This is to announce 4.2.0.21 SFOS update for Xperia Tama devices: XZ2, XZ2c, and XZ3. Please read release notes and description below before update.
This release introduces support for encryption based on open source implementation. When compared to the official implementation, the open source implementation allows greater flexibility in used encryption passwords, including hardware assisted solutions. When using encryption, you are encouraged to use hardware keystore backed LUKS password which should greatly hinder brute-force attack attempts.
While OTA is possible from the earlier release, it is recommended to reflash the device to enable encryption from the start.
As storage configuration has been altered, note that it is highly recommended to have backup of the data that you have on device.
As always, early adopters please report how it went. For those wishing to be on the safer side, wait till more users would have a chance to test the release.
Edit: Note that after encrypting your device and setting up the system/software, it is recommended to make a copy of encryption recovery password and remove the copy from device. Use System Settings/Encryption (Community) for it.
update was fine for me… unfortunately my xz2c os not my daily driver atm, because the touchscreen is behaving weird (too much sensivity?). thanks anyways!
before aarch64, it worked like a charm! it is not the ghost input, which happened once to me. when i try to write text, i get the letters 2 or 3 times. i guess input delay is a milisecond too long or cpu is too busy, it changes approx. every 10 or 20 seconds between normal behaviour and this impssible to write a text thing…
That type of hyper-sensitivity was exactly what I had on that few occasions. I think it happened early in AOSP10/aarch64 transition (xz2c is my development device).
As you have it sitting without use, try to flash AOSP9/arm32 based latest SFOS release and see if everything is OK there. If it is, try to flash Sony Stock Android and update to the latest version. Boot and try to use Android to check if there is no hyper-sensitivity there. Latest Stock Android should also get modem and maybe something else updated. Next, try SFOS/AOSP10/aarch64 again. Let’s see if you could reproduce the bug.
If it is still reproducible after Sony Stock Android reflash, I will ask if any of Sony AOSP devs can recall similar issue in AOSP10.
PS Before this extensive testing - I wonder if it is related to some issue that Jolla had with the screen initialization on Xperia 10 II. To overcome it they show splashscreen. I wonder, if you enable storage encryption whether that splash screen like interaction will help.
went to latest android before aarch64, like you advised. have there been any changes since your alpha release? may be i will give a reflah a try, but i think it is some tweak with the gouverneur you fixed locally on your device, which is not included in the ota…
All the changes should be there in the latest OTA as well. This includes updates to AOSP10 bits and zgovernor tweaks - I shouldn’t have anything specific locally as I check once in a while with reflash of dev device.
Reflashing went smoother than when i reflashed from AOSP9 to AOSP10. The flash script didn’t complain.
Its slightly annoying that you have to use one password to unencrypt the phone (yes you don’t do that often since its rock solid stable) and use a security code for all the other stuff but i can live with that.
Oh. And the unencrypt keyboard seems to have no haptic or aural feedback.
Having different password for encryption from your PIN is just better for security. And indeed, may issue is that you use LUKS unlocking password rarely - so make sure you don’t forget it
As for keyboard without haptics and sound - yes, it is separate keyboard implemented specifically for that GUI only. It is not system keyboard that we use later when system is booted - no Maliit here. I am not sure I have even access to haptics and sounds at that boot stage.
@rinigus a possibly stupid question. If in the future sailfish os moves to systemd-homed (and alphanumeric passwords) can your encryption implementation of home be migrated to it?
I don’t know, there are just too many open questions with it. I have no idea whether systemd-homed is in pipeline for starters.
Now, the beauty in our implementation is the use of android keystore to generate LUKS password. In practice, it generates rather long password (see example at the bottom of https://github.com/sailfishos-open/hwcrypt). Which means that even your 123456 password has to be guessed on device. As guess frequency is limited to once in 3 seconds, it may take some time to break it.
I am sure systemd will not have android keystore backing, unless we add it. Don’t know how difficult it is, systemd devs haven’t done it properly for TPM yet either.
But, if we do move to systemd-homed, many parts can be reused. the password dialog that you get is implemented as systemd-ask-password responder, for example. then some scripts can be probably adjusted to pipe user reply through hwcrypt. But as for rest, I don’t know.
For those using Presage-based predictive keyboard: please update to the latest release available via Chum. Jolla has changed internals of the keyboard in SFOS 4.2 and it required changes in open-source solution as well.
Thanks Rinigus for this upgrade! I updated by ota with no problems, it took about 15 mins. Everything seems fine…except when using usb tethering, connecting the cable usually causes a reboot. This happened also on sfos 4.1., xz2c. Maybe I can work round this by selecting usb default as ‘internet connection’ and attaching the cable before activating the hotspot? I’ll try later on…Edit: works ok if I attach cable before starting hotspot.
