Now you are reading a bit too much to that sentence. As far as I know, there aren’t any flaws there. The supported configuration is to encrypt the device, have the security code on and so on. Like with many things you can hack it as much as you like but if it breaks because of that you can keep both parts.
Could you share your source for that?
It was in the old sf forum. Someone was on a securety fair and there were hacker specialists from Israel. He gave his device to them and it was decrypted very fast. The only thing they could not access that easily were mediatek phones with locked bootloader from what I remember about that post.
Thanks a lot. All problems my Xp 10 had, even after a fresh flash, are gone that way. (almost) No more device crashes, reboots, stuck screens etc… and it is much, really really much faster that way.
EDIT: sadly it started making me mad again, so it is not the encryption, even if it runs faster. Device became unresponsive again. Pressing off on off on off on off on helps always. Really very very strange, but I freak out because of that.
According to what you have said if I would like to use phone without encryption, then updating Xperia X to 3.4.0.24 is not possible using Sailfish OS UI, as UI OS update client will reboot the phone and activate encryption. If so, which way of updating would you suggest before deleting /var/lib/sailfish-device-encryption/encrypt-home to avoid encryption ? Reflash with 3.4.0.24 or update via terminal?
What is the probability that updates 3.4+n.0.xx will not break or again impose encryption onto the Xperia X?
Having or not having encryption doesn’t change anything wrt. that. Updating works in both cases. Remember that there are Xperia X and XA2 devices that don’t have encryption because that wasn’t enabled when they were flashed and their users haven’t encrypted the device afterwards. Updates must work on those devices too.
Probably I had misinterpreted the statement Note that it will become mandatory to set up the security code during the initial startup of 3.4.0 (and later). The initial startup means startup after flashing, but not rebooting after update, doesn’t it? Then no worries to get Xperia X phone with encrypted home folder till we update it, but are not flashing with 3.4.0 or newer OS image.
Setting up the security code during the first start of a device (after flashing or after factory reset) became mandatory. All new devices (Xperia X/XA2/10) have home encryption on by default which makes the security code a must (3.4.0 release notes).
I do not understand about flashing Xperia X with 3.3.0. The encryption is not explicitly mandatory, but in fact it is? I have downloaded and saved 3.3.0 image. Probably I could find 2.1.2, I guess this was the initial released image for Xperia X in the Jolla shop; by the way, four days ago it was three year anniversary of Xperia X actual launch.
So in case my Xperia X fails and I reflash it to another Xperia X, then will the only way not to encrypt be the one described by @tomin?
Unsuccessfully tried to disable encryption according your guide:
There is a way to do this. After flashing you must boot the device to recovery mode, open shell and remove file /var/lib/sailfish-device-encryption/encrypt-home from root partition. With that removed, it won’t create LUKS container for home partition on first boot. I don’t recommend doing this but it is possible to skip the encryption on first boot this way.
Any hints how to disable enbcryption on freshly intalled Sailfish OS Kvarken on XA2?
could you describe, what you have done?
I know nothing about systemd, sorry.
in /usr/share/sailfish-device-encryption/home-encryption-finish.sh - at the of the file:
…
-# If encryption finished, remove marker file
[ -s /etc/crypttab ] && rm -f /var/lib/sailfish-device-encryption/encrypt-home
So, I would say, it could work, like tomin wrote before.
There is not really a flash-config for this, but you could try to make your own.
$ file sailfish.img001
sailfish.img001: Android sparse image, version: 1.0, Total of 464363 4096-byte output blocks in 995 input chunks.
As tomin have written I tried to rm var/lib/sailfish-device-encryption/encrypt-home before booting to Sailfish for the first time. But there were no such file while I was in the shell. Could it be the access is restricted or it is not created befote the first boot?
When you tried it, you were sure your path was correct? var/… and /var/… is a difference.
I do not know the recovery, but maybe it is on a different mountpoint, for example target_root/var… Please try it again.
Possibly too little experience I have in Linux terminal. I can not get to the path specified. (though yesterday I saw the particular file in palticular place in file browser while in working SFOS; afterwards I reverted to Android and reinstalled Sailfish, as I’d like to run phone without encryption).
It seems there is no difference (according ls command either cd var or cd /var goes to the same place)
As well rm command from both places (/ # and ~ #) does not find neither var nor /var.
Please take a look here.
You first need to mount the real /var as the /var you see seems to be the recovery one only. And there is no actual file of your running SFOS.
(that LS var and ls /var yield same output may be related to be in the root folder / ;))
Thank you. I’ll try. There was a message about not being able to mount logical volume, just after loading shell.
The lvm issues are discussed in community Sailfish X installation guide too; in the part about expanding root partition, but I have not dived into it.
yesterday i got my new, old testing phone, so i gave it a try. And it worked. Dont know, if somebody really want not to encrypt the home, whatever.
[root@XperiaXA2 defaultuser]# df -hT | grep home
/dev/mapper/sailfish-home ext4 17.3G 50.5M 17.1G 0% /home
[root@XperiaXA2 defaultuser]# blkid | grep home
/dev/mapper/sailfish-home: LABEL=“home” UUID=“12345…” TYPE=“ext4”
After new flashing the image, boot immediately in recovery mode!
$ telnet 10.42.66.66
(3) shell
-# mount /dev/mapper/sailfish-root /mnt
-# rm /mnt/var/lib/sailfish-device-encryption/encrypt-home
-# exit
reboot
Yes, it worked after several attempts. Apparently there is no need to change logical volume attributes, as command lvm lvchange -ay (nor lvm lvchange -a y) had not worked. To mount the volume was sufficient as tombln described above.
Unfortunately, my Xperia X has no such file after flashing.
/ #
/ # cd /var/lib
sh: cd: can’t cd to /var/lib: No such file or directory
Confirmed working perfectly while installing sfos 4.4 on XA2.
Thanks A LOT!
I tried too and it also worked on an XA2.