[PATCH][i9100] Encrypted Emulated Internal Storage
Added by Grim Kriegor about 8 years ago
Hello gentlemen. I've recently replaced my pocket spy with an awesome i9100 running Replicant and it has been great.
However there were a few things I had to change in order to fully replace the pocket spy with something freer, which include enabling emulated internal storage so that files in /sdcard get encrypted alongside the rest of /data.
I must start by saying that it seems Android 4.2 was on the threshold of some significant changes to how storage gets handled and it is quite the pain the find proper documentation for this particular version of Replicant, forcing me to do quite a bit of trial and error. Feel free to provide feedback on any of these methods.
The process goes something like this:
- Repartition the memory to increasce the size of /data (mmc0blk10) and decreasce that of /emmc (mmc0blk11)
- Build and install Replicant 4.2 with support for emulated internal memory
- Encrypt /data
This was what I managed to stick together:
Repartitioning:¶
Repartitioning the internal memory can brick your phone, be careful!
I've prepared a partition table that expands /data (mmcblk0p10) as much as possible and shrinks /sdcard (mmcblk0p11) by changing the position of their last and first blocks respectively, resulting in a 14GiB /data partition.
PIT file and signature are avaliable here:
https://github.com/GrimKriegor/Misc/tree/master/Replicant/PartitionTables
Unless you change the coordinates of a partition its contents should be safe, simply flash the partition table using Heimdall:
heimdall flash --repartition --PIT I9100_14GB_grim.pit
Code for emulated storage support:¶
From 84c5a91a45b059a147921d0ea32367534904b314 Mon Sep 17 00:00:00 2001 From: GrimKriegor <grimkriegor@krutt.org> Date: Fri, 16 Sep 2016 23:02:43 +0100 Subject: [PATCH] Switching sdcard0 from physical to emulated. --- configs/vold.fstab | 2 +- .../base/core/res/res/xml/storage_list.xml | 10 +++++----- rootdir/init.smdk4210.rc | 22 ++++++++++++++++++---- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/configs/vold.fstab b/configs/vold.fstab index bc12264..68e37df 100644 --- a/configs/vold.fstab +++ b/configs/vold.fstab @@ -13,7 +13,7 @@ ###################### # internal sdcard -dev_mount sdcard0 /storage/sdcard0 11 /devices/platform/dw_mmc/mmc_host/mmc0/mmc0 nonremovable,encryptable +#dev_mount sdcard0 /storage/sdcard0 11 /devices/platform/dw_mmc/mmc_host/mmc0/mmc0 nonremovable,encryptable # external sdcard dev_mount sdcard1 /storage/sdcard1 auto /devices/platform/s3c-sdhci.2/mmc_host/mmc1 diff --git a/overlay/frameworks/base/core/res/res/xml/storage_list.xml b/overlay/frameworks/base/core/res/res/xml/storage_list.xml index 44ed062..214eac8 100644 --- a/overlay/frameworks/base/core/res/res/xml/storage_list.xml +++ b/overlay/frameworks/base/core/res/res/xml/storage_list.xml @@ -33,17 +33,17 @@ --> <StorageList xmlns:android="http://schemas.android.com/apk/res/android"> - <storage android:mountPoint="/storage/sdcard0" - android:storageDescription="@string/storage_internal" + <storage android:storageDescription="@string/storage_internal" android:primary="true" - android:removable="false" - android:allowMassStorage="true" /> + android:emulated="true" + android:mtpReserve="100" /> <storage android:mountPoint="/storage/sdcard1" android:storageDescription="@string/storage_sd_card" android:primary="false" + android:emulated="false" android:removable="false" - android:allowMassStorage="true" /> + android:maxFileSize="4096" /> <storage android:mountPoint="/storage/usbdisk0" android:storageDescription="@string/storage_usb" diff --git a/rootdir/init.smdk4210.rc b/rootdir/init.smdk4210.rc index dedd393..ed7c90e 100644 --- a/rootdir/init.smdk4210.rc +++ b/rootdir/init.smdk4210.rc @@ -2,20 +2,30 @@ import init.smdk4210.usb.rc import init.gps.rc on init - export EXTERNAL_STORAGE /storage/sdcard0 + export EXTERNAL_STORAGE /storage/emulated/legacy + export EMULATED_STORAGE_SOURCE /mnt/shell/emulated + export EMULATED_STORAGE_TARGET /storage/emulated export SECONDARY_STORAGE /storage/sdcard1 + mkdir /storage 0775 system system - mkdir /storage/sdcard0 0775 system system + mkdir /mnt/media_rw 0775 system system + mkdir /mnt/shell/emulated 0700 shell shell + mkdir /storage/emulated 0555 root root + mkdir /mnt/media_rw/sdcard1 0700 media_rw media_rw mkdir /storage/sdcard1 0775 system system + mkdir /mnt/media_rw/usbdisk0 0700 media_rw media_rw mkdir /storage/usbdisk0 0775 system system + mkdir /efs 0771 radio system mkdir /preload 0771 system system mkdir /mnt 0775 root system mkdir /mnt/.lfs 0755 root root # for backwards compatibility - symlink /storage/sdcard0 /sdcard - symlink /storage/sdcard0 /mnt/sdcard + symlink /storage/emulated/legacy /sdcard + symlink /storage/emulated/legacy /mnt/sdcard + symlink /storage/emulated/legacy /storage/sdcard0 + symlink /mnt/shell/emulated/0 /storage/emulated/legacy symlink /storage/sdcard1 /extSdCard symlink /storage/sdcard1 /mnt/extSdCard symlink /storage/usbdisk0 /usbdisk0 @@ -25,6 +35,7 @@ on init write /sys/block/mmcblk0/queue/iosched/slice_idle 0 on fs + setprop ro.crypto.fuse_sdcard true mount_all /fstab.smdk4210 mkdir /efs/bluetooth @@ -397,3 +408,6 @@ service bugreport /system/bin/bugmailer.sh -v disabled oneshot keycodes 114 115 116 + +service sdcard /system/bin/sdcard /data/media /mnt/shell/emulated 1023 1023 + class late_start
Hope some of you guys find this information useful. Good luck!
Additionally, it may be possible to confortably use this without repartitioning, the primary sdcard (sdcard0) would be quite small inside the 2GiB /data, but another sdcard could be provided by /emmc (sdcard1), in addition to the external card (sdcard2), this way most apps would be provided with an encrypted storage when they try to save things in the internal memory.
EDIT (20160925):
Simpler Heimdall command, turns out you don't need to provide contents for all partitions while repartitioning.
Replies (15)
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Wolfgang Wiedmeyer over 7 years ago
Have you checked if all of this already works with Replicant 6.0 (except repartitioning) or is a patch still needed?
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Grim Kriegor over 7 years ago
From the quick and shallow tests I did in early February, with the latest code available at the time, I could not "adopt" the emmc partition as internal storage, like you can with any other sdcard, the option simply wasn't there.
Only by repartitioning and applying these changes was I able to get the desired effect, hide the vestigial emmc and create a virtual sdcard in /data.
diff --git a/rootdir/fstab.smdk4210 b/rootdir/fstab.smdk4210 index 41df278..67976fd 100755 --- a/rootdir/fstab.smdk4210 +++ b/rootdir/fstab.smdk4210 @@ -13,7 +13,7 @@ /dev/block/mmcblk0p12 /preload ext4 noatime,nosuid,nodev,journal_async_commit wait # vold-managed volumes ("block device" is actually a sysfs devpath) -/devices/platform/dw_mmc/mmc_host/mmc0/mmc0* auto auto defaults wait,voldmanaged=sdcard0:11,noemulatedsd,nonremovable +#/devices/platform/dw_mmc/mmc_host/mmc0/mmc0* auto auto defaults wait,voldmanaged=sdcard0:11,noemulatedsd,nonremovable /devices/platform/s3c-sdhci.2/mmc_host/mmc1* auto auto defaults wait,voldmanaged=sdcard1:auto,encryptable=userdata /devices/platform/s3c_otghcd/usb* auto auto defaults voldmanaged=usb:auto diff --git a/rootdir/init.smdk4210.rc b/rootdir/init.smdk4210.rc index 4fe4177..91f48c1 100644 --- a/rootdir/init.smdk4210.rc +++ b/rootdir/init.smdk4210.rc @@ -13,6 +13,9 @@ on init # Disable CFQ slice idle delay write /sys/block/mmcblk0/queue/iosched/slice_idle 0 +# Emulated storage + setprop ro.vold.primary_physical 0 + on fs mount_all /fstab.smdk4210 swapon_all /fstab.smdk4210
Thanks for taking a look, Wolfgang, and keep up the great work!
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Wolfgang Wiedmeyer over 7 years ago
Ok, thanks for the update! At least these changes would only require recompiling the kernel with a modified initramfs and not a whole Replicant image.
This change might also be interesting: https://review.lineageos.org/#/c/157065/
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Grim Kriegor over 7 years ago
Oh, this is very interesting indeed. This way we could have both configs on the code and compile whichever we required.
Do you think it would be acceptable to include something similar to this in Replicant?
I think most people would agree having a encrypted emulated storage is quite important. Maybe in the future we could have both builds and instructions on how to repartition on the wiki.
I'd love to help with this, gonna try to borrow a spare device soon. Thanks for your time.
________________________________________________________
ADDENDUM:
Applying the changes by hand results in this following diff. I still wonder why rINanDO sets "ro.vold.primary_physical=1" when "TARGET_USE_EMULATED_STORAGE" is false. Shouldn't it be more proper to set "ro.vold.primary_physical=0" when "TARGET_USE_EMULATED_STORAGE" is true, since primary physical is the default, as specified in "i9100/system.prop" (in both CM13 and LOS 14.1)?
diff --git a/common.mk b/common.mk index d56effd..60dcf60 100644 --- a/common.mk +++ b/common.mk @@ -19,11 +19,20 @@ DEVICE_PACKAGE_OVERLAYS := $(COMMON_PATH)/overlay # Rootdir PRODUCT_COPY_FILES := \ - $(COMMON_PATH)/rootdir/fstab.smdk4210:root/fstab.smdk4210 \ $(COMMON_PATH)/rootdir/init.smdk4210.usb.rc:root/init.smdk4210.usb.rc \ $(COMMON_PATH)/rootdir/init.smdk4210.rc:root/init.smdk4210.rc \ $(COMMON_PATH)/rootdir/ueventd.smdk4210.rc:root/ueventd.smdk4210.rc +ifeq ($(TARGET_USE_EMULATED_STORAGE),true) + PRODUCT_COPY_FILES += \ + $(COMMON_PATH)/rootdir/fstab.smdk4210-emu:root/fstab.smdk4210 + PRODUCT_PROPERTY_OVERRIDES += \ + ro.vold.primary_physical=0 +else + PRODUCT_COPY_FILES += \ + $(COMMON_PATH)/rootdir/fstab.smdk4210:root/fstab.smdk4210 +endif + # Recovery rootdir PRODUCT_COPY_FILES += \ $(COMMON_PATH)/rootdir/init.recovery.smdk4210.rc:root/init.recovery.smdk4210.rc diff --git a/rootdir/fstab.smdk4210-emu b/rootdir/fstab.smdk4210-emu new file mode 100755 index 0000000..99eeaca --- /dev/null +++ b/rootdir/fstab.smdk4210-emu @@ -0,0 +1,24 @@ +# Android fstab file. +#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags> +# The filesystem that contains the filesystem checker binary (typically /system) cannot +# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK +# data partition must be located at the bottom for supporting device encryption + +/dev/block/mmcblk0p9 /system ext4 ro,noatime wait +/dev/block/mmcblk0p7 /cache f2fs noatime,nosuid,nodev,inline_data,inline_xattr,discard wait +/dev/block/mmcblk0p7 /cache ext4 noatime,nosuid,nodev,journal_async_commit,errors=panic wait,check_spo +/dev/block/mmcblk0p1 /efs ext4 noatime,nosuid,nodev,journal_async_commit,errors=panic wait,check_spo +/dev/block/mmcblk0p10 /data f2fs noatime,nosuid,nodev,inline_data,inline_xattr,discard wait,encryptable=footer,length=-16384 +/dev/block/mmcblk0p10 /data ext4 noatime,nosuid,nodev,noauto_da_alloc,journal_async_commit,errors=panic wait,check_spo,encryptable=footer,length=-16384 +/dev/block/mmcblk0p12 /preload ext4 noatime,nosuid,nodev,journal_async_commit wait + +# vold-managed volumes ("block device" is actually a sysfs devpath) +/devices/platform/s3c-sdhci.2/mmc_host/mmc1* auto auto defaults wait,voldmanaged=sdcard1:auto,encryptable=userdata +/devices/platform/s3c_otghcd/usb* auto auto defaults voldmanaged=usb:auto + +# recovery +/dev/block/mmcblk0p5 /boot emmc defaults recoveryonly +/dev/block/mmcblk0p6 /recovery emmc defaults recoveryonly + +# zRAM +/dev/block/zram0 none swap defaults zramsize=268435456,zramstreams=2
Will test ASAP.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Wolfgang Wiedmeyer over 7 years ago
Grim Kriegor wrote:
Do you think it would be acceptable to include something similar to this in Replicant?
I think most people would agree having a encrypted emulated storage is quite important. Maybe in the future we could have both builds and instructions on how to repartition on the wiki.
Indeed, it's definitely worth discussing. I think there is not yet a policy for offering different builds for a device. I guess offering a signed kernel image with instructions would be fine.
Applying the changes by hand results in this following diff. I still wonder why rINanDO sets "ro.vold.primary_physical=1" when "TARGET_USE_EMULATED_STORAGE" is false. Shouldn't it be more proper to set "ro.vold.primary_physical=0" when "TARGET_USE_EMULATED_STORAGE" is true, since primary physical is the default, as specified in "i9100/system.prop" (in both CM13 and LOS 14.1)?
Probably yes. I'd have to take a closer look. Contacting the LineageOS developers could bring some clarity to this. They'd need to be contacted anyway because we need to know what their future plans regarding this are and why this change was abandoned and not merged.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Steven Michael over 7 years ago
Where do I add the code? Got Replicant's source code just don't know where or how to add this.
Also, did you manage to get this working on Replicant 6?
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Grim Kriegor over 7 years ago
Steven Michael wrote:
Where do I add the code? Got Replicant's source code just don't know where or how to add this.
Also, did you manage to get this working on Replicant 6?
Hello Steven.
This patch is meant for the git repository inside device/samsung/galaxys2-common
https://redmine.replicant.us/boards/39/topics/13707?r=14075#message-14075
I'm not sure if it still works, if there have been any changes upstream that make it incompatible, you can always try to apply it manually by removing that line in fstab.smdk4210 and adding the other three to init.smdk4210.rc.
Been postponing my migration to Replicant 6, but will have too look into this again soon, will update the thread accordingly.
Best of luck!
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Steven Michael over 7 years ago
Okay thanks. I'll give this a shot on 4.2. Hopefully this can be done on 6.0 soonish.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Steven Michael over 7 years ago
Hey man, are you able to do me a huge favour? I'm running a 16GB hard drive O.o and have little storage space left. Can't compile myself? Are you able to make a pre-built image for me and upload somewhere please?
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Paula McCloud about 7 years ago
Excuse poor English.
How can I emulate storage? I downloaded source code and change direct it to "device / samsung / galaxys2-common" but know not to do next. How do I add the code? Where can I add it, what do I call the file? Can you write a guide?
I'm not good at coding, but you need security, privacy and encryption.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Grim Kriegor about 7 years ago
In the folder device/samsung/galaxys2-common/rootdir find the files "fstab.smdk4210" and "init.smdk4210.rc" and change them like so.
https://redmine.replicant.us/boards/39/topics/13707?r=14075#message-14075
+ means added line, - means removed line.
Then continue the compilation as described in the guide.
Good luck.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Paula McCloud about 7 years ago
Grim Kriegor wrote:
+ means added line, - means removed line.
Does include triple + and - or only singles?
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Grim Kriegor about 7 years ago
Just the singles.
Simply remove this line from "fstab.smdk4210"
/devices/platform/dw_mmc/mmc_host/mmc0/mmc0* auto auto defaults wait,voldmanaged=sdcard0:11,noemulatedsd,nonremovable
And add these 2 to "init.smdk4210.rc"
# Emulated storage setprop ro.vold.primary_physical 0
Just after
# Disable CFQ slice idle delay write /sys/block/mmcblk0/queue/iosched/slice_idle 0
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Paula McCloud about 7 years ago
Ah easy peasy. Thank you for help. Much nice, help protect my family.
RE: [PATCH][i9100] Encrypted Emulated Internal Storage - Added by Matthias-Christian Ott over 6 years ago
I created an issue (#1873) so that the patch can be merged.