Skip to content

Building AOSP 5.0.2_r1 with efs tools on Nexus 7 Tablet

Jump to bottom Edit New page
alexnivan edited this page May 4, 2015 · 8 revisions

The following steps will guide you to download, build and install AOSP 5.0.2_r1 together with ecryptfs and efs-tools on a Nexus 7 tablet.

Download and build AOSP 5.0.2_r1

  • Install repo client from Google

$ mkdir ~/bin
$ PATH=~/bin:$PATH
$ curl http://commondatastorage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
$ chmod a+x ~/bin/repo

  • Get AOSP source code:

$ mkdir AOSP_TREE
$ cd AOSP_TREE
$ repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.2_r1
$ repo sync -j8

  • Download and install binaries for Nexus 7 device (tilapialrx22g):

$ wget https://dl.google.com/dl/android/aosp/asus-tilapia-lrx22g-77f3f95b.tgz
$ wget https://dl.google.com/dl/android/aosp/broadcom-tilapia-lrx22g-2cff7a17.tgz
$ wget https://dl.google.com/dl/android/aosp/elan-tilapia-lrx22g-4cbfd4bc.tgz
$ wget https://dl.google.com/dl/android/aosp/invensense-tilapia-lrx22g-51819e4e.tgz
$ wget https://dl.google.com/dl/android/aosp/nvidia-tilapia-lrx22g-33c49b1c.tgz
$ wget https://dl.google.com/dl/android/aosp/nxp-tilapia-lrx22g-bd4a7a34.tgz
$ wget https://dl.google.com/dl/android/aosp/widevine-tilapia-lrx22g-6ee5ee5d.tgz
$ tar -xvf asus-tilapia-lrx22g-77f3f95b.tgz && tar -xvf broadcom-tilapia-lrx22g-2cff7a17.tgz && tar -xvf elan-tilapia-lrx22g-4cbfd4bc.tgz && tar -xvf invensense-tilapia-lrx22g-51819e4e.tgz && tar -xvf nvidia-tilapia-lrx22g-33c49b1c.tgz && tar -xvf nxp-tilapia-lrx22g-bd4a7a34.tgz && tar -xvf widevine-tilapia-lrx22g-6ee5ee5d.tgz
$ chmod a+x extract-*
$ ./extract-asus-tilapia.sh && ./extract-broadcom-tilapia.sh && ./extract-elan-tilapia.sh && ./extract-invensense-tilapia.sh && ./extract-nvidia-tilapia.sh && ./extract-nxp-tilapia.sh && ./extract-widevine-tilapia.sh
$ source build/envsetup.sh
$ lunch full_tilapia-eng
$ make -j8

Enable ecryptfs in Nexus7 kernel

  • Get the kernel source code

$ git clone https://android.googlesource.com/kernel/tegra.git nexus7_kernel
$ cd nexus7_kernel
$ git checkout android-tegra3-grouper-3.1-lollipop-release

  • Setup build environment

$ git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7
$ export CROSS_COMPILE=arm-linux-androideabi-4.7/bin/arm-linux-androideabi-
$ export ARCH=arm
$ export SUBARCH=arm

  • Create kernel build config

$ make tegra3_android_defconfig

  • Add the following to the kernel config:

CONFIG_KEYS=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_AES=y
CONFIG_ECRYPT_FS=y

  • Build the kernel:

$ make -j8

  • Overwrite the new kernel zImage to AOSP tree

$ cp /nexus7_kernel/arch/arm/boot/zImage /AOSP_TREE/out/target/product/tilapia/kernel

Download and build efs-tools

  • Get the source code

$ git clone https://github.com/catalinionita/Ecryptfs-Tools-for-Android.git git_efstools

  • Move the folder to /AOSP_TREE/external/efs-tools

$ mv Ecryptfs-Tools-for-Android AOSP_TREE/external/efs-tools

  • Apply integration patches

$ cd /AOSP_TREE/external/efs-tools
$ git pull
$ repo forall -c git reset --hard
$ repo forall -c git clean -df
$ croot
$ external/efs-tools/integration/apply_patches.sh

  • Rebuild AOSP tree

$ make -j8

Flash images to Nexus 7 device

  • Enable device connection

$ lsusb

You will see a list of USB devices. Among them, find: the Google Inc. device and save the ID: (e.g +18d1:4ee2). Edit udev rules and add Nexus 7 rules:

$ sudo emacs /etc/udev/rules.d/70-persistent-net.rules
#ASUS - Nexus 7 18d1:4ee2
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666"

  • Restart udev:

$ sudo service udev restart

  • Plug and unplug the device and check connectivity:

$ adb devices

You should be able to see the List of devices attached, containing the Nexus 7 tablet’s serial number.

  • Flash build images to Nexus 7 device

$ adb reboot bootloader
$ cd $OUT
$ fastboot -w flashall

The phone should be flashed properly and rebooted. At this point you have installed a vanilla 5.0.2 Lollipop image on a Nexus 7 tablet with ecryptfs and efs-tools support.

Testing

  • Check if ecryptfs module is active:

$ adb shell
$ cat proc/kallsyms | grep ecryptfs
$ exit

You should see output containing ecryptfs_. If not, the ecryptfs support was not compiled in the kernel.

  • Run efs-tools tests:

$ cd /AOSP_TREE/external/efs-tools/test
$ ./testsuite.sh

  • Checkout the graphical interface for encrypt user data

Go to Settings→Security. First, set a password for the screen lock. Then click on the "Encrypt my data" option. Follow the instructions and encrypt your data.

Add a custom footer
Add a custom sidebar
Clone this wiki locally