$ wget http://ltrconsulting.com/howto/android/encrypteduserprofile/sp --14:47:45-- http://ltrconsulting.com/howto/android/encrypteduserprofile/sp Resolving ltrconsulting.com... 209.249.12.184 Connecting to ltrconsulting.com|209.249.12.184|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 6351 (6.2K) [text/plain] Saving to: `sp' 100%[=======================================>] 6,351 --.-K/s in 0.02s 14:47:45 (279 KB/s) - `sp' saved [6351/6351] $ adb remount remount succeeded $ adb push sp /system/bin/sp 31 KB/s (6351 bytes in 0.196s) adb shell chmod 755 /system/bin/sp wget http://ltrconsulting.com/howto/android/encrypteduserprofile/cryptsetup --14:52:55-- http://ltrconsulting.com/howto/android/encrypteduserprofile/cryptsetup Resolving ltrconsulting.com... 209.249.12.184 Connecting to ltrconsulting.com|209.249.12.184|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1017500 (994K) [text/plain] Saving to: `cryptsetup' 100%[=======================================>] 1,017,500 1.26M/s in 0.8s 14:52:56 (1.26 MB/s) - `cryptsetup' saved [1017500/1017500] $ adb push cryptsetup /system/bin/cryptsetup 214 KB/s (1017500 bytes in 4.636s) $ adb shell chmod 755 /system/bin/cryptsetup $ adb shell # sp setup steve Creating new profile for steve Pick a good passphrase. If you forget it, you won't be able to get to your data. Sorry, but you're going to have to enter the passphrase several times. Be sure to use the same one. Enter passphrase: Re-enter passphrase: Free space left on /emmc/profiles is 2778 MB Enter size for filesystem data in MB: 1000 Creating image file. This may take a few minutes... 1024000+0 records in 1024000+0 records out 1048576000 bytes transferred in 356.041 secs (2945099 bytes/sec) Loopback mounting /emmc/profiles/data.steve on /dev/block/loop0 Creating encrypted filesystem data.crypt WARNING! ======== This will overwrite data on /dev/block/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command successful. /dev/mapper/data.crypt is inactive. key slot 0 unlocked. Command successful. Formatting new filesystem data.crypt mke2fs 1.41.10 (10-Feb-2009) Filesystem label=data.crypt OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 64000 inodes, 255871 blocks 12793 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=264241152 8 block groups 32768 blocks per group, 32768 fragments per group 8000 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 32 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. tune2fs 1.41.10 (10-Feb-2009) Creating journal inode: done This filesystem will be automatically checked every 32 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. Free space left on /emmc/profiles is 1778 MB Enter size for filesystem cache in MB: 500 Creating image file. This may take a few minutes... 512000+0 records in 512000+0 records out 524288000 bytes transferred in 185.208 secs (2830806 bytes/sec) Loopback mounting /emmc/profiles/cache.steve on /dev/block/loop1 Creating encrypted filesystem cache.crypt WARNING! ======== This will overwrite data on /dev/block/loop1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command successful. /dev/mapper/cache.crypt is inactive. key slot 0 unlocked. Command successful. Formatting new filesystem cache.crypt mke2fs 1.41.10 (10-Feb-2009) Filesystem label=cache.crypt OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) Stride=0 blocks, Stripe width=0 blocks 128016 inodes, 511484 blocks 25574 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67633152 63 block groups 8192 blocks per group, 8192 fragments per group 2032 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 39 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. tune2fs 1.41.10 (10-Feb-2009) Creating journal inode: done This filesystem will be automatically checked every 39 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. OK. We have new empty encrypted file system created. I'm going to stop the display manager so that files are not in use when I copy them. Your screen will freeze or go dark for while then reboot. This may take several minutes... Press enter to continue. Restarting display # $ <-- There is a few minute wait here while the data copies in background. Wait for your device to reboot. $ $ adb shell <-- Or start your terminal program and type "su " # sp steve Enter passphrase: Re-enter passphrase: Setting up encrypted filesystem data key slot 0 unlocked. Command successful. Setting up encrypted filesystem cache key slot 0 unlocked. Command successful. Display will restart... # You will see that /data and /cache have been remounted as encrytped filesystems # mount <...snip...> /dev/mapper/data.crypt on /data type ext4 (rw,barrier=1,data=ordered) /dev/mapper/cache.crypt on /cache type ext4 (rw,barrier=1,data=ordered) # Reboot to return to your orginal unencrypted profile.