Log In

TWRP implementa la criptazione dei dati di Qualcomm

TWRP è una delle più famose custom recovery create per tantissimi devices Android e da poco ha annunciato che ha implementato su OnePlus One la criptazione dei dati.

Questa funzione è stata introdotta da Qualcomm per permette di mantenere al sicuro tutti i dati presenti sul device sfruttando la tecnologia hardware dello smartphone, in particolare del processore, e da poco è stata introdotta sulla TWRP in modo da dare la possibilità agli utenti di utilizzare questa recovery per provare ogni custom rom mantenendo tutte le funzioni di protezione.

Ecco il comunicato ufficiale dato su Google+:

TWRP now supports Qualcomm encryption for the OnePlus One.

Why does this matter? Probably the biggest is that AOSP is making moves towards supporting this type of encryption as seen here:
https://android.googlesource.com/platform/system/vold/+/bb7d9afea9479eabbc98133d3d968225a1e1019e%5E%21/#F0

So eventually we’ll probably see Nexus and other OEMs start to use Qualcomm’s encryption methods on future devices. Additional devices using Qualcomm encryption plus forced encryption may make TWRP supporting Qualcomm encryption very important, at least for some users.

Qualcomm encryption offers better performance than “stock” Android encryption. I think this better performance is mostly due to using larger block sizes, but you can read more about it at the link below if you are so inclined. At the bottom of the page you’ll find some benchmarks comparing performance.
http://nelenkov.blogspot.com/2015/05/hardware-accelerated-disk-encryption-in.html

Also, the OnePlus One is one of the most popular TWRP devices based on download counts.

It took quite a while to get TWRP to work properly with Qualcomm encryption. Part of the trouble is that Qualcomm uses some closed source, proprietary binaries and libraries to make it work. Part of the problem is that it seems that some of the QSEE / Trust Zone functions fail to work properly when you fastboot boot an image on the OnePlus One. Whether this failure to work properly is by design or a bug, I have no idea. Even regular Android fails to decrypt properly when you fastboot boot an image, so it doesn’t appear to be a TWRP issue. Further, it seems that if you fastboot boot an image and fail to decrypt properly, Android will claim that your data partition is corrupt and insist that you wipe and start all over. Oddly enough, usually TWRP can still decrypt and read the data partition just fine, but even after TWRP succeeds, Android still complains. Go figure.

I lost many hours testing images using fastboot boot and having to wipe and re-encrypt before finding out that I had to flash my images to get decrypt to work. It seems that supporting Qualcomm encryption was also an exercise in testing how resilient the emmc chip is on the OnePlus One. I won’t be surprised if my OnePlus One dies of premature emmc failure due to all of the flashing and re-encrypting.

The latest build of TWRP for the OnePlus One should now support decrypting of CM 11, CM 12.0, CM 12.1, and Oxygen OS. Use this table to get an idea of what type of encryption you may be using:
CM 11: regular 4.4 encryption
CM 12.0 or CM 12.1 but you originally encrypted with CM 11: regular AOSP encryption with the hardware backed keymaster
CM 12.0 nightly before the 16th of January, 2015: regular AOSP encryption with the hardware backed keymaster
CM 12.0 on or after the 16th of January 2015 or CM 12.1: Qualcomm hardare encryption with the hardware backed keymaster
Oxygen OS: regular AOSP encryption with the hardware backed keymaster

If you didn’t encrypt using CM 12.0 nightly on or after 16th of January 2015, you probably aren’t getting the performance benefits of Qualcomm’s encryption. It also appears that the Oxygen OS team did not add support for Qualcomm encryption. If performance matters to you but you need to be encrypted, then I’d suggest sticking with CM. If you want to know for sure if you’re using Qualcomm encryption, flash TWRP, decrypt the device, then check the recovery log (adb pull /tmp/recovery.log or use the copy log button under advanced) and search for “has_hw_crypto is”. If the value is 1, then you’re using Qualcomm encryption. A value of 0 means that you are not.

Hope that helps and enjoy!

Per maggiori informazioni vi rimandiamo al post su Google+ di Ethan Yonker:

LINK POST GOOGLE+

Tagged under
%d blogger hanno fatto clic su Mi Piace per questo: