Can't encrypt Samsung Galaxy A40

Question

Can't encrypt Samsung Galaxy A40

Closed this issue 4 months ago · 6 comments

szmarczak commented 4 months ago

Acknowledgements

I have chosen an appropriate title.
All requested information has been provided properly.
This is not a feature request.
This issue is not a duplicate of an existing issue.
The issue is solely related to this GSI.
This issue occurs with the latest available build.
I am not running a custom vendor on my device.
This issue is not kernel related.
This issue is not related to Magisk/KernelSU/APatch.

Info

Device: Samsung Galaxy A40
GSI version: AOSP 14.0 v2024.05.09
Vendor version: latest

Expected Behavior

Phone should be encrypted.

Current Behavior

Phone is not encrypted.

Possible Solution

No response

Steps to Reproduce

Set up PIN.
No encryption.

Logs

No response

Additional context

No response

Answer 1 · 2024-05-11T17:23:36.000Z

That's related with your vendor, not GSI. On A40, there's no way of having a custom ROM with /data encrypted. Only on stock.

Answer 2 · 2024-08-03T21:52:28.000Z

Finally I had a day to spend time on this.

The solution is to edit /vendor/etc/fstab.exynos file and replace encryptable or fileencryption=ice with fileencryption. Wipe /data and internal storage. Enjoy.

Answer 3 · 2024-08-05T10:26:55.000Z

Finally I had a day to spend time on this.

The solution is to edit /vendor/etc/fstab.exynos file and replace encryption or fileencryption=ice with fileencryption. Wipe /data and internal storage. Enjoy.

Yeah that's the regular procedure, you can use the multidisabler script to help you on that. But my reply is the same, encryption is not possible. That's just a way to workaround it by disabling FBE entirely.

Answer 4 · 2024-08-05T15:55:39.000Z

Yeah that's the regular procedure, you can use the multidisabler script to help you on that. But my reply is the same, encryption is not possible. That's just a way to workaround it by disabling FBE entirely.

WDYM? With the edit I did, I just checked and internal storage is encrypted and /data contents too.

Answer 5 · 2024-08-05T21:28:36.000Z

Yeah that's the regular procedure, you can use the multidisabler script to help you on that. But my reply is the same, encryption is not possible. That's just a way to workaround it by disabling FBE entirely.

WDYM? With the edit I did, I just checked and internal storage is encrypted and /data contents too.

IIRC that change was to force encryption to be filedisk encryption (FDE). But in Android 11, that became deprecated in favor of file-based encryption which I think A40 doesn't support. Most likely we are considering (and forcing) FDE to FBE.

Answer 6 · 2024-08-05T21:46:09.000Z

IIRC that change was to force encryption to be filedisk encryption (FDE). But in Android 11, that became deprecated in favor of file-based encryption which I think A40 doesn't support.

encryptable is FDE. fileencryption is FBE.

A40 used to have fileencryption=ice (FBE) meaning it was using Samsung's proprietary encryption mechanism, but later Samsung had to drop it because it was no longer supported by Android. Interestingly, instead of using official FBE they reverted to FDE.

file-based encryption which I think A40 doesn't support

It does support FBE. Here's proof:

dropdown