Skip to content

Building AOSP 4.4_r1.2 with efs tools on Nexus 4 Phone

Jump to bottom Edit New page
Razvan-Costin Ionescu edited this page Mar 17, 2014 · 19 revisions

The following steps will guide you to download, build and install AOSP 4.4_r12 together with ecryptfs and efs-tools on a Nexus 4 device.

Download and build AOSP 4.4_r12

  • Install repo client from Google

$ mkdir ~/bin
$ PATH=~/bin:$PATH
$ curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
$ chmod a+x ~/bin/repo

  • Get AOSP source code:

$ mkdir AOSP_TREE
$ cd AOSP_TREE
$ repo init -u https://android.googlesource.com/platform/manifest -b android-4.4_r1.2
$ repo sync -j8

  • Download and install binaries for Nexus 4 device (makokrt16s):

$ wget https://dl.google.com/dl/android/aosp/broadcom-mako-krt16s-f54c9ff9.tgz
$ wget https://dl.google.com/dl/android/aosp/lge-mako-krt16s-23ef7d53.tgz
$ wget https://dl.google.com/dl/android/aosp/qcom-mako-krt16s-cc4bd932.tgz
$ tar -xvf broadcom-mako-krt16s-f54c9ff9.tgz && tar -xvf lge-mako-krt16s-23ef7d53.tgz && tar -xvf qcom-mako-krt16s-cc4bd932.tgz
$ chmod a+x extract-*
$ ./extract-broadcom-mako.sh && ./extract-lge-mako.sh && ./extract-qcom-mako.sh
$ source build/envsetup.sh
$ lunch full_mako-eng
$ make -j8

Enable ecryptfs in Nexus4 kernel

  • Get the kernel source code

$ git clone https://android.googlesource.com/kernel/msm.git nexus4-kernel
$ cd nexus4-kernel
$ git checkout android-msm-mako-3.4-kitkat-mr0

  • Setup build environment

$ export CROSS_COMPILE=/AOSP_TREE/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-
$ export ARCH=arm

  • Create kernel build config

$ make mako_defconfig

  • Add the following to the kernel config:

CONFIG_KEYS=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_AES=y
CONFIG_ECRYPT_FS=y

  • Fix compile errors. Edit fs/ecryptfs/keystore.c file as follows: inside the decrypt_pki_encrypted_session_key function, initialize the payload_len variable with 0.

size_t payload_len = 0;

  • Build the kernel:

$ make -j8

  • Overwrite the new kernel zImage to AOSP tree

$ cp /nexus4_kernel/arch/arm/boot/zImage /AOSP_TREE/out/target/product/mako/kernel

Download and build efs-tools

  • Get the source code

$ git clone https://github.com/catalinionita/Ecryptfs-Tools-for-Android.git git_efstools

  • Move the folder to /AOSP_TREE/external/efs-tools

$ mv Ecryptfs-Tools-for-Android AOSP_TREE/external/efs-tools

  • Apply integration patches

$ cd /AOSP_TREE/external/efs-tools
$ git pull
$ repo forall -c git reset --hard
$ repo forall -c git clean -df
$ croot
$ external/efs-tools/integration/apply_patches.sh

  • Rebuild AOSP tree

$ make -j8

Flash images to Nexus4 device

  • Enable device connection

$ lsusb

You will see a list of USB devices. Among them, find: the Google Inc. device and save the ID: (e.g +18d1:4ee2). Edit udev rules and add Nexus 4 rules:

$ sudo emacs /etc/udev/rules.d/70-persistent-net.rules
#LG - Nexus 4 18d1:4ee2
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666"

Restart udev:

$ sudo service udev restart

Plug and unplug the device and check conectivity:

$ adb devices

You should be able to see the List of devices attached, containing the Nexus 4 phone’s serial number.

  • Flash build images to Nexus4 device

$ adb reboot bootloader
$ cd $OUT
$ fastboot -w flashall

The phone should be flashed properly and rebooted. At this point you have installed a vanilla 4.4 KitKat image on a Nexus 4 phone with ecryptfs and efs-tools support.

Testing

  • Check if ecryptfs module is active:

$ adb shell
$ cat proc/kallsyms | grep ecryptfs
$ exit

You should see output containing ecryptfs_. If not, the ecryptfs support was not compiled in the kernel.

  • Run efs-tools tests:

$ cd /AOSP_TREE/external/efs-tools/test
$ ./testsuite.sh
$ ./vdc_tests.sh
Checkout the graphical interface for encrypt/decrypt user data

  • Go to Settings→Security.

Settings

  • Set a PIN for the Screen Lock.

Screen Lock
Set a PIN

  • Then click on the "Encrypt my data" option.

Encrypt my data

  • Follow the instructions:

Encrypt my data 2

  • And encrypt your data.

Encrypt my data 3

  • The phone will reboot and you will be asking for the encryption password in order to access further the phone.

Encrypt my data 3

  • The reverse action is also possible. So, in order to decrypt the user data, unlock the phone

Unlock the phone

  • Go to Security Settings and click on "Decrypt my data" button. You can see here the status has been changed to Encrypted.

Decrypt my data

  • Then, follow the instructions:

Decrypt my data 2
Add a custom footer
Add a custom sidebar
Clone this wiki locally