As I understand it, the pixel dialer now has a call recording capability built in, but its only enabled on a per country basis. Even though its legal to do single party recording in my jurisdiction, its not enabled. I had the same issue with my old one plus 7t, but I was able to force it via some automatable adb magic. Is there any way to do this for the Pixel 7?
possible only after root.
How? Please elaborate. Thanks
How to root P7
How to unlock the bootloader and root the Google Pixel 7 or Pixel 7 Pro with Magisk
Planning to root your Google Pixel 7 or Pixel 7 Pro? Here's how to unlock the bootloader and root the latest 2022 Pixel phones with Magisk!
www.xda-developers.com
GoogleDialerMod-Magisk
GitHub - jacopotediosi/GoogleDialerMod-Magisk: A deprecated module to tweak Google Dialer (Phone by Google) Android application to enable hidden features like call recording. Use https://github.com/jacopotediosi/GoogleDialerMod instead.
A deprecated module to tweak Google Dialer (Phone by Google) Android application to enable hidden features like call recording. Use https://github.com/jacopotediosi/GoogleDialerMod instead. - GitHu...
github.com
is it possible to root the phone, make the change to the db, then undo the changes (i.e. I'd rather not have my phone be rootable in general), also somewhat (small) worried about things breaking because of security checks after rooting. And it be nice to be able to use OTA upgrades.
No, it's not possible.
After unrooting, the bootloader must be locked, which will wipe data
efkosk said:
No, it's not possible.
After unrooting, the bootloader must be locked, which will wipe data
Click to expand...
Click to collapse
so the only way to do it in a way that could be preserved while maintaining the ability to do OTAs and the like would be if an user accessible exploit was discovered that enabled users to modify the sqlite db and that the OTAs don't overwrite said db? (big assumption, dont know if its true).
i.e. thinking creatively.for pixel 6
1) install the original firmware - i.e. from https://developers.google.com/android/images
2) somehow make use of dirty pipe to gain root, make the changes directly with sqlite, reboot, and phone will still be locked no longer rootable, but changes should persist in db.
and as phone was never unlocked, OTAs should work?
though, even if this is all true, doesn't help pixel 7 users (today). Also doesn't help if db gets overwritten fully (which even if small OTAs dont, I'd imagine, that the android 12-13 upgrade might have?, but again, assumption).
"somehow make use of dirty pipe to gain root" is comical. Do it like this somehow, but I don't know how.. :- D
No need to worry about root.
OTA works, you just have to use pixelflasher for that. It's not a problem and everything works perfectly.
Related
I really want to root my Droid Turbo, but I use Android Pay pretty frequently. I read once the phone is rooted, Android Pay will no longer work. I've read a few different things on the site and I'm just looking for some clarity. What exactly causes it to stop working? Is it rooting, unlocking the bootloader, both?
Since you have to unlock the bootloader for the Turbo root, and it sounds like once I unlock it there's no way to safely re-lock it, if I go through with the root, there's really no going back to Android Pay ever again because unlocking the bootloader.
Is there no shot of this working if I root my Droid Turbo? If this has explicitly been discussed and defined, I apologize, but I couldn't find an definitive answer to it.
hyphy88 said:
I really want to root my Droid Turbo, but I use Android Pay pretty frequently. I read once the phone is rooted, Android Pay will no longer work. I've read a few different things on the site and I'm just looking for some clarity. What exactly causes it to stop working? Is it rooting, unlocking the bootloader, both?
Since you have to unlock the bootloader for the Turbo root, and it sounds like once I unlock it there's no way to safely re-lock it, if I go through with the root, there's really no going back to Android Pay ever again because unlocking the bootloader.
Is there no shot of this working if I root my Droid Turbo? If this has explicitly been discussed and defined, I apologize, but I couldn't find an definitive answer to it.
Click to expand...
Click to collapse
Getting Android Pay to work on a modified device is a constant cat and mouse game. A few workarounds were found and promptly patched by Google in Android Pay/Google Play Services/ Google App updates. If you use it frequently, unlocking is a bad idea. Android Pay might still work on an unlocked device, but any change that you make to any system files will cause it to not work, so there's no point in unlocking.
Even if you managed to root without unlocking (via moforoot or through the terrible kingroot method), you would break Android Pay because root is one of the first things that it looks for, and none of the apps/xposed modules designed to fool it are successful at doing so.
TheSt33v said:
Getting Android Pay to work on a modified device is a constant cat and mouse game. A few workarounds were found and promptly patched by Google in Android Pay/Google Play Services/ Google App updates. If you use it frequently, unlocking is a bad idea. Android Pay might still work on an unlocked device, but any change that you make to any system files will cause it to not work, so there's no point in unlocking.
Even if you managed to root without unlocking (via moforoot or through the terrible kingroot method), you would break Android Pay because root is one of the first things that it looks for, and none of the apps/xposed modules designed to fool it are successful at doing so.
Click to expand...
Click to collapse
Thank you, I rooted, it doesn't work. Now I'm free to flash custom roms and make modifications without the worry of breaking Android Pay. Whatever, small loss to gain so much. Thanks again for your reply.
TheSt33v said:
...any change that you make to any system files will cause it to not work, so there's no point in unlocking.
Click to expand...
Click to collapse
I have an unlocked bootloader, TWRP recovery, and even flashed an emoji mod and the volume boost mods and haven't lost Android Pay.
Just earlier today, I used Sunshine for temp root and used AdAway to modify the hosts file and block ads. Once I rebooted (to disable the Sunshine temp root), Android Pay worked just fine.
Sent from my XT1254 using XDA-Developers mobile app
syphix said:
I have an unlocked bootloader, TWRP recovery, and even flashed an emoji mod and the volume boost mods and haven't lost Android Pay.
Just earlier today, I used Sunshine for temp root and used AdAway to modify the hosts file and block ads. Once I rebooted (to disable the Sunshine temp root), Android Pay worked just fine.
Sent from my XT1254 using XDA-Developers mobile app
Click to expand...
Click to collapse
Makes sense. You didn't add any additional files to the system partition. I think as long as that's the case, Android Pay will work.
syphix said:
I have an unlocked bootloader, TWRP recovery, and even flashed an emoji mod and the volume boost mods and haven't lost Android Pay.
Just earlier today, I used Sunshine for temp root and used AdAway to modify the hosts file and block ads. Once I rebooted (to disable the Sunshine temp root), Android Pay worked just fine.
Sent from my XT1254 using XDA-Developers mobile app
Click to expand...
Click to collapse
did you have android pay PRIOR to root/unlock? I've read somewhere that a work-around is to disable root, reboot, setup android pay, then re-establish root.
thanks...
jco23 said:
did you have android pay PRIOR to root/unlock? I've read somewhere that a work-around is to disable root, reboot, setup android pay, then re-establish root.
thanks...
Click to expand...
Click to collapse
That workaround will allow you to add cards, but paying will fail if you try to use them.
TheSt33v said:
That workaround will allow you to add cards, but paying will fail if you try to use them.
Click to expand...
Click to collapse
I think that changing the system is the only act preventing Android Pay to work properly. Neither unlocking bootloader nor rooting (as long as it is the systemless) does that. I believe that method used by GPS is just checking system hash (MD5 signature). Every system change brakes it. Safetynet test shows you authentically whether Android Pay could work or not. To date I haven't seen a single proof otherwise.
Jj
Has anyone done the systemless root for the turbo? I tried but either missed a step or it didn't work for my device
Sent from my XT1254 using XDA-Developers mobile app
Does your workplace have a BYOD policy that enforces full device encryption?
Have you already unlocked your bootloader and rooted your device, thus tripping Samsung Knox?
Have you tried to use Android Work Profile only to find out that "Your custom OS" does not allow it even if you reverted to stock and unrooted? (I know, right?)
Here is the solution...
Steps
Unlock Bootloader and Install TWRP.
(Thanks dr.ketan and geiti94)
Install the Dev-Base ROM and force Encryption by using the Dev-base ROM file name tags/triggers. (Thanks _alexndr)
Upon booting for the first time, setup pin with the checkbox for booting with pin protection. (This is full device Encryption).
Reboot
Enable Multi User (Samsung has disabled this by default)
arpanbag1996 said:
Enable multi-user feature on your Android one phone (running Android 5.1 Lollipop) without flashing .zip through custom recovery. All you need is root access.
Just go to /system , edit your "build.prop" file and add the following lines:
fw.max_users=3
fw.show_multiuserui=1
Save and reboot your phone. Done! Tested on Micromax Canvas A1.
Click to expand...
Click to collapse
(Source - Thanks arpanbag1996)
Add another user in settings>accounts.
Switch to second user and add your work account.
Make sure not to use any app that removes full device encryption. (Example: bxActions)
I've done this on my own device (SM-960F/DS) and it works great!
Let me know if anyone had success with any other ways to do this. I'm always open to suggestions.
Reserved for updates and alternatives
Thanks a lot for this guide! However, unless I'm missing something here, this method doesn't create an actual work profile, but a rather a seperate user on the device that's devoted just for the G Suite account (as adding my G Suite account on the sub user does not even prompt me to create a Work Profile). On my current device, ZTE Axon 7, where I can use work profile version and my personal gmail app side by side as if they are two separate apps, instead having to switch user account.
And of course, I can just add my G Suite account to my main user since I guess I'll trade a bit of my privacy from corporate IT for convenience sake. On the other hand I wonder if @_alexndr can consider enabling this feature in DevBase...
Or use an app like Nine (by 9Folders) that enforces Exchange Security at the app level and doesn't require the device to be secure.
Or you can use Exchained to bypass the policy entirely for Exchange based BYOD policies.
Sent from my SM-N960F using Tapatalk
I'm pretty sure this thread is about G Suite and Android work profile and not the Microsoft's stuff?
Sent from my SM-N960F using Tapatalk
kgptzac said:
I'm pretty sure this thread is about G Suite and Android work profile and not the Microsoft's stuff?
Sent from my SM-N960F using Tapatalk
Click to expand...
Click to collapse
No, it is about Android Work profile.
Microsoft Itunes use Work profile
G Suite Idk use work profile
But All MDM use work profile since android 9 ( maybe 8)
This thread should be on every samsung device. Because the issue is caused by knox.
Would this work for my Samsung A70. Really looking for a answer.
I'm confused. So which option should I choose out of the above replies and OP's suggestion? I want to have my work account on my personal device. But my phone is rooted, Knox triggered.
"island" is the app you are looking for
Updated long back but still works pretty fine.
Try "island" from playstore
Not updated from quite long but will do the job.
futurepack said:
Updated long back but still works pretty fine.
Click to expand...
Click to collapse
I installed Island and its gives me "cannot create work profile" error. Tried to setup Island with root, and I got stage 1 error.
Remove knox
Knox uses the same method as island to create work profile. Try installation after removing Knox.
Is possible i use in n950f? i lost the work profile installing the rom deluxe, and i need to work.
Hey Guys, i also have a fresh rooted and with custom rom installed Samsung (S10e but i assume the model doesn't matter for this topic).
I also have a GSuite account from my company and don't get it managed to istalla work profile on my phone.
Just getting a error that i use an modified ROM and therefore a work profile cannot be installed.
I know such similar issues from my pixel 3 where i just use Magisk hide which unfortunately don't work on the Samsung.
Also tried exchained and Island app (cannot be installed) which also don't really work.
For me the app Island work!!! Really thanks i use deluxe Room in note 8.
But the add a icon in initial menu the icon os the same, dont haver a small bag BLUE in bottom
demercy said:
For me the app Island work!!! Really thanks i use deluxe Room in note 8.
But the add a icon in initial menu the icon os the same, dont haver a small bag BLUE in bottom
Click to expand...
Click to collapse
can you share how you did this? which MDM solution are you using?
Maybe he can fix the job profile just like patching the security folder, so that he can work on the device that Knox tripped over! There will always be incompatibility when setting the island!
Techronico said:
Does your workplace have a BYOD policy that enforces full device encryption?
Have you already unlocked your bootloader and rooted your device, thus tripping Samsung Knox?
Have you tried to use Android Work Profile only to find out that "Your custom OS" does not allow it even if you reverted to stock and unrooted? (I know, right?)
Here is the solution...
Steps
Unlock Bootloader and Install TWRP.
(Thanks dr.ketan and geiti94)
Install the Dev-Base ROM and force Encryption by using the Dev-base ROM file name tags/triggers. (Thanks _alexndr)
Upon booting for the first time, setup pin with the checkbox for booting with pin protection. (This is full device Encryption).
Reboot
Enable Multi User (Samsung has disabled this by default)
(Source - Thanks arpanbag1996)
Add another user in settings>accounts.
Switch to second user and add your work account.
Make sure not to use any app that removes full device encryption. (Example: bxActions)
I've done this on my own device (SM-960F/DS) and it works great!
Let me know if anyone had success with any other ways to do this. I'm always open to suggestions.
Click to expand...
Click to collapse
This is only a multi-user mode, and has nothing to do with the work profile!
demercy said:
For me the app Island work!!! Really thanks i use deluxe Room in note 8.
But the add a icon in initial menu the icon os the same, dont haver a small bag BLUE in bottom
Click to expand...
Click to collapse
Could you share with us how you managed that ?
I myself am unsuccessful installing Island because the work profile cannot be created....
Is it possible to unlock?
At this moment, no.
You will know as it'll be reported here very early. There are some third party companies that do it. Some are cheaper than others.
For the moment, there is nothing..
Sucks I know
I asked this before on another similar thread and didn't get a response. Is it possible to dump the bootloader from either an unlocked or locked phone to analyse it for potential vulnerabilities either in how it handles the unlock code, or more generally that would allow a user to soft-mod unlock the phone? I know for the 5th, 7th, and 9th gen Fire 7 tablets exploits were found in the LK part of the bootloader which eventually allowed for a customised version of TWRP to be flashed onto the devices, and later LineageOS. If we could dump the current Huawei bootloader surely we could try to find if there are any similar exploits?
I am found metod but it needs mrt dongle((
Tbh custom roms aren't really important anymore. Google is already ruining android everytime a new update comes around, like the overlay feature that was introduced in oreo but then removed for no reason.
Besides EMUI is already optimised for the chip so, again, no reason for custom roms and/or rooting (unless you want to remove bloatware but that can be solved via ADB)
The Restless Soul said:
Tbh custom roms aren't really important anymore. Google is already ruining android everytime a new update comes around, like the overlay feature that was introduced in oreo but then removed for no reason.
Besides EMUI is already optimised for the chip so, again, no reason for custom roms and/or rooting (unless you want to remove bloatware but that can be solved via ADB)
Click to expand...
Click to collapse
I am need it for root and lineage os
Hey there guys,
I just received my s21 ultra (G998B) and planning to root it. I had a few questions since I’m new to this and wanted some clarifications:
1) If I root the phone can I update it OTA through the settings or do I have to update it by another method? Will I lose root/data/apps if I do that?
2) If I lose root when updating it, can I just root again and be all set? Or do I have to follow another procedure for that?
3) I am planning to debloat a few apps and services that I won’t be using, if I update the system/software will the stuff that I debloated come back and will I have to do the debloat again?
Thank you for all the help.
paul_cherma said:
Hey there guys,
I just received my s21 ultra (G998B) and planning to root it. I had a few questions since I’m new to this and wanted some clarifications:
1) If I root the phone can I update it OTA through the settings or do I have to update it by another method? Will I lose root/data/apps if I do that?
2) If I lose root when updating it, can I just root again and be all set? Or do I have to follow another procedure for that?
3) I am planning to debloat a few apps and services that I won’t be using, if I update the system/software will the stuff that I debloated come back and will I have to do the debloat again?
Thank you for all the help.
Click to expand...
Click to collapse
1- Probably not usually the root or recovery will block OTA updates from installing, even if they download.
2- If you lose root, you can USUALLY re-root assuming the same root method wasnt patched. If it was patched, a new root method (though probably still through magisk) will be needed. If this is the case, its up to the dev to find that method, you might be without root for a while.
3-if you debloat, and receive an OTA, your will probably need to de-bloat again, thought I havent personally had experience with this.
Why are you rooting? Just to de-bloat? If so, root isn't really necessary...
As someone who's been in the rooting stage for many years, i can answer your questions.
1. You can not update your phone through OTA updates after rooting the device, as the device was modified in an unauthorized way. And since you own a galaxy phone, the e-fuse within the motherboard will blow and knox will be permanently blown. You can no longer use samsung pay, google pay, and any other app that uses the safetynet api, even after you unroot the device.
2. You will lose root every time you update. You will need ODIN on your PC in order to properly update your firmware and to re-root your device by following the procedure again that you used to root your device, unless samsung patched the method you used to root your device. You can always check what bootloader version you're on within the firmware. For example, on the galaxy S8, the firmware version is N950U1UES5CRG9. The 5th to last number of the firmware will tell you. In this case, N950U1UES5CRG9 is the 5th bootloader version. Keep this in mind once samsung starts to update your phone often.
3. You will have to debloat again from scratch. In order to fully update your device through ODIN, you need to download the full firmware file containing an AP (Firmware), BL (Bootloader) , CP (Modem), and CSC (Carrier File) and manually flash them.
Do keep in mind, it is possible to soft brick or even hard brick your device, so back up your data frequently if you decide to tinker with your device.
Thank you for the detailed answer. I just updated my software to the latest official one by Samsung (April 1st security patch) but I am not rooted yet. I guess I could live with the fact that I can root the phone now and stay on this software version/security patch until I upgrade, since I would have to go through a lot of hassle to set-up the phone the way I wanted. But the main reason why I want to get the official updates is because of the camera improvements that Samsung does, since the main reason of me getting this phone is the camera. And there are some root-required tweaks that I absolutely need such as Viper, and some xposed tweaks also. I like the Stock ROM of Samsung, it really has come a long way at least imo throughout the years, as I have been a Samsung user since day 1 but:
Would it be a good idea to install a custom ROM then? I am reading the description of a few custom ROMs and it seems like I can “retain everything” by simply dirty flashing the ROM and following the dev’s instructions on how to retain root whenever the developer updates it. Is that a better route to take you think? I can keep my device rooted, and still get the updates through a custom ROM.
paul_cherma said:
Thank you for the detailed answer. I just updated my software to the latest official one by Samsung (April 1st security patch) but I am not rooted yet. I guess I could live with the fact that I can root the phone now and stay on this software version/security patch until I upgrade, since I would have to go through a lot of hassle to set-up the phone the way I wanted. But the main reason why I want to get the official updates is because of the camera improvements that Samsung does, since the main reason of me getting this phone is the camera. And there are some root-required tweaks that I absolutely need such as Viper, and some xposed tweaks also. I like the Stock ROM of Samsung, it really has come a long way at least imo throughout the years, as I have been a Samsung user since day 1 but:
Would it be a good idea to install a custom ROM then? I am reading the description of a few custom ROMs and it seems like I can “retain everything” by simply dirty flashing the ROM and following the dev’s instructions on how to retain root whenever the developer updates it. Is that a better route to take you think? I can keep my device rooted, and still get the updates through a custom ROM.
Click to expand...
Click to collapse
That really varies depending on the custom rom you go for. Usually when you dirty flash a rom, you would need to re root your device, but some (not all) roms are persistent with root after system updates. Do keep in mind if you switch to a custom rom, your system might be more buggy and crash more often. One thing i will say though is that xposed is outdated. The last android version xposed officially supported was either 8 or 9. When it has to come down to certain mods you'd wish to have with root, take that into consideration too, as it might make your device really unstable if it's too outdated or if there's a buggy port available. I've dealt with that issue too many times on my phones.
HighOnLinux said:
That really varies depending on the custom rom you go for. Usually when you dirty flash a rom, you would need to re root your device, but some (not all) roms are persistent with root after system updates. Do keep in mind if you switch to a custom rom, your system might be more buggy and crash more often. One thing i will say though is that xposed is outdated. The last android version xposed officially supported was either 8 or 9. When it has to come down to certain mods you'd wish to have with root, take that into consideration too, as it might make your device really unstable if it's too outdated or if there's a buggy port available. I've dealt with that issue too many times on my phones.
Click to expand...
Click to collapse
if xposed is outdated, what is the new thing the comunity is migrating to? All the privacy, security, and customizability tools available through xposed must go somewhere, right?
Twodordan said:
if xposed is outdated, what is the new thing the comunity is migrating to? All the privacy, security, and customizability tools available through xposed must go somewhere, right?
Click to expand...
Click to collapse
There's buggy ports thats flashable on magisk. While you still can get xposed, it'll be an unofficial version, and more likely to run into issues within your rom and daily use into your device.
HighOnLinux said:
There's buggy ports thats flashable on magisk. While you still can get xposed, it'll be an unofficial version, and more likely to run into issues within your rom and daily use into your device.
Click to expand...
Click to collapse
I mean xprivacy on xposed was the must have killer feature for any android device to turn your device into anything other than a privacy nightmare. If we can't do that any more we are f'd.
[EDIT] Looks like the new version of xprivacy, xprivacyLua is still supported for android 11, with magisk and EdXposed or LSPosed:
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com
XPrivacyLua/README.md at master · M66B/XPrivacyLua
Really simple to use privacy manager for Android 6.0 Marshmallow and later - XPrivacyLua/README.md at master · M66B/XPrivacyLua
github.com
I want to use a work profile and enroll my device using company portal to access my work email/teams while my phone is rooted.
I have burned a lot of time attempting to achieve this, thus far without success, so I'm hoping for some community help. My attempts can be categorized as performed on official FW (+root) and on a custom ROM (BeyondROM).
Using official samsung firmware
I have ODIN-flashed the latest BULF firmware on my SM-998B with a full wipe. Using original AP package, so no magisk yet. Company Portal then fails me with a somewhat generic "Cannot create a work profile - The security policy prevents the creation of a managed device because a custom has been installed on this device". At this point, device is not rooted and there are no signs of magisk lingering, so either this is a bug, or it queries Knox for the tripped efuse.
Next I attempted to create a work profile using Shelter, Island and SecureFolder. Each of them seem to run into the exact same error (worded slightly differently).
My gut feeling is that there is an issue with the underlying work profile functionality within Android itself, and I'm not being held back by simply the Knox bit -- surely Island doesn't mind a custom OS.
I then proceeded to root the official firmware with magisk (23016 canary, and since yesterday 24000 beta). Attempted every combination of denylist, zygisk, shamiko and USNF. None of it makes any difference: every attempt to instantiate a work profile immediately fails.
Using custom ROM
Custom ROM specifically mentions that Samsung's SecureFolder *works* with it, so while I generally prefer to customize the OS myself, I figured flashing this was worth a shot. So I did, and indeed, work profile functionality is not borked anymore. Even before installing the Magisk romdisk, both Shelter and Island manage to create a work profile, and I can install apps inside it. No need for root hiding at all, it seems.
Then I moved on to Company Portal. The enrollment procedure now actually appears to start and after ~3 seconds I am told: we need to encrypt the device. It's definitely getting further than it did on official firmware. I'm okay with encrypting the device. At full battery/charger inserted I can seemingly start this procedure, but it then hangs at a black screen with centered android picture. At this point my buttons and statusbar are made inaccessible. After an hour of nothing happening I restarted - no data was lost, I'm sure it never even started to encrypt.
Enabling encryption from the Biometric & Security menu is not presented as an option either.
If anyone has insights as to why work profile creation completely fails on stock firmware (and how to fix that), or if anyone knows the we can enable encryption while running a custom ROM, please reply.
By using MagiskHidePropsConf I was able to set `ro.crypto.state` from `unencrypted` to `encrypted`. This allowed me to create a full work profile, without it asking me to encrypt first.
Next a bunch of "rooted" issues came up, but Shamiko and USNF solved that.
I could then access the apps within the work profile, but the device is still not in compliance because it insists I should enable 'secure startup', i.e. ask a full password/pin after reboot -- this actually does happen on reboots, but I cannot find any corresponding menu entry for it.
That said, I can access the apps inside the portal now, which is the main thing. Perhaps I can even trick it into thinking the device is in compliance.
was your bootloader unlocked when you tried with the official firmware?
Yes, it has been unlocked for over a year. I did not re-lock before trying official firmware though.
Intune is supposed to work only on unmodified devices
see here https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy
according to microsoft it won't work on
Devices that fail basic integrity
Devices with an unlocked bootloader
Devices with a custom system image/ROM
Devices for which the manufacturer didn't apply for, or pass, Google certification
Devices with a system image built directly from the Android Open Source Program source files
Devices with a beta/developer preview system image
Hi @zzattack ,
I am in the exact point like you, but I am on S9+ NOBLEROM (based on stock).
With crDroid ROM, all is working ok with Company Portal (encryption working, and I used Magisk to hide root).
But I would like to use NOBLEROM. I also set build prop ro.crypto.state to encrypted. For me 'Secure startup' is not showing in Biometrics and security, an no password required on boot. It is up only for Lock screen.
Did you managed to overcome secure startup ? Maybe it is a posibility to trick 'secure startup' is enabled, even it is not.
Obs. In my case, I can not run apps from work profile, even it is created and apps visible.
Thanks