Lines Matching full:encrypted
31 encrypted key. Once a device is encrypted, all user-created data is
32 automatically encrypted before committing it to disk and all reads
45 See <a href="#storing_the_encrypted_key">Storing the encrypted key</a> for more
50 encrypted may be returned to an unencrypted state by factory data reset. New Android 5.0
51 devices encrypted at first boot cannot be returned to an unencrypted state.</p>
63 cipher-block chaining (CBC) and ESSIV:SHA256. The master key is encrypted with
88 is re-encrypted and stored. (ie. user PIN/pass/pattern changes do NOT cause
118 <p>There are four flows for an encrypted device. A device is encrypted just once
127 <li>Boot an encrypted device:
129 <li>Starting an encrypted device with no password: Booting an encrypted device that
131 <li> Starting an encrypted device with a password: Booting an encrypted device that
146 <code>/data</code> is not encrypted but needs to be because <code>/forceencrypt</code> mandates it.
159 <code>vold</code> prepepares the tmpfs <code>/data</code> for booting an encrypted system and sets the
169 <li><strong>When <code>/data</code> is encrypted, take down the framework</strong>
174 default encrypted userdata.) <code>trigger_default_encryption</code> checks the
175 encryption type to see if <code>/data</code> is encrypted with or without a
176 password. Because Android 5.0 devices are encrypted on first boot, there should
200 encrypting, file data is left in a partially encrypted state. The device must
231 <p><code>vold</code> mounts a tmpfs <code>/data</code> (using the tmpfs options from <code>ro.crypto.tmpfs_options</code>) and sets the property <code>vold.encrypt_progress</code> to 0. <code>vold</code> prepares the tmpfs <code>/data</code> for booting an encrypted system and sets the property <code>vold.decrypt</code> to: <code>trigger_restart_min_framework</code> </p>
238 <li><strong>When<code> /data</code> is encrypted, reboot</strong>
240 <p>When <code>/data</code> is successfully encrypted, <code>vold</code> clears the flag <code>ENCRYPTION_IN_PROGRESS</code> in the metadata and reboots the system. </p>
246 <h3 id=starting_an_encrypted_device_with_default_encryption>Starting an encrypted device with default encryption</h3>
248 <p>This is what happens when you boot up an encrypted device with no password.
249 Because Android 5.0 devices are encrypted on first boot, there should be no set
253 <li><strong>Detect encrypted <code>/data</code> with no password</strong>
255 <p>Detect that the Android device is encrypted because <code>/data</code>
259 <p><code>vold</code> sets <code>vold.decrypt</code> to <code>trigger_default_encryption</code>, which starts the <code>defaultcrypto</code> service. <code>trigger_default_encryption</code> checks the encryption type to see if <code>/data</code> is encrypted with or without a password. </p>
276 <h3 id=starting_an_encrypted_device_without_default_encryption>Starting an encrypted device without default encryption</h3>
278 <p>This is what happens when you boot up an encrypted device that has a set
282 <li><strong>Detect encrypted device with a password</strong>
284 <p>Detect that the Android device is encrypted because the flag <code>ro.crypto.state = "encrypted"</code></p>
286 <p><code>vold</code> sets <code>vold.decrypt</code> to <code>trigger_restart_min_framework</code> because <code>/data</code> is encrypted with a password.</p>
304 <p>First, however, it needs to make sure that the disk was properly encrypted. It
324 it was encrypted with the wipe option, which is not supported on first
338 <li>Detect encrypted device with a password
361 <h2 id=storing_the_encrypted_key>Storing the encrypted key</h2>
363 <p>The encrypted key is stored in the crypto metadata. Hardware backing is implemented by using Trusted Execution Environment?s (TEE) signing capability.
364 Previously, we encrypted the master key with a key generated by applying scrypt to the user's password and the stored salt. In order to make the key resilient
404 <td>Check the drive to see if it is encrypted with no password.
457 occured, no data was encrypted or
488 <code>/data ro.crypto.state encrypted</code>. Set by <code>init</code> to say this system is running with an encrypted <code>/data</code>.</td>
