, try and debug it yourself)

DDS Central

unread,
Jun 18, 2019, 6:31:42 AM6/18/19
to Android-x86
The old DATA option still works for separating /system and /data partitions. I see no reason why that would not work dm-crypt encrypted disk (that's what AOSP uses). The mount process would need to be changed though and we need to store the encryption key somewhere (not sure where AOSP normally keeps the key for /data).

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.
To post to this group, send email to andro...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-x86.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-x86/CAKc24n2PJbj96p3n5tihPpnWhLZVdfdYFsyTJ3nCG_K5bq5yZw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Luigi Savarese

unread,
Sep 19, 2019, 5:21:38 AM9/19/19
to Android-x86
Hi,

how can I change the layout of the disk during installation in order to create /data as a separate file system?

Regards

Chih-Wei Huang

unread,
Sep 19, 2019, 5:31:24 AM9/19/19
to Android-x86
Luigi Savarese <savar...@gmail.com> 於 2019年9月19日 週四 下午5:21寫道:
>
> Hi,
> how can I change the layout of the disk during installation in order to create /data as a separate file system?

The installer doesn't support that.
You can only do it manually.

Luigi Savarese

unread,
Sep 19, 2019, 7:17:23 AM9/19/19
to Android-x86
OK.

Is there a file like  /etc/fstab on Andtroid x86? How it works? Just as linux?

Thanks 

Michael Goffioul

unread,
Sep 19, 2019, 7:37:36 AM9/19/19
to andro...@googlegroups.com
The fstab file is in the ramdisk. The way I've done is by overwriting script 2-mount (in initrd) with my own version of mount_data(), which will inject the fstab entry for /data at runtime, without mounting it (Android will mount it as part of regular startup).

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.

Luigi Savarese

unread,
Sep 19, 2019, 8:40:45 AM9/19/19
to Android-x86
Hi  Michael,

Could you give me some information on how to do it? Or some useful links about it?

Thanks, Luigi


Il giorno giovedì 19 settembre 2019 13:37:36 UTC+2, Michael Goffioul ha scritto:
The fstab file is in the ramdisk. The way I've done is by overwriting script 2-mount (in initrd) with my own version of mount_data(), which will inject the fstab entry for /data at runtime, without mounting it (Android will mount it as part of regular startup).

On Thu, Sep 19, 2019 at 7:17 AM Luigi Savarese <savar...@gmail.com> wrote:
OK.

Is there a file like  /etc/fstab on Andtroid x86? How it works? Just as linux?

Thanks 

Il giorno giovedì 19 settembre 2019 11:31:24 UTC+2, Chih-Wei Huang ha scritto:
Luigi Savarese <savar...@gmail.com> 於 2019年9月19日 週四 下午5:21寫道:
>
> Hi,
> how can I change the layout of the disk during installation in order to create /data as a separate file system?

The installer doesn't support that.
You can only do it manually.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

Luigi Savarese

unread,
Sep 19, 2019, 8:41:39 AM9/19/19
to Android-x86
Hi  Michael,

Could you give me some information on how to do it? Or some useful links about it?

Thanks, Luigi

Il giorno giovedì 19 settembre 2019 13:37:36 UTC+2, Michael Goffioul ha scritto:
The fstab file is in the ramdisk. The way I've done is by overwriting script 2-mount (in initrd) with my own version of mount_data(), which will inject the fstab entry for /data at runtime, without mounting it (Android will mount it as part of regular startup).

On Thu, Sep 19, 2019 at 7:17 AM Luigi Savarese <savar...@gmail.com> wrote:
OK.

Is there a file like  /etc/fstab on Andtroid x86? How it works? Just as linux?

Thanks 

Il giorno giovedì 19 settembre 2019 11:31:24 UTC+2, Chih-Wei Huang ha scritto:
Luigi Savarese <savar...@gmail.com> 於 2019年9月19日 週四 下午5:21寫道:
>
> Hi,
> how can I change the layout of the disk during installation in order to create /data as a separate file system?

The installer doesn't support that.
You can only do it manually.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

Michael Goffioul

unread,
Sep 19, 2019, 9:26:26 AM9/19/19
to andro...@googlegroups.com
1) you need to make sure your device has the correct partition layout; if you want /data to live in a separate partition, well you need to create it and format it properly (I'm using /dev/sda4 with ext4)

2) my 2-mount script looks like this (block name and fstab name are specific to my system, make sure to adapt them; also be aware my system doesn't have a sdcard):

mount_data()
{
        if [ -n "$LIVE" ]; then
                mount -t tmpfs tmpfs data
        else
                # /data partition is expected to be on /dev/sda4.
                # Inject it into fstab and let Android mount (and check) it.
                [ ! -e /dev/block/sda4 ] && ln /dev/sda4 /dev/block
                sed -i -e "1s|^|/dev/block/sda4    /data   ext4    noatime,nosuid,nodev    wait,check\\n|" fstab.android_x86
        fi
}

mount_sdcard()
{
        :
}

3) replace 2-mount script in ramdisk.img: this is just a regular compressed cpio archive:

mkdir ramdisk
cd ramdisk
zcat /path/to/ramdisk.img | cpio -id
(modify script)
find . | cpio -o -H 'newc' | gzip > /path/to/newramdisk.img

4) install the new ramdisk; you have 2 options: either you replace the existing one, or you install with a new name and you use kernel command-line parameter to point to it (e.g. add "RAMDISK=newramdisk.img" should do it, though I never tried that)

Hope this helps.
Michael.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-x86/4777348f-a421-4a2b-be4d-4f0597ecf441%40googlegroups.com.

DDS Central

unread,
Sep 19, 2019, 9:58:08 AM9/19/19
to Android-x86
You don't need to edit anything, just add DATA=partition kernel parameter in GRUB. Replace "partition" with partition name, for example /dev/sda2.

I have also added support for using UUIDs for /data in my custom build, I will try to clean up my code and and submit a patch after I return from my vacation.

To view this discussion on the web visit https://groups.google.com/d/msgid/android-x86/CAB-99LtQbnMgO%2B-ZCSxjbieSso%2BDVCKz5gN%3Dc3w5Snt1ttaMzg%40mail.gmail.com.

Michael Goffioul

unread,
Sep 19, 2019, 10:05:36 AM9/19/19
to andro...@googlegroups.com
Will that work with encrypted data partition?


DDS Central

unread,
Sep 19, 2019, 10:08:37 AM9/19/19
to Android-x86
Android x86 init does not have support for encryption. Androud's encrypted partitions are basically dm-crypt, you could in theory mount them from init. Not sure where Android keeps the decryption key though.

To view this discussion on the web visit https://groups.google.com/d/msgid/android-x86/CAB-99LvU_CCHY8uqqgtvs_%2BAHV6JUFKSZZu9beqvqUKpU58CCA%40mail.gmail.com.

Luigi

unread,
Sep 20, 2019, 7:38:16 AM9/20/19
to Android-x86
HI,

how can I install dm-crypt on Android x86?

Regards


Il giorno giovedì 19 settembre 2019 16:08:37 UTC+2, DDS Central ha scritto:
Android x86 init does not have support for encryption. Androud's encrypted partitions are basically dm-crypt, you could in theory mount them from init. Not sure where Android keeps the decryption key though.

On Thu, 19 Sep 2019, 16:05 Michael Goffioul, <michael...@gmail.com> wrote:
Will that work with encrypted data partition?


On Thu, Sep 19, 2019 at 9:57 AM DDS Central <wdmo...@gmail.com> wrote:
You don't need to edit anything, just add DATA=partition kernel parameter in GRUB. Replace "partition" with partition name, for example /dev/sda2.

I have also added support for using UUIDs for /data in my custom build, I will try to clean up my code and and submit a patch after I return from my vacation.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

Luigi

unread,
Sep 25, 2019, 2:53:39 AM9/25/19
to Android-x86
Hi,

where can I add  DATA=partition kernel parameter in GRUB?

Please, see attached images.

Best regards


Il giorno giovedì 19 settembre 2019 15:58:08 UTC+2, DDS Central ha scritto:
You don't need to edit anything, just add DATA=partition kernel parameter in GRUB. Replace "partition" with partition name, for example /dev/sda2.

I have also added support for using UUIDs for /data in my custom build, I will try to clean up my code and and submit a patch after I return from my vacation.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.
kernel_parameter_img1.jpeg
kernel_parameter_img2.jpeg

Chih-Wei Huang

unread,
Sep 25, 2019, 3:41:14 AM9/25/19
to Android-x86
Luigi <savar...@gmail.com> 於 2019年9月25日 週三 下午2:53寫道:
>
> Hi,
>
> where can I add DATA=partition kernel parameter in GRUB?

Add to the line end of setparams or linux.


--
Chih-Wei
Android-x86 project
http://www.android-x86.org

Luigi

unread,
Sep 25, 2019, 5:13:15 AM9/25/19
to Android-x86
Ok, it works fine.

Now, how can I check that this partition is encrypted?

Let me say what I have made.

I have installed initially Android x86 on partition /dev/block/sda3 and leave free partition on /dev/block/sda4.

When i write "DATA=/dev/block/sda4" in kernel parameter, Android start new installation on this partition /dev/block/sda4.

When I reboot the terminal, the system correctly start with Android installed in /dev/block/sda3. If I try to mount /dev/block/sda4  it works fne (#mount /dev/block/sda4 /storage/test). 
Why? I would have expected a password request, as the file system was encrypted.
 
I hope I was clear.

Best regards

Luigi

unread,
Sep 25, 2019, 10:54:48 PM9/25/19
to Android-x86
Is there anyone who could help me?

Best regards

Michael Goffioul

unread,
Sep 25, 2019, 11:54:00 PM9/25/19
to andro...@googlegroups.com
Have you tried the method I suggested? I think your best bet is to let Android mount the data partition, which is basically what my solution does.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-x86/9e24d6cf-43af-48a6-a375-2bd063bd5b8f%40googlegroups.com.

Luigi

unread,
Sep 26, 2019, 12:07:07 AM9/26/19
to Android-x86
No, it seems very complex to my knowledge.

I just added DATA = kernel parameter of partition in GRUB as suggested by "DDS Central" and it seems to work but ....

Let me repeat what I did.

I have installed initially Android x86 on partition /dev/block/sda3 and leave free partition on /dev/block/sda4.

When i write "DATA=/dev/block/sda4" in kernel parameter, Android start new installation on this partition /dev/block/sda4.

When I reboot the terminal, the system correctly start with Android installed in /dev/block/sda3. If I try to mount /dev/block/sda4  it works fne (#mount /dev/block/sda4 /storage/test). 

Why? I would have expected a password request, as the file system was encrypted.

Best regards
To unsubscribe from this group and stop receiving emails from it, send an email to andro...@googlegroups.com.

Povilas Staniulis

unread,
Sep 26, 2019, 5:43:03 AM9/26/19
to andro...@googlegroups.com
You can allow vold to mount /data by modifying initrd file as previously
suggested (I would also add "encryptable" flag to fstab). Then in theory
encryption should work. I've never tested this personally though.

See https://source.android.com/security/encryption/full-disk
> it, send an email to andro...@googlegroups.com <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/android-x86/9e24d6cf-43af-48a6-a375-2bd063bd5b8f%40googlegroups.com
> <https://groups.google.com/d/msgid/android-x86/9e24d6cf-43af-48a6-a375-2bd063bd5b8f%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android-x86" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to android-x86...@googlegroups.com
> <mailto:android-x86...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/android-x86/d2222f06-8d08-40fb-8335-2b1b9fd558f3%40googlegroups.com
> <https://groups.google.com/d/msgid/android-x86/d2222f06-8d08-40fb-8335-2b1b9fd558f3%40googlegroups.com?utm_medium=email&utm_source=footer>.


youling 257

unread,
Sep 26, 2019, 9:37:15 AM9/26/19
to Android-x86
First, you need rebuild kernel.
CONFIG_MD=y
CONFIG_BLK_DEV_DM=y
CONFIG_DM_CRYPT=y
CONFIG_DM_MIRROR=y
CONFIG_DM_ZERO=y
CONFIG_DM_UEVENT=y
CONFIG_DM_VERITY=y
CONFIG_DM_VERITY_AVB=y
CONFIG_DM_VERITY_FEC=y
CONFIG_DM_BOW=y

在 2019年9月20日星期五 UTC+8下午7:38:16,Luigi写道:

Luigi

unread,
Oct 5, 2019, 11:27:41 AM10/5/19
to Android-x86
Could you give me detailed information (documents, web site link, etc.) in order to do what yow wrote below?

Regards 

Luigi

unread,
Oct 21, 2019, 1:12:05 PM10/21/19
to Android-x86
Hi youling 257,
Where can I write these parameters?
Could you give me detailed information (documents, website links, etc.) to do what you tell me?

Regards

Il giorno giovedì 26 settembre 2019 15:37:15 UTC+2, youling 257 ha scritto:

youling 257

unread,
Oct 21, 2019, 3:12:09 PM10/21/19
to Android-x86

Luigi

unread,
Oct 23, 2019, 2:56:27 PM10/23/19
to Android-x86
Hi youling 257,

I have done your steps. 

I modified the parameter in  kernel/arch/x86/configs/ and I have build the new kernel as suggested in the section "Build and update kernel solely" of the following link: 

It is no clear when the guide says:
"..Then you can copy $OUT/kernel and $OUT/system/lib/modules/ to the target device. Put the former to the android-x86 installation directory, and the latter to /system/lib/modules..."

I am not able to find old kernel file on the target system so I don't know where I must write this file. 
About /system/lib/modules I have found the old version and I substitute it with the new version, so in this case everything is ok

Could you help me?

regards

youling 257

unread,
Oct 23, 2019, 7:34:38 PM10/23/19
to Android-x86
when you device boot Androidx86, detecting found at which /dev/xxx ? then at Androidx86 terminal app,
su
mkdir /data/1
busybox mount /dev/block/xxx /data/1
root explorer open /data/1 folder, you can see android-x86 folder, can see system.img initrd.img ramdisk.img kernel.

在 2019年10月24日星期四 UTC+8上午2:56:27,Luigi写道:

Luigi

unread,
Oct 24, 2019, 9:53:48 AM10/24/19
to Android-x86
Hi youling 257,

thanks for your support I was able to replace the kernel file but now when I restart Android crashes as shown in the attached image. There is a cursor that flashing  but I am not able to do anything.

Any suggestions?

Regards
Boot_hang.jpg

youling 257

unread,
Oct 24, 2019, 12:54:05 PM10/24/19
to Android-x86
can't see anyting. boot debug mode.

在 2019年10月24日星期四 UTC+8下午9:53:48,Luigi写道:

Luigi

unread,
Oct 24, 2019, 1:05:46 PM10/24/19
to Android-x86
See attached.

regards
boot_debug.jpg

youling 257

unread,
Oct 24, 2019, 7:31:36 PM10/24/19
to Android-x86
I see you only type once exit, type once to mount data, type exit again to load android.
type twice exit.
在 2019年10月25日星期五 UTC+8上午1:05:46,Luigi写道:

Luigi

unread,
Oct 25, 2019, 2:47:03 AM10/25/19
to Android-x86
How?

I can't type anything with keyboard. The system not respond.

Regards

Luigi

unread,
Oct 29, 2019, 3:38:27 AM10/29/19
to Android-x86
Hi youling 257,

could help me (see my answer below)? 

Regards
Reply all
Reply to author
Forward
0 new messages