« "One of the Trusted"NSA relevations "only the tip of the iceberg" »

Upgrade CyanogenMod on an encrypted device


  14:10:00 by Joe, Categories: General, Open Source

In light of all the idiotic and illegal NSA snooping, I decided to do full-disk encryption on my Nexus 7 tablet and my Nexus 4 phone. That works all great. This should keep the criminals at NSA, as well as the TSA and Border Patrol out of my devices. My computers at home have had full-disk encryption for a while already...

Anyway, in a side-effect, the CyanogenMod updater, as well as the Clockworkmod recovery, don't know how to handle the encrypted data partition, so installing a CyanogenMod update fails.
Of course, the command line is always helpful...
So, here is how to upgrade CyanogenMod with an encrypted device:

  1. Connect the phone to your computer using a USB cable
  2. If you haven't already, install the 'android-tools' package
  3. Download the CyanogenMod archive you want to install, from get.cm.
  4. Reboot your phone into recovery mode.
  5. Once recovery is up, select "Install zip from sideload". Note: This is with the Clockworkmod Recovery, your recovery may have different options.
  6. On your computer, type "adb sideload <the_downloaded_cm_archive>", e.g., "adb sideload cm-10.1-20130706-NIGHTLY-grouper.zip"

That's it. Works like a charm.

BTW, it is also a possibility to use TeamWin's recovery. TWRP can unencrypt the data partition, unlike Clockworkmod.

Update: Since writing this post, I have switched to TWRP and use that on all my devices.
One slight issue with the disk encryption is that by default, the encryption key is the same as the unlock PIN or password. Usually, the unlock PIN or password is pretty short, since it is entered several times during the day.
There are programs in the Google Play Store that separate the disk encryption password from the unlock PIN or password. An example is the CryptFS Password Manager. I highly recommend using that or similar tools (or the command line) to use a strong password for the full-disk encryption.

Another update: With CM12, a couple of devices, e.g., the OnePlus One, which is by now my main phone, use hardware encryption, with a proprietary library. TWRP doesn't yet work with that, so it is not possible to decrypt the /data partition in TWRP. adb sideload works, because in CM12, the sideloaded file is saved to /sideload, which is on the root partition.
Another update: TWRP from version handles decryption on the OnePlus One, and possibly on other modern devices.


Comment from: trillo [Visitor]

Hello, I’m a Nexus 4 user with CWM installed. I was wondering if I should encrypt my device. When I encrypt it, will I still be able to create a backup of my storage? Will I lose all my data when I sideload the updated Cyanogenmod version through adb, or will it stay?

07/11/15 @ 03:58
Comment from: Joe [Member]

My understanding is that CWM can not read an encrypted partition, so a backup would not be possible.
adb sideload still works because that doesn’t write anything to the encrypted partition.

09/15/15 @ 15:43

Form is loading...

Posts about whatever I find worthy of posting...
October 2019
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
 << <   > >>


  XML Feeds

powered by b2evolution