-
Notifications
You must be signed in to change notification settings - Fork 17
Building AOSP 4.4_r1.2 with efs tools on Nexus 4 Phone
The following steps will guide you to download, build and install AOSP 4.4_r12 together with ecryptfs and efs-tools on a Nexus 4 device.
-
Install repo client from Google
$ mkdir ~/bin $ PATH=~/bin:$PATH $ curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo $ chmod a+x ~/bin/repo
-
Get AOSP source code:
$ mkdir AOSP_TREE $ cd AOSP_TREE $ repo init -u https://android.googlesource.com/platform/manifest -b android-4.4_r1.2 $ repo sync -j8
-
Download and install binaries for Nexus 4 device (makokrt16s):
$ wget https://dl.google.com/dl/android/aosp/broadcom-mako-krt16s-f54c9ff9.tgz $ wget https://dl.google.com/dl/android/aosp/lge-mako-krt16s-23ef7d53.tgz $ wget https://dl.google.com/dl/android/aosp/qcom-mako-krt16s-cc4bd932.tgz $ tar -xvf broadcom-mako-krt16s-f54c9ff9.tgz && tar -xvf lge-mako-krt16s-23ef7d53.tgz && tar -xvf qcom-mako-krt16s-cc4bd932.tgz $ chmod a+x extract-* $ ./extract-broadcom-mako.sh && ./extract-lge-mako.sh && ./extract-qcom-mako.sh
-
Setup build environment http://source.android.com/source/initializing.html
-
Build images
$ source build/envsetup.sh $ lunch full_mako-eng $ make -j8
-
Get the kernel source code
$ git clone https://android.googlesource.com/kernel/msm.git nexus4-kernel $ cd nexus4-kernel $ git checkout android-msm-mako-3.4-kitkat-mr0
-
Setup build environment
$ export CROSS_COMPILE=/AOSP_TREE/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi- $ export ARCH=arm
-
Create kernel build config
$ make mako_defconfig
-
Add the following to the kernel config:
CONFIG_KEYS=y CONFIG_CRYPTO=y CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_AES=y CONFIG_ECRYPT_FS=y
-
Fix compile errors. Edit fs/ecryptfs/keystore.c file as follows: inside the decrypt_pki_encrypted_session_key function, initialize the payload_len variable with 0.
size_t payload_len = 0;
-
Build the kernel:
$ make -j8
-
Overwrite the new kernel zImage to AOSP tree
$ cp /nexus4_kernel/arch/arm/boot/zImage /AOSP_TREE/out/target/product/mako/kernel
-
Get the source code
$ git clone https://github.com/catalinionita/Ecryptfs-Tools-for-Android.git git_efstools
-
Move the folder to /AOSP_TREE/external/efs-tools
$ mv Ecryptfs-Tools-for-Android AOSP_TREE/external/efs-tools
-
Apply integration patches
$ cd /AOSP_TREE/external/efs-tools $ git pull $ repo forall -c git reset --hard $ repo forall -c git clean -df $ croot $ external/efs-tools/integration/apply_patches.sh
-
Rebuild AOSP tree
$ make -j8
-
Enable device connection
$ lsusb
You will see a list of USB devices. Among them, find: the Google Inc. device and save the ID: (e.g +18d1:4ee2). Edit udev rules and add Nexus 4 rules:
$ sudo emacs /etc/udev/rules.d/70-persistent-net.rules
#LG - Nexus 4 18d1:4ee2
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666"
Restart udev:
$ sudo service udev restart
Plug and unplug the device and check conectivity:
$ adb devices
You should be able to see the List of devices attached, containing the Nexus 4 phone’s serial number.
-
Flash build images to Nexus4 device
$ adb reboot bootloader $ cd $OUT
$ fastboot -w flashall
The phone should be flashed properly and rebooted. At this point you have installed a vanilla 4.4 KitKat image on a Nexus 4 phone with ecryptfs and efs-tools support.
-
Check if ecryptfs module is active:
$ adb shell $ cat proc/kallsyms | grep ecryptfs $ exit
You should see output containing ecryptfs_. If not, the ecryptfs support was not compiled in the kernel.
-
Run efs-tools tests:
$ cd /AOSP_TREE/external/efs-tools/test $ ./testsuite.sh $ ./vdc_tests.sh
-
Go to Settings→Security.
-
Set a PIN for the Screen Lock.
-
Then click on the "Encrypt my data" option.
-
Follow the instructions:
-
And encrypt your data.
-
The phone will reboot and you will be asking for the encryption password in order to access further the phone.
-
The reverse action is also possible. So, in order to decrypt the user data, unlock the phone
-
Go to Security Settings and click on "Decrypt my data" button. You can see here the status has been changed to Encrypted.
-
Then, follow the instructions: