Enabling Adiantum

Adiantum is an encryption method designed for devices running Android 9 and higher whose CPUs lack AES instructions. If you are shipping an ARM-based device with ARMv8 Cryptography Extensions or an x86-based device with AES-NI, you should not use Adiantum. AES is faster on those platforms.

For devices lacking these AES CPU instructions, Adiantum provides encryption on your device with very little performance overhead. For benchmarking numbers, see the Adiantum paper. For the benchmarking source to run on your hardware, see the Adiantum source on GitHub.

To enable Adiantum on a device running Android 9 or higher, you need to make kernel changes and userspace changes.

Kernel changes

Cherry-pick the Adiantum changes to your kernel and apply an additional dm-crypt patch. If you're having trouble cherry-picking, devices using full-disk encryption (FDE) can exclude the "fscrypt: " patch.

Kernel version Kernel changes dm-crypt patch
4.19 4.19 kernel dm-crypt patch
4.14 4.14 kernel dm-crypt patch
4.9 4.9 kernel dm-crypt patch

Enable Adiantum in your kernel

After integrating the kernel changes, change your kernel config by adding the lines:

CONFIG_CRYPTO_ADIANTUM=y
CONFIG_DM_CRYPT=y

If your device uses a 4.4 kernel, also add:

CONFIG_CRYPTO_SEQIV=y

If your device uses file-based encryption (FBE), also add:

CONFIG_F2FS_FS_ENCRYPTION=y

To ensure good performance on a 32-bit ARM kernel, enable NEON instructions for the kernel:

CONFIG_CRYPTO_AES_ARM=y
CONFIG_CRYPTO_CHACHA20_NEON=y
CONFIG_CRYPTO_NHPOLY1305_NEON=y
CONFIG_KERNEL_MODE_NEON=y

Userspace changes

For devices running Android 9, cherry-pick the Adiantum userspace changes in the userspace_adiantum_support_pie topic on the pie-platform-release branch in AOSP.

These changes are also in the master branch of AOSP.

Enable Adiantum in your device

These settings are for the userdata on the device, and also for adoptable storage.

Devices with file-based encryption

To enable Adiantum and improve its performance, set these properties in PRODUCT_PROPERTY_OVERRIDES:

ro.crypto.fde_algorithm=adiantum
ro.crypto.fde_sector_size=4096
ro.crypto.volume.contents_mode=adiantum
ro.crypto.volume.filenames_mode=adiantum

Setting fde_sector_size to 4096 improves performance, but is not required for Adiantum to work. Setting the sector size requires that the offset and alignment of the userdata partition and adoptable storage is 4096-byte aligned.

In the fstab, for userdata use the option:

fileencryption=adiantum

To verify that your implementation worked, take a bug report or run:

adb root
adb shell dmesg

If Adiantum is enabled correctly, you should see this in the kernel log:

fscrypt: Adiantum using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)"

Devices with full-disk encryption

To enable Adiantum and improve its performance, set these properties in PRODUCT_PROPERTY_OVERRIDES:

ro.crypto.fde_algorithm=adiantum
ro.crypto.fde_sector_size=4096

Setting fde_sector_size to 4096 improves performance, but is not required for Adiantum to work. Setting the sector size requires that the offset and alignment of the userdata partition and adoptable storage is 4096-byte aligned.

In the fstab, for userdata set:

forceencrypt

To verify that your implementation worked, take a bug report or run:

adb root
adb shell dmesg

If Adiantum is enabled correctly, you should see this in the kernel log:

device-mapper: crypt: adiantum(xchacha12,aes) using implementation "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)"