I wanted to know whether using Android's built-in encryption (introduced in 3.0) would affect my ability to use a custom recovery (Clockwork Mod in my case).
More specifically if I will still be able to perform Nandroid backups/restores and flash new files and updates?
Yes, custom recovery works with encrypted honeycomb device. The built-in encryption doesn't touch ROM & firmware at all. It just encrypts accounts, settings, downloaded apps & their data etc. which can be located on phone memory, internal SD or external SD. That's why encryption is no longer present after factory reset because there's no encrypted data available.
Files for custom recovery environment live on ROM as firmware. That's why they survive factory reset. As Flashing files/updates has to do with ROM, you'll be allowed to do it. When it comes to Nandroid backup, you can do it too, but the chunk of encrypted data will backed up in that form which can't be restored using Titanium Backup. Yes, you could do Nandroid restore flawlessly.
On my encrypted Nexus S I use a temporary tmpfs mount on /sdcard in CWM. It has enough RAM to hold the new ROM in memory during the update:
Download your ROM to /tmp/update.zip and boot into recovery. Then log in via 'adb shell':
## on the host machine do:
me@workstation:/tmp$ adb shell
## now on the device in 'adb shell' mode...
~ # mount -t tmpfs none /sdcard/
## the following command is not needed, it only shows the newly created mount point
~ # df -h
Filesystem Size Used Available Use% Mounted on
[...]
none 172.4M 0 172.4M 0% /sdcard
~ # exit
## now back on the host machine again
me@workstation:/tmp$ adb push update.zip /sdcard/
5567 KB/s (131676307 bytes in 23.097s)
Then do the usual update steps 'install zip from sdcard'.
EDIT: Starting with ICS/Jelly Bean there's the new adb sideload <filename-of-update.zip> method
It works with CWM from version 6.0.1.5 onwards and you need the Android SDK platform-tools v16 or better. If you're in CWM you can see a new entry install zip from sideload if it's supported.
The old method still works:
If sideload doesn't work, you can still use the tmpfs method. CWM expects /data/media as the location for the update.zip now, the mountpoint has however to be /data so you have to do this now:
me@workstation$ adb shell
~ # mount -t tmpfs none /data
~ # mkdir /data/media
## Go on with 'adb push update.zip /data/media' and then like above
Reason:
Starting with ICS+ the proposed partition layout has changed. There should be no FAT formatted sdcard partition any more but the external storage now resides within /data/ (/data/media). To remain compatible, a FUSE mount emulates the old FAT properties (access rights and such). You can see this when there's a fuse mount on /storage/sdcard0, it looks similar to this:
shell@android:/ $ mount | grep fuse
[...]
/dev/fuse /storage/sdcard0 fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,... 0 0
[...]
ce4's answer did not work for me on my Galaxy Nexus GSM (Maguro) using CWM 6.0.1.1. I kept getting errors from CWM telling me it couldn't mount /sdcard even after I mounted a tmpfs there and used adb to push the update.zip there.
After reading a thread at XDA I found out that unlike CWM, TWRP is capable of mounting an encrypted sdcard partition. So I downloaded TWRP for the GNex and flashed it using fastboot. When I booted in to recovery it asked me for the password for the encrypted sdcard partition and I was able to flash the update normally.
Links:
TWRP
XDA Thread
