是的,你没有看错,给TWRP添加解密功能.

Data加密分为FDE(全磁盘加密)FBE(文件基加密)

当你看到encryptable=/dev/block/platform/bootdevice/by-name/metadata为FDE加密

当你看到fileencryption=aes-256-xts为FBE加密

不知道为啥Y97还在用FDE加密,出厂都是安卓8的设备了。

先说一下解密思路:twrp启动——加载servicemanager hwservicemanager vndservicemanager——加载TrustonicTEE(Start mcDriverDaemon)——加载gatekeeper——加载keymaster——TEE解密——读取data

个人总结

下面演示机型Vivo Y97(Vivo V11i)

参考设备树:momo54181/android_device_vivo_k71v1_64_bsp (github.com)

设备树配置-BoardConfig.mk

Crypto

TW_INCLUDE_CRYPTO := true # 添加加密支持
TW_INCLUDE_CRYPTO_FBE := true # 添加 FBE加密支持

Test

TWRP_INCLUDE_LOGCAT := true #开启Logcat,方便看log
TARGET_USES_LOGD := true #开启logd,方便看log

init.recovery.mt****.rc

#Add By Momo5418 FBE Fixed

on property:crypto.ready=1
start vendor.keymaster-3-0-trustonic
start keymaster-3-0
start gatekeeper-1-0

on property:crypto.ready=0
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0

on property:ro.crypto.state=unsupported
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0

on property:ro.crypto.state=unencrypted
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0

on property:twrp.decrypt.done=true && property:twrp.all.users.decrypted=true
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0

可能遇到的问题

Keymaster不加载

解决办法:检查是否存在mcDriverDaemon

1.可能是system/或者vendor/vintf/manifest.xml配置有短缺

解决办法:将vendor/vintf/manifest.xml复制到system/vintf/manifest.xml

2.可能是init.recovery.cpu代号.rc 未加载keymaster 例如:

TEE加载错误-一般不用管他(FDE/FBE 一般不需要手动输入密码来解密data)

检查/vendor/app/mcRegistry