Pixel XL / Nexus 5X show no option to change encryption passsword

[Rudd-O]

The option is just vanished.

(Yes, I built the Pixel XL myself. The Nexus 5X are the images you distribute.)

[thestinger]

It's not possible for this option to exist on the Pixel or Pixel XL.

It wasn't removed for earlier devices, but I didn't implement it again for Android Nougat. The feature needs to be designed differently to work on both FBE and FDE devices and I didn't want to expend effort keeping alive a legacy feature that Google decided to obsolete.

I decided that the best approach is building on top of the fingerprint unlock support, by adding the option of requiring a PIN as a second factor. Fingerprint unlock already has all the infrastructure to be a proper secondary unlock mechanism, and then there's the bonus of having a strong encryption passphrase as the main unlock method (first boot and after a timeout) and 2 factor authentication with a weaker PIN as the convenient unlock method. I think the fingerprint scanner is more convenient than the power button when you're used to it so it would be an all around win.

However, it needs someone to implement it. It's filed as #451. I won't have time to do it myself in the foreseeable future.

[thestinger]

It's not possible for this option to exist on the Pixel or Pixel XL.

It wasn't removed for earlier devices, but I didn't implement it again for Android Nougat. The feature needs to be designed differently to work on both FBE and FDE devices and I didn't want to expend effort keeping alive a legacy feature that Google decided to obsolete.

I decided that the best approach is building on top of the fingerprint unlock support, by adding the option of requiring a PIN as a second factor. Fingerprint unlock already has all the infrastructure to be a proper secondary unlock mechanism, and then there's the bonus of having a strong encryption passphrase as the main unlock method (first boot and after a timeout) and 2 factor authentication with a weaker PIN as the convenient unlock method. I think the fingerprint scanner is more convenient than the power button when you're used to it so it would be an all around win.

However, it needs someone to implement it. It's filed as #451. I won't have time to do it myself in the foreseeable future.

[Rudd-O]

I can't guess the password and my phone is fully bricked now for whatever it is worth. You gave me instructions to flash an updated userdebug build OTA, which I have done by entering recovery and trying to flash the image-marlin-*.zip file. This says "Footer is wrong" then "signature verification failed". Same keys and everything.

• What the hell am I doing wrong?
• Did I really just piss a thousand dollars away?

At this point I just want to know, because I have to catch a flight. Can't do shit about it until next week.

[Rudd-O]

I can't guess the password and my phone is fully bricked now for whatever it is worth. You gave me instructions to flash an updated userdebug build OTA, which I have done by entering recovery and trying to flash the image-marlin-*.zip file. This says "Footer is wrong" then "signature verification failed". Same keys and everything.

• What the hell am I doing wrong?
• Did I really just piss a thousand dollars away?

At this point I just want to know, because I have to catch a flight. Can't do shit about it until next week.

[thestinger]

You need to flash the ota_update zip, not the image zip.

[thestinger]

You need to flash the ota_update zip, not the image zip.

[thestinger]

So don't worry, there's no sign anything is wrong yet, you were just sideloading an unsigned zip that's used in factory images rather than the ota update zip.

[thestinger]

So don't worry, there's no sign anything is wrong yet, you were just sideloading an unsigned zip that's used in factory images rather than the ota update zip.

[Rudd-O]

Phew. Now... Which zip do I sideload?

…

On June 27, 2017 4:41:17 PM GMT+02:00, Daniel Micay ***@***.***> wrote: So don't worry, there's no sign anything is wrong yet, you were just sideloading an unsigned zip that's used in factory images rather than the ota update zip. -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #647 (comment)

-- Rudd-O http://rudd-o.com/

[Rudd-O]

Phew. Now... Which zip do I sideload?

…

On June 27, 2017 4:41:17 PM GMT+02:00, Daniel Micay ***@***.***> wrote: So don't worry, there's no sign anything is wrong yet, you were just sideloading an unsigned zip that's used in factory images rather than the ota update zip. -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #647 (comment)

-- Rudd-O http://rudd-o.com/

[thestinger]

The one with ota_update in the name.

[thestinger]

The one with ota_update in the name.

[Rudd-O]

Cue "I have no idea what I'm doing here dog.git" image. Okay. That'll have to wait till at least next week. Different continent now. Thank you so much!

…

On June 27, 2017 4:52:04 PM GMT+02:00, Daniel Micay ***@***.***> wrote: The one with ota_update in the name. -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #647 (comment)

-- Rudd-O http://rudd-o.com/

[Rudd-O]

Cue "I have no idea what I'm doing here dog.git" image. Okay. That'll have to wait till at least next week. Different continent now. Thank you so much!

…

On June 27, 2017 4:52:04 PM GMT+02:00, Daniel Micay ***@***.***> wrote: The one with ota_update in the name. -- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: #647 (comment)

-- Rudd-O http://rudd-o.com/

[Rudd-O]

Recovery procedure worked. Thanks. It should be documented somewhere.

[Rudd-O]

Recovery procedure worked. Thanks. It should be documented somewhere.

[thestinger]

It's possible to build updates that will only be accepted by a device with a serialno in the metadata within the signed update, which is how it will work for official devices as an alternative to shipping them back to be wiped. I can document along with that.

[thestinger]

It's possible to build updates that will only be accepted by a device with a serialno in the metadata within the signed update, which is how it will work for official devices as an alternative to shipping them back to be wiped. I can document along with that.

[thestinger]

Also FWIW the new code that was introduced enforcing a redundant 16 character limit for the password is now changed to 64 bytes like the existing code. They added a default device policy manager doing that.

[thestinger]

Also FWIW the new code that was introduced enforcing a redundant 16 character limit for the password is now changed to 64 bytes like the existing code. They added a default device policy manager doing that.