Lines Matching full:encryption
1 page.title=Encryption
28 <h2 id=what_is_encryption>What is encryption?</h2>
30 <p>Encryption is the process of encoding user data on an Android device using an
38 <li>Created fast encryption, which only encrypts used blocks on the data partition
40 currently support fast encryption.
42 <li>Added support for patterns and encryption without a password.
43 <li>Added hardware-backed storage of the encryption key using Trusted
53 <h2 id=how_android_encryption_works>How Android encryption works</h2>
55 <p>Android disk encryption is based on <code>dm-crypt</code>, which is a kernel
57 this, encryption works with Embedded MultiMediaCard<strong> (</strong>eMMC) and
59 devices. Encryption is not possible with YAFFS, which talks directly to a raw
62 <p>The encryption algorithm is 128 Advanced Encryption Standard (AES) with
69 <p>In the Android 5.0 release, there are four kinds of encryption states: </p>
89 re-encryption of userdata.) </p>
91 <p>Encryption is managed by <code>init</code> and <code>vold</code>. <code>init</code> calls <code>vold</code>, and vold sets properties to trigger events in init. Other parts of the system
94 encryption features in <code>vold</code>, the system uses the command line tool <code>vdc</code>?s <code>cryptfs</code> commands: <code>checkpw</code>, <code>restart</code>, <code>enablecrypto</code>, <code>changepw</code>, <code>cryptocomplete</code>, <code>verifypw</code>, <code>setfield</code>, <code>getfield</code>, <code>mountdefaultencrypted</code>, <code>getpwtype</code>, <code>getpw</code>, and <code>clearpw</code>.</p>
124 <li>Encrypt a new device with <code>forceencrypt</code>: Mandatory encryption at first boot (starting in Android L).
125 <li>Encrypt an existing device: User-initiated encryption (Android K and earlier).
167 often not actually appear because encryption happens so quickly. See <a href="#encrypt_an_existing_device">Encrypt an existing device</a> for more details about the progress UI. </p>
175 encryption type to see if <code>/data</code> is encrypted with or without a
194 <p>This process is user-initiated and is referred to as ?inplace encryption? in
197 power to finish the encryption process.</p>
203 <p>To enable inplace encryption, <code>vold</code> starts a loop to read each sector of the real block device and then write it
205 encryption much faster on a new device that has little to no data. </p>
236 every five seconds and updates a progress bar. The encryption loop updates <code>vold.encrypt_progress</code> every time it encrypts another percent of the partition. </p>
246 <h3 id=starting_an_encrypted_device_with_default_encryption>Starting an encrypted device with default encryption</h3>
250 password and therefore this is the <em>default encryption</em> state.</p>
259 <p><code>vold</code> sets <code>vold.decrypt</code> to <code>trigger_default_encryption</code>, which starts the <code>defaultcrypto</code> service. <code>trigger_default_encryption</code> checks the encryption type to see if <code>/data</code> is encrypted with or without a password. </p>
276 <h3 id=starting_an_encrypted_device_without_default_encryption>Starting an encrypted device without default encryption</h3>
305 sends the command <code>cryptfs cryptocomplete</code> to <code>vold</code>. <code>vold</code> returns 0 if encryption was completed successfully, -1 on internal error, or
306 -2 if encryption was not completed successfully. <code>vold</code> determines this by looking in the crypto metadata for the <code>CRYPTO_ENCRYPTION_IN_PROGRESS</code> flag. If it's set, the encryption process was interrupted, and there is no
352 <p>If <code>vold</code> detects an error during the encryption process, and if no data has been
353 destroyed yet and the framework is up, <code>vold</code> sets the property <code>vold.encrypt_progress </code>to <code>error_not_encrypted</code>. The UI prompts the user to reboot and alerts them the encryption process
358 <p>If <code>vold</code> detects an error during the encryption process, it sets <code>vold.encrypt_progress</code> to <code>error_partially_encrypted</code> and returns -1. The UI should then display a message saying the encryption
368 <li>Generate random 16-byte disk encryption key (DEK) and 16-byte salt.
385 <h2 id=encryption_properties>Encryption properties</h2>
388 properties for encryption.</p>
422 <td>Set by vold to shutdown the full framework to start encryption.</td>
427 progress bar UI for encryption or
444 <td>The progress bar UI should display a message that the encryption failed, and
451 display a message saying encryption completed, and give the user a button to reboot the device. This error is not expected to happen.</td>
