Project

General

Profile

Move internal /data-Partition to SD-Card and encrypt it.

Added by Edward Hansly over 7 years ago

Hello,

I want to have all my Personal-Data on the removable SD-Card.

Questions:
q1a) How can i move the /data-Partition to the SD-Card?
q1b) Or how can i change the internal-Storage and external-Storage completely?
q2) Can the /data-Partition on the SD-Card be encrypted?
q3) Would i be able to open the encrypted /data-Partition on the SD-Card using a Trisquel Gnu/Linux?

What do i have to expect after i accomplished these steps?

Pro:
p1) All Personal-Data can be removed instantly by removing the SD-Card.

Contra:
c1) Replicant will start and run slower.

Thanks for your help.


Replies (13)

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Anonymous over 7 years ago

Hello,

You may want to look at this : http://forum.xda-developers.com/galaxy-s2/general/i9100-emulated-sdcard-partition-t3260836

r1) Maybe by emulating the /data partition on SD-Card, by changing fstab and compiling to images from replicant sources
r2) If it can be emulated, I would say yes.
r3) As the /data partition encryption use something similar to LUKS (https://nelenkov.blogspot.fr/2014/10/revisiting-android-disk-encryption.html) you may can mount the SD-Card through cryptsetup in Trisquel

A "full" disk encryption as all the data would be emulated in /data partition on the removable SD-Card.

Please someone correct me if I am wrong or if thoese things are impossible to do. Beacause this would be realy great.

Looking forward from hearing you !

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Grim Kriegor over 7 years ago

This is not exactly what you may want to do, Edward. But might help you reach that goal, especially as documentation regarding storage handling in Android/Replicant 4.2 is quite lacking these days.

http://redmine.replicant.us/boards/39/topics/13707

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Edward Hansly over 7 years ago

Hello, Thanks for your Answers.

I only understand the bare minimum of the Posts you had posted.

Meanwhile i downloaded the replicant-Quellcode an read a lot Tutorials.

I guess there are three files responsible for partitioning and mounting.

You can find them in the Quellcode:

f1) Replicant Quellcode/replicant-4.2/device/samsung/i9300/recovery.fstab
Extract:

# mount point    fstype        device
/efs            ext4        /dev/block/mmcblk0p3
/boot            emmc        /dev/block/mmcblk0p5
/recovery        emmc        /dev/block/mmcblk0p6
/cache            ext4        /dev/block/mmcblk0p8
/system            ext4        /dev/block/mmcblk0p9
/data            ext4        /dev/block/mmcblk0p12 length=-16384
/preload        ext4        /dev/block/mmcblk0p10
/modem            emmc        /dev/block/mmcblk0p7

/sdcard            datamedia   /dev/null
/external_sd    auto        /dev/block/mmcblk1p1    /dev/block/mmcblk1

f2) Replicant Quellcode/replicant-4.2/device/samsung/i9300/init.smdk4x12.rc
Extract:

import init.smdk4x12.usb.rc

on init
    mkdir /mnt/shell/emulated 0700 shell shell
    mkdir /storage 0550 system sdcard_r
    mkdir /storage/emulated 0555 root root
    mkdir /storage/sdcard1 0775 system system
    mkdir /storage/usbdisk0 0775 system system

    export EXTERNAL_STORAGE /storage/emulated/legacy
    export SECONDARY_STORAGE /storage/sdcard1
    export EMULATED_STORAGE_SOURCE /mnt/shell/emulated
    export EMULATED_STORAGE_TARGET /storage/emulated

    # for backwards compatibility
    symlink /storage/emulated/legacy /sdcard
    symlink /storage/emulated/legacy /mnt/sdcard
    symlink /storage/emulated/legacy /storage/sdcard0
    symlink /mnt/shell/emulated/0 /storage/emulated/legacy
    symlink /storage/sdcard1 /extSdCard
    symlink /storage/sdcard1 /mnt/extSdCard
    symlink /storage/usbdisk0 /usbdisk0
    symlink /storage/usbdisk0 /mnt/usbdisk0

    mkdir /efs 0771 radio system

f3) Replicant Quellcode/replicant-4.2/device/samsung/i9300/fstab.smdk4x12
Extract:

# Android fstab file.
#<src>                  <mnt_point>         <type>    <mnt_flags and options>                               <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK

/dev/block/mmcblk0p3    /efs               ext4      noatime,nosuid,nodev,journal_async_commit,errors=panic    wait
/dev/block/mmcblk0p9    /system             ext4      ro,noatime                                           wait
/dev/block/mmcblk0p8    /cache              ext4      noatime,nosuid,nodev,journal_async_commit,errors=panic    wait

# data partition must be located at the bottom for supporting device encryption
/dev/block/mmcblk0p12    /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer

Right now i am not able to understand the exact purpose of these files. And i do not know how to change them.

Any suggestions.

Thanks!

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Edward Hansly over 7 years ago

First Try:

1) Format SD Card:

    First Primary partition (mmcblk1p1)
    fat

    Second Primary partition (mmcblk1p2)
    ext4

2) Edit: Quellcode/replicant-4.2/device/samsung/i9300/recovery.fstab

# /data            ext4        /dev/block/mmcblk0p12 length=-16384
/data            ext4        /dev/block/mmcblk1p2 length=-16384

3) Edit: Quellcode/replicant-4.2/device/samsung/i9300/fstab.smdk4x12

# /dev/block/mmcblk0p12    /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer
/dev/block/mmcblk1p2    /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer

4) Compile replicant and find output in Replicant_Quellcode/replicant-4.2/out/target/product/i9300

5) Download a replicant.zip File

    Unzip it.
    Replace the Files in the Zip with the new compiled files.
    zip it.

6) Move the Zip to your Phone and flash it from recovery mode.

7) Start it up. Replicant up and running.

8) Check the Partitioning.

9) Result!!

    Nothing changed !!! Mission Failed !!!
    RETRY same result...

Is there anywhere a full guide: How to compile replicant?

Why didn't these Changes change anything?

Thanks for your Help.

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Grim Kriegor over 7 years ago

Hello there Ed, what do you mean with "Replace the Files in the Zip with the new compiled files."? Building Replicant should provide you with a replicant-4.2*.zip file you can install via recovery, as well as a boot.img and system.img you can flash via Download Mode alternatively.
The Replicant wiki has a guide on how to build Replicant, which I assume was the one you followed. https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300Build

I believe simply changing fstab.<device> on the rootdir to make /data be mounted from /dev/block/mmcblk1p2 instead of /dev/block/mmcblk0p12 would suffice.

When you succeed I suggest you also make sdcard0 (the internal memory) emulated, so it gets encrypted inside /data on the physical sdcard.

Best of luck and keep us posted on your progress.

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Edward Hansly over 7 years ago

Thanks!

There is an Error during Compiling

Thanks for your help GK.

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Grim Kriegor over 7 years ago

Oh, excellent! So you managed to compile it, what about the external /data, did that work as well?

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Anonymous over 7 years ago

Have you been able to achieve exactly what you have asked for in your first post ?

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Kurtis Hanna over 7 years ago

Can anyone add documentation to the wiki about this?

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Grim Kriegor over 7 years ago

I'll gladly add documentation on how to repartition, emulate and encrypt /sdcard (internal storage) to the wiki, if you gentlemen are interested.

Something similar to these:
http://redmine.replicant.us/boards/39/topics/13707
https://github.com/GrimKriegor/replicant-device_samsung_galaxys2-common

I would also like to add the option to move the entire /data partition to the external sdcard, like Edward did, but not before receiving his feedback and doing some testing.

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Edward Hansly over 7 years ago

Quick Guide!

First Try:

1) Format SD Card:

    First Primary partition (mmcblk1p1)
    FAT

    Second Primary partition (mmcblk1p2)
    ext4 (I did leave 16384 Bit of empty space at then end of the SD-Card. I dont know if you need it.

2) Edit: Quellcode/replicant-4.2/device/samsung/i9300/recovery.fstab

# /data            ext4        /dev/block/mmcblk0p12 length=-16384
/data            ext4        /dev/block/mmcblk1p2 length=-16384

3) Edit: Quellcode/replicant-4.2/device/samsung/i9300/fstab.smdk4x12

# /dev/block/mmcblk0p12    /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer
/dev/block/mmcblk1p2    /data               ext4      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer

4) Compile replicant and find output in Replicant_Quellcode/replicant-4.2/out/target/product/i9300

5) Insert SD-Card

6) Move Zip to the Phone and install it.

7) Start it. You will have a new installed Replicant.

8) Encrypt it using the encryption command. (This will whipe all your Data on the second partition of the SD-Card)

    vdc cryptfs enablecrypto wipe longpassword

(Encryption over the GUI does not work on my Phone.)

Notes:
Replicant starts and runs slower, but i am OK with that.

The rest is working exactly like before.

RE: Move internal /data-Partition to SD-Card and encrypt it. - Added by Daniel Kulesz over 7 years ago

I've been running the same setup (actually with both /data and the internal /sdcard moved to the external sdcard) for about 2 years now on a device with Android 4.4 and a lot of manual work on the cryptofooter, symlinking, bind-mounting and stuff.

http://forum.xda-developers.com/android/software/internal-external-data-encrypted-t2996421

My experience is, that this is pretty complicated and painful on Android 4.x and it is SO much easier and simpler on Android 6. All you have to do is to manipulate the fstab entry and recompile/reflash the boot image. I prefer to to use the whole sdcard without any partitions on it at all on a f2fs filesystem for /data, by using the following fstab entry:

/dev/block/mmcblk1    /data               f2fs      noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic    wait,check,encryptable=footer

BE CAREFUL! Using the wrong device like mmcblk0 instead of mmcblk1 can completely brick your device!

After doing this change, just format your partition "unencrypted", boot Android run the encryption process. Formating in recovery is as simple as:

mkfs.f2fs /dev/block/mmcblk1

However, a really important factor in this kind of setup is the 4k Random read/write performance of the SD card. And there are really HUGE differences here. There is a good blog post summarizing them:

http://www.jeffgeerling.com/blogs/jeff-geerling/raspberry-pi-microsd-card

I replicated these measurements with various microSD cards I own and can confirm that the Evo+ is really shining here (althouh someone in the comment said that Samsung might be rebranding some Evo+ cards...). On the other hand, the Toshiba Exceria which I had before was absolutely horrible with 88kb/s random at 4k writing and made the device extremely unresponsive and laggy. With the Evo+, it's not as fast as internal flash but it is really not bad at all.

Btw.: Encryption over the GUI did not work for me either, so I also had to use the vdc command.

    (1-13/13)