I wish Jolla can do something about the possibility of disable the device lock so dont need to reinstall for Xperia phones

howcan I getreed of the device lock in settings. I had install it once but I cant get reed of it now.

1 Like

this link or ?
https://jolla.zendesk.com/hc/en-us/articles/201440487-What-are-the-Device-Lock-and-Security-code-

1 Like

It seems that we cant get reed of it ones we have install it. That could be something to be change in futures updates?

i am not sure i understand what you mean.
settings -> device lock settings …

tap on user security code and should be disabled ?

longpress on fingerprint will remove fingerprint

what is missing ?

@pawel.spoon I have made a lock and now I cant get reed of it.

settings/ device lock-- change security code so no possible to tap user security code

?!

tip on the ‘User security code’ check box (the light bulb)
then you need to confirm with security code and you are done

I cant see that User security code that youi say

Like I said before. I have to reinstall the OS to be able to do it. So hope that Jolla change this in the future

Jolla says that Xperia phones doesnt have it. Hope that can be change in the future.

Actually, I have just done what Jolla says to do , reinstalling the last image, and the device lock is still asked before been able to use the phone??

which device are u using??

ups you were right:

the picture above was a volla phone with 3.4

on my experia 10 with 4.0 it looks as on your phone

1 Like

For all Xperias the device lock is now mandatory (due to encryption of /home) and cannot be circumvented since version 3.3.0.16, when flashed with this or higher.
(Afair for the X10 it was then from the beginning?)

So for X and XA2 you need to flash SFOS 3.2.1.20 (or lesser) and then update OTA. This is the only way you can achieve not having device encrypted and not using a device lock code.

Yes I know that, but you can choose if you wanna or not ti have a code for it.
And how can I downgrade to 3.2.1.20?? it is not easy, isnt?

I think it will be awesome to decide if you wanna have or not the code longer, eventhough the encryption is there.

tl;dr: What you’re asking unfortunately is not possible since that’s not how encryption works.

About the lock code

There’s a reason why you’re required to use a lock code when having an encrypted device*:
When installing a security door on your house, it’s of no use if you leave that door unlocked or with the key in the keyhole.
Since your storage gets unlocked when booting the phone, the only time your data would be protected without a display lock code would be when it’s turned off.

* At  least as far as I understand. Hopefully I'm not missing some aspect about this.

About the possibility to ‘disable’ encryption

When researching the encryption technology involved (in case of Sailfish OS, this is LUKS), and setup options there’s mention of a detached header: Simply put it stores the key necessary to decrypt your data on an external device (e.g. USB flash drive). You can read up all about it on this Medium article.

The point in case: Sailfish stores the decryption key for LUKS on device. I don’t know the details (haven’t enabled encryption yet) but supposedly with an encrypted boot partition (cf. ‘Gold Solution’ on the article mentioned above).
What this means: Decrypting on-device is very difficult and extremely volatile to data loss. Take, for example this warning from the related entry on the Arch Wiki

Note: As of 2020, and version 2.3.3, when using cryptsetup to decrypt a LUKS2 block device the program requires you to provide a LUKS --header file. If you do not use the “detached header” feature of LUKS, and naively try to pass the block device itself (which contains a LUKS2 header) as the subject of the --header, cryptsetup will accept this and go ahead with alleged decryption. Afterwards the block device will show up as a LUKS2 device with no key-slots, and YOUR DATA WILL BE LOST. If you try to use cryptsetup luksHeaderBackup as the header file used with --header , YOUR DATA WILL BE LOST. If you try to restore a backed-up header after this faulty decryption, YOUR DATA WILL STILL BE LOST.

=> Assumption: There is no detached header available for the LUKS setup of Sailfish OS. Thus, there is technically no possibility to undo encryption on device. Reflashing is needed.

A possible workaround

There seems to be a work-around to avoid mandatory encryption:

On a philosophical note

Security and comfort most of the time are - especially in the context of information technology - mutually exclusive. The guys from Open Whisper Systems have done a fantastic job and some enormous effort to create such a comfortable app as Signal has become.

Maybe it’s good to keep this in mind. Unrealistic expectations with this can quickly lead to frustration - although from a technical perspective everything is working as it should

3 Likes

I have reflash, and still is asking me for the code in the first boot. So reflasing hasnt workfor me.

Did you read my post?
Or seen the link in rozgwi’s post above?

And it would help to help you telling us which device you have and which version you flash.