SOLUTION to have phone encrypted permanently in an easy way


LOLO9393

Members
Feb 8, 2016
502
82
Hello
I turned around to find a simple and easy way (getting out of fstab hand modifications) to have my phone encrypted for safety reason and my peace of mind.
Thanks to our friend @hellfreezover who led me to the direction I tested.
I took my old MI5 because my MI8SE is already converted with fstab.
SOLUTION:
-I started from a clean install after format data and installed via twrp the latest OFFICIAL global Dev. (must be the same with any other official rom)
- I made all set up (google and Xiaomi that were requested) and encrypted with the phone feature in settings (was written encrypted but not done, you must encrypt again!)
-FDE encrypt was set accordingly with password pin. (MI5 doesn't support FBE, so no alarm and notification in case of reboot)
-I flashed then the latest available eu 8.11.22 rom and I was surprised to find the rom after reboot, perfectly encrypted as much....
-Then went Magisk 18.0 and Host file installed perfectly.
I am satisfied!
 
Last edited:

reb00tz

Members
Jan 1, 2016
12
15
Hi @LOLO9393,

After you flashed EU ROM, wouldn't you need to wipe /data in TWRP? Or is it that you forced TWRP to use rm -fr (via TWRP settings)?
I tried this on a Mi 8 and it did not work:
  • "clean all" MiFlash Global ROM (10.3.2.0)
  • went through entire set up (Google and Xiaomi accounts), setting pattern lock
  • check privacy options and it showed as "encrypted"
  • rebooted to Fast Boot and flashed recovery partition with TWRP
  • rebooted into TWRP (fastboot boot <image>) and set to use rm -fr instead of formatting (prompted to enter pattern lock, showing encryption was working)
  • adb push'd EU ROM (10.3.3.0), then installed .zip
  • went through entire set up (Google and Xiaomi accounts), setting pattern lock
  • privacy options show as "not encrypted"
  • attempting to "encrypt phone" will result in soft brick (i.e. needing to re-flash everything again)
I also tried formatting (instead of rm -fr) and it still gave the same results. I suppose one possible difference is between the Mi 5 and Mi 8...
 
Last edited:

LOLO9393

Members
Feb 8, 2016
502
82
Hi @LOLO9393,

After you flashed EU ROM, wouldn't you need to wipe /data in TWRP? Or is it that you forced TWRP to use rm -fr (via TWRP settings)?
I tried this on a Mi 8 and it did not work:
  • "clean all" MiFlash Global ROM (10.3.2.0)
  • went through entire set up (Google and Xiaomi accounts), setting pattern lock
  • check privacy options and it showed as "encrypted"
  • rebooted to Fast Boot and flashed recovery partition with TWRP
  • rebooted into TWRP (fastboot boot <image>) and set to use rm -fr instead of formatting (prompted to enter pattern lock, showing encryption was working)
  • adb push'd EU ROM (10.3.3.0), then installed .zip
  • went through entire set up (Google and Xiaomi accounts), setting pattern lock
  • privacy options show as "not encrypted"
  • attempting to "encrypt phone" will result in soft brick (i.e. needing to re-flash everything again)
I also tried formatting (instead of rm -fr) and it still gave the same results. I suppose one possible difference is between the Mi 5 and Mi 8...
Sorry, I didn't mention that this is ONLY applicable to old OREO rom. (FDE encrypt and not FBE.)
MI5 is oreo 8.0 rom and will never move to PIE. MI8 is PIE 9.0 so this trick is not applicable.
I don't know when available TWRP for your phone will allow encryption VIA settings/privacy feature......
You can report to the staff here your phone is not normally encryptable at this time and solution has to be found.
Best today solution is to modify Fstab file at every rom update. Not difficult with the available ZIP (fencrypt.zip) at the web.
(just change FSTAB with your own modified as well)
 

reb00tz

Members
Jan 1, 2016
12
15
Sorry, I didn't mention that this is ONLY applicable to old OREO rom. (FDE encrypt and not FBE.)
MI5 is oreo 8.0 rom and will never move to PIE. MI8 is PIE 9.0 so this trick is not applicable.
I don't know when available TWRP for your phone will allow encryption VIA settings/privacy feature......
You can report to the staff here your phone is not normally encryptable at this time and solution has to be found.
Best today solution is to modify Fstab file at every rom update. Not difficult with the available ZIP (fencrypt.zip) at the web.
(just change FSTAB with your own modified as well)
OK, thanks for the information! Don't understand why the default fstab.qcom does not just use FBE though by default.

Searching the forums, it appears that it is a hit-or-miss, with some people reporting GPay works, others not, regardless if GPay/GPServices data cleared, and/or SafetyNet check passed, and/or with/without Magisk/root.