3.3.0.16 rokua *without* encryption?

Darn…I wish I kept my older installation files so I could try it out.

Hopefully, sfos3.4 comes with an opt-out. Anyway, this device encryption with a 5-digit key is just a joke.

1 Like

I’d like to hope too, but there is little hope according what’s written:
Note that it will become mandatory to set up the security code during the initial startup of 3.4.0 (and later). https://jolla.zendesk.com/hc/en-us/articles/360011115540

Okay. So let’s make it clear: unless device encryption becomes serious, i.e. with a true LUKS keyphrase/fingerprint plus an opt-out choice, plus a bug correction to prevent encrypted devices from freezing when some undefined apps or patches are installed, I will stick to the method described above to avoid it.

Otherwise, encryption in its current status is not only a joke but a no-go feature, as it offers false privacy and doesn’t allow the user to keep using the tools he used to be happy with before ‘upgrading’.

1 Like

This.

This.

And this.

There is a way to do this. After flashing you must boot the device to recovery mode, open shell and remove file /var/lib/sailfish-device-encryption/encrypt-home from root partition. With that removed, it won’t create LUKS container for home partition on first boot. I don’t recommend doing this but it is possible to skip the encryption on first boot this way.

6 Likes

Why can’t you recommend it? Are there other flaws except for “not encrypted”?
The SFOS encryption has been decrypted on security fairs within seconds to minutes I read.

Now you are reading a bit too much to that sentence. As far as I know, there aren’t any flaws there. The supported configuration is to encrypt the device, have the security code on and so on. Like with many things you can hack it as much as you like but if it breaks because of that you can keep both parts.

Could you share your source for that?

1 Like

It was in the old sf forum. Someone was on a securety fair and there were hacker specialists from Israel. He gave his device to them and it was decrypted very fast. The only thing they could not access that easily were mediatek phones with locked bootloader from what I remember about that post.

Thanks a lot. All problems my Xp 10 had, even after a fresh flash, are gone that way. (almost) No more device crashes, reboots, stuck screens etc… and it is much, really really much faster that way.
EDIT: sadly it started making me mad again, so it is not the encryption, even if it runs faster. Device became unresponsive again. Pressing off on off on off on off on helps always. Really very very strange, but I freak out because of that.

According to what you have said if I would like to use phone without encryption, then updating Xperia X to 3.4.0.24 is not possible using Sailfish OS UI, as UI OS update client will reboot the phone and activate encryption. If so, which way of updating would you suggest before deleting /var/lib/sailfish-device-encryption/encrypt-home to avoid encryption ? Reflash with 3.4.0.24 or update via terminal?

What is the probability that updates 3.4+n.0.xx will not break or again impose encryption onto the Xperia X?

1 Like

Having or not having encryption doesn’t change anything wrt. that. Updating works in both cases. Remember that there are Xperia X and XA2 devices that don’t have encryption because that wasn’t enabled when they were flashed and their users haven’t encrypted the device afterwards. Updates must work on those devices too.

Probably I had misinterpreted the statement Note that it will become mandatory to set up the security code during the initial startup of 3.4.0 (and later). The initial startup means startup after flashing, but not rebooting after update, doesn’t it? Then no worries to get Xperia X phone with encrypted home folder till we update it, but are not flashing with 3.4.0 or newer OS image.

Setting up the security code during the first start of a device (after flashing or after factory reset) became mandatory. All new devices (Xperia X/XA2/10) have home encryption on by default which makes the security code a must (3.4.0 release notes).

I do not understand about flashing Xperia X with 3.3.0. The encryption is not explicitly mandatory, but in fact it is? I have downloaded and saved 3.3.0 image. Probably I could find 2.1.2, I guess this was the initial released image for Xperia X in the Jolla shop; by the way, four days ago it was three year anniversary of Xperia X actual launch.

So in case my Xperia X fails and I reflash it to another Xperia X, then will the only way not to encrypt be the one described by @tomin?

Unsuccessfully tried to disable encryption according your guide:

There is a way to do this. After flashing you must boot the device to recovery mode, open shell and remove file /var/lib/sailfish-device-encryption/encrypt-home from root partition. With that removed, it won’t create LUKS container for home partition on first boot. I don’t recommend doing this but it is possible to skip the encryption on first boot this way.

Any hints how to disable enbcryption on freshly intalled Sailfish OS Kvarken on XA2?

could you describe, what you have done?

I know nothing about systemd, sorry.

in /usr/share/sailfish-device-encryption/home-encryption-finish.sh - at the of the file:

-# If encryption finished, remove marker file
[ -s /etc/crypttab ] && rm -f /var/lib/sailfish-device-encryption/encrypt-home

So, I would say, it could work, like tomin wrote before.

There is not really a flash-config for this, but you could try to make your own.
$ file sailfish.img001
sailfish.img001: Android sparse image, version: 1.0, Total of 464363 4096-byte output blocks in 995 input chunks.

As tomin have written I tried to rm var/lib/sailfish-device-encryption/encrypt-home before booting to Sailfish for the first time. But there were no such file while I was in the shell. Could it be the access is restricted or it is not created befote the first boot?

When you tried it, you were sure your path was correct? var/… and /var/… is a difference.
I do not know the recovery, but maybe it is on a different mountpoint, for example target_root/var… Please try it again.

Possibly too little experience I have in Linux terminal. I can not get to the path specified. (though yesterday I saw the particular file in palticular place in file browser while in working SFOS; afterwards I reverted to Android and reinstalled Sailfish, as I’d like to run phone without encryption).

attempt
It seems there is no difference (according ls command either cd var or cd /var goes to the same place)
As well rm command from both places (/ # and ~ #) does not find neither var nor /var.