[RedMi Go] [Oreo] Decryption Unsuccessful after device powered off and boot

[wangpy]

1. After flashing GSI and completed first boot, powering off the device then powering on causes device show "Decryption Unsuccessful" and the device is forced to do factory reset.
2. Restarting the device works and "Decryption Unsuccessful" does not occur.
3. This also happens on Asus Zenfone Live L1 (ZA-550KL) and Nokia 2.1 (E2M). One common thing is these devices are all using SD425 SoC.
4. This only happens on Oreo GSI (tested PhhTreble GSI built from android-8.1.0_r63) but not on Pie GSI (tested PhhTreble GSI built from android-9.0.0_r35)

I observed some related log about this issue:

01-02 12:16:32.574 I/Cryptfs (  470): Password matches                                                                        
01-02 12:16:32.575 D/Cryptfs (  470): test_mount_encrypted_fs(): Master key saved                                             
01-02 12:16:32.577 D/Cryptfs (  470): Password is default - restarting filesystem                                             
01-02 12:16:32.577 D/Cryptfs (  470): unmounting /data succeeded                                                              
01-02 12:16:32.578 I/vold    (  470): [libfs_mgr]Running /system/bin/fsck.f2fs -a /dev/block/dm-0                             
01-02 12:16:32.730 I/vold    (  470): [libfs_mgr]__mount(source=/dev/block/dm-0,target=/data,type=f2fs)=-1: No such file or directory                                                                                                                       
01-02 12:16:32.730 I/vold    (  470): [libfs_mgr]Running /system/bin/fsck.f2fs -a /dev/block/dm-0                             
01-02 12:16:32.886 I/vold    (  470): [libfs_mgr]__mount(source=/dev/block/dm-0,target=/data,type=f2fs)=-1: No such file or directory                                                                                                                       
01-02 12:16:32.886 E/vold    (  470): [libfs_mgr]Cannot mount filesystem on /dev/block/dm-0 at /data: No such file or directory                                                                                                                             
01-02 12:16:32.886 E/Cryptfs (  470): Failed to mount decrypted data                                                          
01-02 12:16:32.892 I/Cryptfs (  470): Started framework to offer wipe

[wangpy]

Looked into this issue and found out there is a library file /system/lib/libcryptfs_hw.so in stock ROM. In LineageOS there is cryptfs_hw module: https://github.com/LineageOS/android_vendor_qcom_opensource_cryptfs_hw

The problem becomes how to put it into codebase (looks like it needs kernel headers to compile) and patch vold to support it (with macro CONFIG_HW_DISK_ENCRYPTION). https://github.com/LineageOS/android_system_vold/blob/lineage-16.0/cryptfs.cpp

[wangpy]

Just a testing for verifying my assumption, but found out following steps fixes the issue after flashing GSI:

1. copying following files from stock ROM and put into device system partition after flashing GSI

   /system/lib/libcryptfs_hw.so
   /system/lib/libext2fs.so
   /system/lib/libf2fs_sparseblock.so
   /system/bin/vold
   /system/bin/resize.f2fs
   /system/bin/fsck.f2fs
   /system/bin/make_f2fs
   /system/bin/setup_fs
   /system/bin/sload_f2fs

2. flashing cache / userdata from stock ROM image. If this is not done, vold will not be able to perform FS encryption successfully (it will have the following log:

   01-06 01:27:50.999 E/Cryptfs (  474): Bad magic for real block device /dev/block/bootdevice/by-name/userdata
   01-06 01:27:51.002 E/Cryptfs (  474): Not a valid ext4 superblock
   01-06 01:27:51.007 E/Cryptfs (  474): Orig filesystem overlaps crypto footer region.  Cannot encrypt in place.
   01-06 01:27:51.151 E/Cryptfs (  474): Bad magic for real block device /dev/block/bootdevice/by-name/userdata
   01-06 01:27:51.151 E/Cryptfs (  474): Not a valid ext4 superblock
   01-06 01:27:51.151 E/Cryptfs (  474): Orig filesystem overlaps crypto footer region.  Cannot encrypt in place.

[phhusson]

Sounds like 2. is your real issue no? The issue sounds like you formated with fastboot rather than stock recovery

Le mar. 7 mai 2019 à 14:45, Brian Wang notifications@github.com a écrit :

Just a testing for verifying my assumption, but found out following steps fixes the issue after flashing GSI:

1. copying following files from stock ROM and put into system partition after flashing GSI

/system/lib/libcryptfs_hw.so /system/lib/libext2fs.so /system/lib/libf2fs_sparseblock.so /system/bin/vold /system/bin/resize.f2fs /system/bin/fsck.f2fs /system/bin/make_f2fs /system/bin/resize.f2fs /system/bin/setup_fs /system/bin/sload_f2fs

1. flashing cache / userdata from stock ROM image. If this is not done, vold will not be able to perform FS encryption successfully (it will have the following log:

01-06 01:27:50.999 E/Cryptfs ( 474): Bad magic for real block device /dev/block/bootdevice/by-name/userdata 01-06 01:27:51.002 E/Cryptfs ( 474): Not a valid ext4 superblock 01-06 01:27:51.007 E/Cryptfs ( 474): Orig filesystem overlaps crypto footer region. Cannot encrypt in place. 01-06 01:27:51.151 E/Cryptfs ( 474): Bad magic for real block device /dev/block/bootdevice/by-name/userdata 01-06 01:27:51.151 E/Cryptfs ( 474): Not a valid ext4 superblock 01-06 01:27:51.151 E/Cryptfs ( 474): Orig filesystem overlaps crypto footer region. Cannot encrypt in place.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/508#issuecomment-490064169, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAA4OR7I3PT5ZQ3T3QSZ4LPUF2YLANCNFSM4HLETAZA .

[wangpy]

Hello phhusson,

Only doing (2) does not help. Without (1), even with (2) the device still has the issue:

a. It will show "encryption unsuccessful" after fastboot flashing and reboot. Clicking "reset phone" reboots into recovery to wipe data. (It should be the stock recovery formatting you mean) b. After recovery erased the data, the phone boots into the OS. However, it still shows "Decryption Unsuccessful" after powering off then on again.

I think the root cause is the OS can not encrypt and decrypt userdata partition correctly without the correct binaries (f2fs tools) and vold does not support QCOM cryptfs_hw operations.

[phhusson]

GSI doesn't need to support Qualcomm's encryption, it will just use simple ("software AES") encryption

Le mar. 7 mai 2019 à 15:38, Brian Wang notifications@github.com a écrit :

Hello phhusson,

Only doing (2) does not help. Without (1), even with (2) the device still has the issue:

a. It will show "encryption unsuccessful" after fastboot flashing and reboot. Clicking "reset phone" reboots into recovery to wipe data. (It should be the stock recovery formatting you mean) b. After recovery erased the data, the phone boots into the OS. However, it still shows "Decryption Unsuccessful" after powering off then on again.

I think the root cause is the OS can not encrypt and decrypt userdata partition correctly without the correct binaries (f2fs tools) and vold does not support QCOM cryptfs_hw operations.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/508#issuecomment-490083543, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAA4OUXEYLW6OGCGN4UDXDPUGA6VANCNFSM4HLETAZA .

[wangpy]

OK. But the default encryption doesn't seem to be able to decrypt this device successfully after powering off then on again. Could you please advise on this?

I tried entering stock recovery and perform "wipe data / factory reset" and "wipe cache" after flashing, and the "Decryption Unsuccessful" issue persists.

[phhusson]

You're saying you're copying /system/bin/fsck.f2fs from stock rom, does it mean your GSI doesn't have it? (because my GSI does have it)

[wangpy]

My GSI does have fsck.f2fs too (I should have mentioned it), but all other f2fs related binaries are missing, so I just also copied it as well just to avoid any possible incosistencies. I can try to keep fsck.f2fs as the GSI one and see if things still work.

2019年5月7日(火) 22:08 Pierre-Hugues HUSSON notifications@github.com:

You're saying you're copying /system/bin/fsck.f2fs from stock rom, does it mean your GSI doesn't have it? (because my GSI does have it)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/phhusson/treble_experimentations/issues/508#issuecomment-490095520, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAX4A56XPQAW4ZIZUCU56DPUGEOZANCNFSM4HLETAZA .

[phhusson]

Ok so 01-02 12:16:32.730 I/vold ( 470): [libfs_mgr]__mount(source=/dev/block/dm-0,target=/data,type=f2fs)=-1: No such file or directory is not because of this.

Could you strace vold when entering password?

[wangpy]

Hello phhusson, I will try to do the strace and provide the logs. It might take some time for me to do it.

By the way, just FYI, we had encountered Pie GSI unable to boot on Redmi Go with stock Oreo recently (it was bootable but not anymore). I just checked and found the same log Orig filesystem overlaps crypto footer region. Cannot encrypt in place. indeed appeared in the log and besides flashing stock userdata and cache images, I found doing wipes in stock recovery can also fix the problem to make Pie GSI boot (but not working for Oreo GSI).

[phhusson]

fwiw I received a redmi go, I should be able to check that issue in depth tomorrow.

[phhusson]

I couldn't reproduce the issue on redmi go on https://github.com/phhusson/treble_experimentations/releases/download/v31/system-arm-aonly-go-su.img.xz

I tried without password, with password on both FDE and not-FDE, boots fine in both cases

[wangpy]

Hello @phhusson,

I tried the v31 image (both system-arm-aonly-go-su.img and system-arm-aonly-vanilla-nosu.img) and confirmed that the issue doesn't occur on these images.

Let's close this issue. Thanks!

[wangpy]

Just a note: The issue still happens on ASUS Zenfone Live L1 (ZA-550KL). The only thing I can tell is this device's vendor SPL is older (Nov 2018 with its latest official update for Go devices) however it is not the main concerned device of this issue.

[olives789]

hello dear sir @phhusson EDIT: the problem was solved thanks to proganime1200 !!!! please if i may raise the topic again, the issue still happens to me with v31 on Xiaomi Redmi Go these are the steps that make it happen for me:

1. using miFlash tool I flashed the global version V10.2.6.0.OCLMIXM. both critical unlock and oem unlock are 'true' and i selected the flashing script that doesn't lock them. when the phone booted after this flashing, i did not update the phone with the available update because flashing the gsi over the 10.2.7 version from the update ended up for me with decryption and then encryption problem from the first boot so i wouldn't even be able to boot it once if i had updated. there is a newer update for the global version after 10.2.7 but i wasn't able to install it at the time i tried 10.2.7 because of a verification problem that i didnt understand. so right now in step 1 the phone is booted with 10.2.6 global.
2. right from the start screen without any setup, i rebooted and went to the bootloader. i erased the recovery and flashed twrp from https://forum.xda-developers.com/android/development/redmi-aosp-9-t3922192 then i flashed the go-su v31 aosp 8.1 from fastboot. (i downloaded the gsi to my computer again and checked the md5 sums of both files and they were identical). i rebooted from fastboot.
3. there was a request for a password during boot. i put a password of five digits and then i got the decryption related messages that said that the password was correct but the data is corrupt.
4. i selected the reset option that showed there and when the phone rebooted i held down the volume down key so the phone went into fastboot. then i typed fastboot boot recovery.img (this is stock recovery, i am not sure which version of it). the phone then booted into the recovery and for a moment said erasing and then rebooted and aosp booted fine.
5. i shut down the phone and then turned it on again and there was the problem of decryption again. i did the same with selecting reset and immediately going into fastboot and booting into the stock recovery to let it reset and it worked again. then after it booted i shut down and turned on and the same happened lol :D so this is how to make it happen maybe i did something wrong idk, sorry if i missed anything thank you very much!!!!!! :)

[proganime1200]

use this twrp https://forum.xda-developers.com/android/development/recovery-twrp-3-3-0-redmi-t3929282 you missed everthing if you want to go back to stock us it to wipe not reset and to make the decryption work use the stock recovery but dont forgeet to wipe using the twrp

[olives789]

@proganime1200 thank you so much!!!!!!!!! it solved the problem thank you!!! :) :)

[TheNextGamer21]

This happened to me and it is soo easy to fix

Just enter these commands in fastboot (only for qualcomm) fastboot erase cache fastboot erase userdata This happens only for custom roms and not GSIs on top of the stock rom