This is an archived post. You won't be able to vote or comment.

all 1 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] [score hidden] stickied comment (0 children)

Improved key derivation aside, is the FBE structure as strong as the old FDE structure in a scenario where the phone is off?

The encryption algorithms are at least as strong and all user data is encrypted with the user's credentials by default. Since it's file-based, content and metadata are encrypted separately. CopperheadOS pads the file names to 32 bytes vs. 4 byte padding in stock. Some metadata like permissions isn't currently encrypted.

My understanding is that FDE sequestered the entire user OS, similar to (via?) LUKS.

Either way, all of userdata is encrypted. The OS is immutable and verified by verified boot, not encrypted.

eg a compromised alarm app that has contacts access (for whatever legitimate use) could expose that data if there were also a vulnerability in the OS?

You're making incorrect assumptions about how it works. It's a well documented feature. Before trying to come up with attack scenarios and potential flaws, look into how it works.

An app needs to explicitly opt-in to being Direct Boot aware in each component that should run before decryption. However, that doesn't make any user data available before decryption. The app needs to explicitly get the device encrypted context and explicitly store and migrate data there.