1 <html devsite> 2 <head> 3 <title>Adoptable Storage</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 27 <p>Android has always supported external storage accessories (such as SD cards), but 28 these accessories were historically limited to simple file storage, due to 29 their expected impermanence and the minimal data protection offered to 30 <a href="/devices/storage/traditional.html">traditional external storage</a>. 31 Android 6.0 introduced the ability to 32 <a href="http://developer.android.com/about/versions/marshmallow/android-6.0.html#adoptable-storage">adopt</a> 33 external storage media to act like internal storage.</p> 34 35 <p class="warning"><strong>Warning:</strong> <a 36 href="/security/encryption/file-based.html">File-based encryption</a> cannot 37 currently be used together with adoptable storage. On devices using file-based 38 encryption, new storage media (such as an SD card) must be used as <a 39 href="/devices/storage/traditional.html">traditional storage</a>.</p> 40 41 <p>When external storage media is adopted, its formatted and encrypted to only 42 work with a single Android device at a time. Because the media is strongly tied 43 to the Android device that adopted it, it can safely store both apps and 44 private data for all users.</p> 45 46 <p>When users insert new storage media (such as an SD card) in an adoptable 47 location, Android asks them how they want to use the media. They can choose to 48 adopt the media, which formats and encrypts it, or they can continue using it 49 as-is for simple file storage. If they choose to adopt, the platform offers to 50 migrate the primary shared storage contents (typically mounted at <code>/sdcard</code>) 51 to the newly adopted media, freeing up valuable space on internal storage. 52 Unlike traditional storage, which is limited to 2TB due to its use of 53 <a href="https://en.wikipedia.org/wiki/Master_boot_record">MBR</a>, adoptable 54 storage uses <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table">GPT</a> 55 and therefore has file storage limit of ~9ZB.</p> 56 57 <p>Apps can be placed on adopted storage media only when the developer has 58 indicated support through the <code>android:installLocation</code> attribute. 59 New installs of supported apps are automatically placed on the 60 storage device with the most free space, and users can move supported apps 61 between storage devices in the <em>Settings</em> app. Apps moved to adopted 62 media are remembered while the media is ejected, 63 and return when the media is reinserted.</p> 64 65 <h2 id=security>Security</h2> 66 67 68 <p>The platform randomly generates an encryption key for each adopted device, 69 and that key is stored on the internal storage of the Android device. This 70 effectively makes the adopted media as secure as internal storage. Keys are 71 associated with adopted devices based on the adopted partition GUID. The 72 adopted device is encrypted using <code>dm-crypt</code> configured with the 73 <code>aes-cbc-essiv:sha256</code> algorithm and a 128-bit key size.</p> 74 75 <p>The on-disk layout of the adopted device closely mirrors the internal data 76 partition, including SELinux labels, etc. When multi-user is supported on the 77 Android device, the adopted storage device also supports multi-user with the 78 same level of isolation as internal storage.</p> 79 80 <p>Because the contents of an adopted storage device are strongly tied to the 81 Android device that adopted it, the encryption keys should not be extractable 82 from the parent device, and therefore the storage device can't be mounted elsewhere.</p> 83 84 <h2 id=performance_and_stability>Performance and stability</h2> 85 86 87 <p>Only external storage media in stable locations, such as a slot inside a 88 battery compartment or behind a protective cover, should be considered for 89 adoption to help avoid accidental data loss or corruption. In particular, USB 90 devices connected to a phone or tablet should never be considered for adoption. 91 One common exception would be an external USB drive connected to a TV-style 92 device, because the entire TV is typically installed in a stable location.</p> 93 94 <p>When a user adopts a new storage device, the platform runs a benchmark and 95 compares its performance against internal storage. If the adopted device is 96 significantly slower than internal storage, the platform warns the user about a 97 possibly degraded experience. This benchmark was derived from the actual I/O 98 behavior of popular Android apps. Currently, the AOSP implementation will only 99 warn users beyond a single threshold, but device manufacturers may adapt this 100 further, such as rejecting adoption completely if the card is extremely slow.</p> 101 102 <p>Adopted devices must be formatted with a filesystem that supports POSIX 103 permissions and extended attributes, such as <code>ext4</code> or <code>f2fs</code>. 104 For optimal performance, the <code>f2fs</code> filesystem is recommended for 105 flash-based storage devices.</p> 106 107 <p>When performing periodic idle maintenance, the platform issues <code>FI_TRIM</code> 108 to adopted media just like it does for internal storage. The current SD card 109 specification does not support the <code>DISCARD</code> command; but the kernel 110 instead falls back to the <code>ERASE</code> command, which SD card firmware 111 may choose to use for optimization purposes.</p> 112 113 </body> 114 </html> 115
