Phone Encryption not working with the EU ROM.


Jeff88

Members
Dec 13, 2019
25
5
Hi,
Did someone manage to encrypt their Max 3 with the "Xiaomi (EU) ROM (MIUI 11.1 9.12.12)" and "Orange Fox R10.0 (Nitrogen)"? I tried it and after, i entered the password to encrypt the phone, it goes imminently back to the main encryption menu. i even disabled the Force Remove Encryption in "Orange Fox" and re-flashed it, but no luck.
 
  • Like
Reactions: MiMix2s8gb
Hi,
Did someone manage to encrypt their Max 3 with the "Xiaomi (EU) ROM (MIUI 11.1 9.12.12)" and "Orange Fox R10.0 (Nitrogen)"? I tried it and after, i entered the password to encrypt the phone, it goes imminently back to the main encryption menu. i even disabled the Force Remove Encryption in "Orange Fox" and re-flashed it, but no luck.
In these day eu rom will encrypt at install. If TWRP is up to date.
No more need to encrypt via settings.
I see you are on stable release, it may be different from eu weekly.
 
And how and what should i modify to get this to work?
I also tried this below, but that bricked my phone and i had to fastboot reinstall the Global ROM.
Code:
Edit "/system/vendor/etc/fstab.qcom" then change "[...] /data [...] encryptable=ice,quota" to "[...] fileencryption=ice,quota"
 
After playing around to find a solution for this mess. The phone wont even encrypt now anymore even when i use the fastboot to flash the latest Global ROM. And the funny thing is, in the Android settings it says that the phone is encrypted but it's not because i can see all the data files with the TWRP without entering a password. With all this encryption problems i have no trust anymore in the Android encryption.
 
After playing around to find a solution for this mess. The phone wont even encrypt now anymore even when i use the fastboot to flash the latest Global ROM. And the funny thing is, in the Android settings it says that the phone is encrypted but it's not because i can see all the data files with the TWRP without entering a password. With all this encryption problems i have no trust anymore in the Android encryption.
- You get back encryption if you flash official fastboot rom via Miflash.
- Then it is upon your twrp to do it or not.
- You are getting encryption back by modifying your own Fstab file by hand. you can do it via TWRP file explorer.
- There are zip that does the job for us. Just change Fstab with your own.
- I am doing it for one year on the MI8 SE.
At last you get a TWRP that encrypt well at the first time. A wish...
 
I did use the Miflash and flashed the official fastboot rom. But i don't get the encryption back.
And what do you mean with "There are zip that does the job for us."
 
I did use the Miflash and flashed the official fastboot rom. But i don't get the encryption back.
- At this step you are encrypted but surely opening Orange TWRP you see the files decrypted because it is done automatically. (i don't use orange twrp)
And what do you mean with "There are zip that does the job for us."
- It's a zip you install after every rom update in order to encrypt. '('called: forceencrypt. zip) it holds your modified fstab and the direction for install.
- Before going this extremity you must understand some more about your situation.
May be somebody else know this issue.
 
I found the problem. Normally you have an option in Android called "Secure Startup" to enable this, but in MIUI you have to do this:
Go to "Settings" - "About phone" and tap "MIUI version" 7 times to switch on "Developer options".
Next go to "Additional settings" - "Developer options" - "Encrypt device using Lock screen password" .
Now everything works like it should.
 
Last edited:
I found the problem. Normally you have an option in Android called "Secure Startup" to enable this, but in MIUI you have to do this:
Go to "Settings" - "About phone" and tap "MIUI version" 7 times to switch on "Developer options".
Next go to "Additional settings" - "Developer options" - "Encrypt device using Lock screen password" .
Now everything works like it should.


In my Mi Max 3 is 11.0.3.0 PEDCNXM EU (stable) ROM and Developer options are enabled. I cannot find "Encrypt device using Lock screen password" in it.
 
I found the problem. Normally you have an option in Android called "Secure Startup" to enable this, but in MIUI you have to do this:
Go to "Settings" - "About phone" and tap "MIUI version" 7 times to switch on "Developer options".
Next go to "Additional settings" - "Developer options" - "Encrypt device using Lock screen password" .
Now everything works like it should.
Great!
I am following your quest and I have reset my old MI8 SE (that has the same encryption issue like your phone) in order to make it encrypted as well.
- Installed latest 9.12.19 eu and latest TWRP. This doesnt encrypt by settings tool, just stuck at logo and leads to format data. ( no surprise here)
- I've found the additional setting you mention at the bottom dev option list but it stays greyed and doesn't act.
(tested several time, with or without setting Password).
- Tested forceencrypt.zip previously working on Android9 but fail to encrypt...
No I have to learn how to manipulate fstab stuf on Android 10 because they have been some chance since.
Conclusion: no any phone is equal with custom rom/twrp.
Merry Chrismas
 
  • Like
Reactions: Jeff88
it is bottom list. last item.

Correct - it' s there. I overlooked it as that option is grayed in my phone. I tried now to activate it, but I failed.
27780
 
In my Mi Max 3 is 11.0.3.0 PEDCNXM EU (stable) ROM and Developer options are enabled. I cannot find "Encrypt device using Lock screen password" in it.
This option will only appear if the phone is not encrypted.
 
You can only enable this option if you phone is also encrypted at "Settings -> Passwords & security -> Privacy -> Encryption & credentials -> Encrypt phone".
Fine.
But in my case if I "encrypt" this way it never ends and direct to format data in order to restart. '('without encryption done).
I am modifying fstab.qcom, for test, by now. Because I want encryption working and I need to understand.
 
Fine.
But in my case if I "encrypt" this way it never ends and direct to format data in order to restart. '('without encryption done).
I am modifying fstab.qcom, for test, by now. Because I want encryption working and I need to understand.

Similar situation here.
If I try to go to "Settings -> Passwords & security -> Privacy -> Encryption & credentials -> Encrypt phone" , I click to encrypt, it asks my password, but it does nothing. It goes back to the encrypt phone option.

If I go to "Additional Settings -> Developer Settings ->" the option for "Encrypt device using Lock Screen password" is not available. It is grayed out as not available to enable.

I´m using Mi 8 with MIUI 11.1 weekly xiaomi.eu 9.12.19


I´m also trying to understand if this is a current limitation, bug or anything else in MIUI 11 and MI 8 . And also trying to understand how to fix it, if possible.

I used another application for company email that did not recquired encryption. Now that company moved to Microsoft Intune Company Portal, I can´t have it working due to encryption being mandatory.
 
Correct - it' s there. I overlooked it as that option is grayed in my phone. I tried now to activate it, but I failed.View attachment 27780
Have you done something in order to encrypt.
Keep in the loop, I am testing fstab modification on android 10.
I have a MI8 SE for test purpose and I was able to encrypt.
But I need to check what the result is when updating the rom. Getting new 9.12.26 now.
stay tuned.
 
Last edited:
Similar situation here.
If I try to go to "Settings -> Passwords & security -> Privacy -> Encryption & credentials -> Encrypt phone" , I click to encrypt, it asks my password, but it does nothing. It goes back to the encrypt phone option.

If I go to "Additional Settings -> Developer Settings ->" the option for "Encrypt device using Lock Screen password" is not available. It is grayed out as not available to enable.

I´m using Mi 8 with MIUI 11.1 weekly xiaomi.eu 9.12.19


I´m also trying to understand if this is a current limitation, bug or anything else in MIUI 11 and MI 8 . And also trying to understand how to fix it, if possible.

I used another application for company email that did not recquired encryption. Now that company moved to Microsoft Intune Company Portal, I can´t have it working due to encryption being mandatory.
I think we have a solution, but it starts from a clean install if you can afford to do it on your phone.
 
  • Like
Reactions: erick314
Previous solution to encrypt via fstab file that was well operating on android 9 and needed to be checked with android 10.
Solution is qualified again. tested on MI8 SE.
It needs is for maximum security to be done from clean install '(format all) in order to avoid non reliable result. (I started from this point)
But should work following a rom update or reflashing the same version. (Checked both OK)
I did a lot of tests modifying file by hand and then I rebuilt my previous forceencrypt.zip that is more comfortable to use than hand modification.
You have to extract Fstab.qcom from your vendor/etc folder and modify "encryptable=ice" with"fileencryption=ice" and place it the attached zip file. (rename attachment to.zip)
It MUST flashed along with the rom or after if the rom doesn't boot.
Once installed weekly update will no more be a problem to install encryption done at install.
 

Attachments

  • forceencrypt(mi8se).txt
    370.3 KB · Views: 613
I think we have a solution, but it starts from a clean install if you can afford to do it on your phone.
Not a problem for me.
I can backup the main files that I need and copy it back again if needed.

Sorry for the question, but I saw also your post soon after.
So should I go back for a fresh new install? Newer 9.12.26 is just available now for my Mi8. I could download it. But I'm not sure about the steps.
 
Not a problem for me.
I can backup the main files that I need and copy it back again if needed.

Sorry for the question, but I saw also your post soon after.
So should I go back for a fresh new install? Newer 9.12.26 is just available now for my Mi8. I could download it. But I'm not sure about the steps.
You can try without fresh install. just flash the zip and check if rom reboot well and is encrypted.
Coming back to twrp should also ask your password pin to unlock.
In case that fail you should turn back to format all for clean install.
my guess should go fine first trial if fstab is well modified.
EDIT:
If you flash forceencrypt.zip SEPARATELY from a rom you must MOUNT vendor partition before!
 
Last edited:
  • Like
Reactions: erick314