crypto-sdcard ("sbj" edition)

Your rating: None Average: 5 (2 votes)

Unlocking and mounting encrypted SD-cards automatically ("sbj" edition)

The necessary steps to prepare an SD-card are described at (TJC).

crypto-sdcard solely protects "data at rest" on SD-cards, i.e. specifically when the device is locked or switched off (and the SD-card may be taken out), as the "key"-files reside unencrypted on fixed, internal mass storage of the device.


  • crypto-sdcard has been extensively tested under SailfishOS versions 2.2.0 up to (and including) 3.0.3.
  • This edition is provided specifically for devices (e.g. Jolla 1 phones aka "sbj"), which need Qualcomm's qcrypto kernel module to be loaded in order to support modern cryptographic schemes as e.g. XTS.
    For all other devices, the generic edition shall be used.
  • Do reboot before using crypto-sdcard.
  • These RPM packages contain newer versions of the configuration files originally posted at TJC, which are now hosted at Github.
  • "Key"-file path and names are:
    • For Cryptsetup LUKS:
    • For Cryptsetup "plain":
    • A specific "<UUID>" can be obtained by executing
      blkid -c /dev/null -s UUID -o value /dev/<device-name>
      with e.g. "mmcblk1p2" as "<device-name>".
  • For discussing the necessary preparation of SD-cards (i.e., partitioning and formatting them, plus the usage of Cryptsetup and creating "key"-files), please use the corresponding thread on TJC.
  • For discussing crypto-sdcard's specific configuration files and its RPM packaging, please use its issue tracker at Github.
  • Issues with these RPM packages or the configuration files they install shall also be filed at crypto-sdcard's issue tracker there.
  • Only if an issue is assumed to be specific to this "sbj" edition, filing it in its edition specific issue tracker makes sense.
  • As this web-page at OpenRepos exists merely for distributing crypto-sdcard packaged for SailfishOS, there is no need for issuing comments here.


  • These configuration files do not alter, replace or delete any extant files.
  • Support of encrypted partitions and whole devices.
  • Support for (µ)SD-cards and USB-attached storage (if supported by device hardware and Operating System).
  • Interoperable with SailfishOS GUI apps (see details).
  • Support for Cryptsetup LUKS and Cryptsetup "plain".
    • Note that SailfishOS (by providing Cryptsetup v1.x.y) supports only LUKSv1 headers.
    • Default parameters for Cryptsetup "plain" are "-h sha1 -s 256 -c aes-xts-plain".
  • Start mounting encrypted (partitions on) SD-card via udisks at the earliest sensible time: Right after udisks2.service has started.
  • Unmount before udisks2 begins stopping, hence achieving a clean unmount.
  • Ensure, that AlienDalvik begins starting after mounting succeeded, to allow for android_storage on SD-card. Even more importantly this also ensures, that unmounting occurs only after AlienDalvik is completely stopped.
    Nevertheless, these configuration files are also applicable to devices without AlienDalvik installed.
  • Boot time is not significantly prolonged, as unlocking encrypted partitions per Cryptsetup occurs in parallel to starting udisks2; after both succeeded, all mount operations are also started concurrently.
  • Versions below 1.0: create / try to rectify the "compatibility symlink" in order to allow older apps seamlessly accessing encrypted (partitions on) SD-cards at their new (since SailfishOS 2.2.0) mount point.


Application versions: 
File crypto-sdcard_sbj-0.6-1.noarch.rpm10.95 KB19/01/2019 - 23:57
File crypto-sdcard_sbj-0.6-2.noarch.rpm10.95 KB26/01/2019 - 20:03
File crypto-sdcard_sbj-0.6-3.noarch.rpm10.35 KB26/01/2019 - 20:03
File crypto-sdcard_sbj-1.0-2.noarch.rpm9.52 KB26/01/2019 - 20:03

A plain changelog is provided at the bottom of crypto-sdcard "sbj" edition's README at Github and changes to the RPM packaging are coarsely documented in its release comments there.


olf's picture

BTW, crypto-sdcard ("sbj" edition) is in "maintenance mode" since version 1.0, as it appears to be stable and feature complete for its users.
That means there will be no new releases, unless bugs are reported (preferably at Github) or a new SailfishOS release breaks it.