Android Full disk encryption

Android Full disk encryption

what is full-disk encryption?

Full-disk encryption is the process of encrypting all user data on an Android device using a single key. Once the device is encrypted, all user-created data will be automatically encrypted before the disk is committed, and will be decrypted automatically before it is read.

what's added in Android 5.0

• Fast encryption is created that encrypts only data in the data partition that uses block devices to avoid a lengthy first boot time. Only Ext4 and F2FS file systems support fast encryption.
  
• Add the FORCEENCRYPT flag to encrypt the first boot
• Added support for patterns and encryption without passwords
• Increased hardware support storage for keys that use the trusted execution environment.

Note: Upgrading to Android5.0 and encrypted devices may return an unencrypted state after the data is restored to the factory. New Android 5.0 devices that are encrypted on first boot cannot be returned to an unencrypted state.

how Android Full-disk encryption works

Android full disk encryption based on Dm-crypy, he is a kernel feature that works on the block device layer. For this reason, encryption works with embedded multimedia cards and Flash devices that act as block devices. In the Yaffs file system, encryption is not working, and he works directly with NAND flash memory chips.

Cryptographic algorithms are 128 advanced encryption standards with CBC and ESSIV:SHA256. The primary key is encrypted via the OpenSSL library via 128-bit AES. You have to use a key value of 128-bit or greater digits.

Note: The OEMs can encrypt the primary key using 128-bit or higher digits.

In the Android5.0 release, there are four encryption statuses:

• Default
• PIN
• Password
• Mode

At the first boot, the device creates a randomly generated 128-bit primary key, which is then hashed using the default password and the stored salt. The default password is "Default_password". However, the result hash also needs to be signed by tee, and he uses a signed hash to encrypt the primary key.

You can find the default password in the Android source file CRYPTFS.C.

When the user sets a PIN or password in the device, only the 128-bit key is re-encrypted and stored. (User pin/password/mode changes will not cause user data re-encryption). Note A managed device may be subject to a pin, mode, or password limitation.

Encryption is managed by Init and Vold. Init calls Vold,vold to set properties that are located in init to trigger events. Other parts of the system also work according to these attributes, such as reporting status, querying passwords, or timely factory resets when a fatal error occurs. In order to activate cryptographic features in Vold, the system uses the command line tool ' s,,,,,,,,,,, vdc cryptfs运行命令： checkpw restart enablecrypto changepw cryptocomplete verifypw setfield getfield mountdefaultencrypted getpwtype getpw and .

In order to encrypt, decrypt or clear the/data,/data must be mounted. However, to be able to display the user interface, the framework must run and the framework needs to be/data to run. To solve this problem, a temporary file system is mounted in the/data. This allows Android to prompt for passwords, show progress, or erase data when needed. Some restrictions have been imposed on the transition from the temporary file system to the real/data file system, and the system must stop opening the files in the temporary file system for each process and then restart those processes in the real/data file system. In order to do this, all services must be in one of these three groups: Core,main and Late_start.

• Core: Never close after startup
• Main: Shutdown after disk password input reboot
• Late_restart: Do not start until/data is decrypted and mounted

To excite these behaviors, the Vold.decrypt property is set to various strings. In order to kill and restart the service, the init command is:

• Class_reset: Stop the service and allow Class_start to restart.
• Class_start: Restart Service
• Class_stop: Stop a service and add a svc_disabled flag. The discontinued service does not respond to Class_start.

Flow

There are four streams for an encrypted device. A device is encrypted only once and then follows a normal startup stream.

• Encrypt a device that was not previously encrypted:
  • Encrypt a new device with Forceencrypt: Mandatory encryption at first boot (starting at Android L)
  • Encrypt an existing device: User initiated encryption (Android K and earlier)
• To start a cryptographic device:
  • Start a cryptographic device without a password: Start a cryptographic device without a password (related devices shipped with Android 5.0 or later)
  • Start a cryptographic device with a password: Start a cryptographic device that sets the password.

In addition to these streams, device encryption/data will fail. Each stream will be explained in detail below.

Encrypt a new device with/forceencrypt

This is a normal first boot of an Android 5.0 device.

2. Detected with a/forceencrypt标志的未加密文件系统

   /data没有被加密，但是必须要进行加密。因为/forceencrypt委托他这样做。卸载/data
   

4. Start encrypting/data
   

   vold.decrypt = "trigger_encryption"Triggers init.rc , which would cause to vold encrypt with /data no password. (None is set because this should a new device.)

6. Mount Tmpfs

   vold挂载一个临时文件系统 /data(从ro.crypto.tmpfs_options中使用tmpfs选项)，并且设置属性vold.encrypt_progress 为0.vold为启动一个加密的系统准备tmpfs /data，并且设置属性vold.decrypt为trigger_restart_min_framework

8. Propose frame, show progress

   Because the device has almost no data to encrypt, the progress bar will not show up because the encryption process will be fast.

10. When the/data is encrypted, remove the frame

    Vold set Vold.decrypt as defaultcrypto the trigger_default_encryption to start the service . (This will start the stream below to mount a default encrypted user data). trigger_default_encryption Check the encryption type to see if the/data is encrypted with a password. Because the Android5.0 device is encrypted at the first boot, there should be no password settings, so we decrypt and mount the/data.

12. Mount/data

    Init is then used ro.crypto.tmpfs_options中选出的参数在tmpfs的 to Mount/data from RAMDisk,ro.crypto.tmpfs_options is set in Init.rc.

14. Start frame

    set Vold to Trigger_restart_framework, he continues the regular boot process.
    

    
    

encrypt a current device

This happens when you encrypt an unencrypted Android K or earlier device, and the device is always up to Android L. Note that this is the same as the stream used in K.

This process is user-initialized and is referenced in the code as "in-place encryption." When an empty household chooses to encrypt a device, the UI ensures that the charge is fully charged and the AC adapter is plugged in, so there are enough variables to complete the encryption process.

Warning: If the device runs out of power and shuts down before encryption is complete, the file data is left in a partial encryption state. The device must be factory reset and all data will be lost.

In order to enable in-place encryption, Vold begins a loop to read every sector of the real block device, and then writes him to the encrypted block device. Vold checks if the sector is in use before reading and writing data, which makes it fast to encrypt new devices with little data.

Device status: Set up ro.crypto.state = "unencrypted" and run on nonencryptedinit触发器来继续启动。

2. Check password

   The UI calls Vold with the command cryptfs Enablecrypto inplace where passwd is the user's lock screen password .

4. Uninstalling Frames

   Vold checks for errors, returns 1 if it cannot be encrypted, and prints the reason in the log. If you can encrypt, set the property vold.decrypt为 trigger_shutdown_framework. This causes Init.rc to stop the service in class Late_start and main.

6. Uninstalling/data

   Vold uninstall/mnt/sdcard, and then uninstall/data.

8. Start encrypting/data

   Vold then sets the crypto map, which creates a virtual cryptographic block device that maps to a real block device, but encrypts each sector when it is written, and decrypts each sector when it is read. Vold then creates and writes cryptographic metadata.

10. Mount the TMPFS when encrypted

    vold挂载一个tmpfs /data（从using the TMPFS option in Ro.crypto.tmpfs_options ), and set properties vold.encrypt_progress for 0.vold prepare tmpfs/data for starting an encryption system, and set properties Vold.decrypt for Trigger_restart_min_framework.

12. Propose frame, show progress

    Trigger_restart_min_framework will enable init.rc to start a service's main class. When the framework sees Vold.encrypt_progress is set to 0, he displays the progress bar UI, and he queries the properties every 5 seconds and then updates the progress bar. Every time he encrypts a portion of the partition, the encryption program updatesvold.encrypt_progress。

14. When/data is encrypted, restart

    When/data is successfully encrypted, Vold clears the flag encryption_in_progress in the metadata and restarts .

    If a restart fails for some reason, Vold sets the property  vold.encrypt_progress为 error_reboot_failed，并且UI应该会展示一个信息询问用户按下按钮重启。这种情况永远也不期望发生。

turn on a cryptographic device with default encryption

This happens when you want to start a cryptographic device that does not have a password. Because Android 5.0 devices are encrypted at first boot, they should not have a password set and should therefore be the default encryption state.

1. Detect encrypted/data without a password

   detects that the Android device is encrypted because/data cannot be mounted and flags encryptable   or One of the Forceencrypt   is set. Vold set   Vold.decrypt is

   trigger_default_encryption, which he uses to start defaultcrypto  . trigger_default_encryption   Check the encryption type to see if/data has password encryption.

2. Decrypt/data

   In a block device, create a dm-crypt device, so the device is ready to use.

3. Mount/data

   Vold mount the encrypted/data partition, and then prepare a new partition. He sets the property Vold.post_fs_data_done   to 0, and sets Vold.decrypt to trigger_post_fs_data .  This causes   init.rc to run his post-fs-data command. They create the necessary directories and links, and then set the vold.post_fs_data_done to 1.

   
   

   Once Vold sees 1 in that attribute, he sets the property Vold.decrypt to   trigger_restart_framework. This causes Init.rc to start the service again in the class main. Then the service that is located in class Late_start is opened for the first time since it was started.

4. Open frame

   Now, the framework uses an encrypted/data to start all of his services, and the system works as expected.

open an encryption device that is not the default encryption

This happens when you start a cryptographic device that sets the password. The password for this device can be a pin, mode, or password.

2. Detection of cryptographic devices with passwords

   The Android device is detected as encrypted because the flag ro.crypto.state = "Encrypted"

   vold Settings Vold.decrypt for Trigger_restart_min_framework, because/data is encrypted with a password.

4. Mount Tmpfs

   Init sets the following 5 properties to hold the initialization Mount option, which is used for/data with parameters. They are from init.rc .vold中传过来的，使用这些属性来设置加密映射。

   1. ro.crypto.fs_type
   2. ro.crypto.fs_real_blkdev
   3. ro.crypto.fs_mnt_point
   4. ro.crypto.fs_options
   5. ro.crypto.fs_flags (ASCII 8-digit hex number preceded by 0x)
6. Start frame to prompt for password

   The framework starts and then checks to see if the Vold.decrypt is set totrigger_restart_min_framework。这告诉框架这是在tmpfs /data磁盘中启动的，他需要获取用户密码。

   First, he needs to determine if the disk is properly encrypted. He sends commands CRYPTFS cryptocomplete to Vold. Returns 0 if the encryption is completely successful. If an internal error is returned-1. Or if the encryption did not return fully successfully-2. Vold determines this by looking at the cryptographic metadata used for the crypto_encryption_in_progress flag. If it is set, the encryption process is interrupted and no data is available on the device. If Vold returns an error, the UI should present a message to the user to restart and factory reset the device, and give the User a button to do so.

8. Decrypt data with a password

   Once Cryptfs Cryptocomplete succeeds, the framework will show a UI asking for the disk password. The UI checks the password by sending a command to Vold cryptfs checkpw . If the password is correct (this is determined by the encryption/data correctly mounted to the temporary location, and then the tower is unloaded), Vold saves the name of the decryption block device in the properties Ro.crypto.fs_crypto_blkdev, and returns a status of 0 to the UI. If the password is incorrect, return 1 to the UI.

10. Stop frame

    The UI pops up an encrypted startup graphic and then uses the command cryptfs restart . vold设置属性 Vold.decrypt for Trigger_reset_main to call Vold, which will make init.rc To deal with Class_reset Main. This will stop all services in the main class, which allows Tmpfs/data to be uninstalled.

12. Mount/data

    Vold then mounts the decryption/data partition, then prepares the new partition (if it is encrypted with the erasable option, it will not be prepared, which is not supported at the time of initial release). He sets the property Vold.post_fs_data_done to 0, and then sets vold.decrypt to trigger_post_fs_data。这会使init.rc来运行他的 post-fs-data command. They will create any necessary directories or links, and then set vold.post_fs_data_done to 1. Once Vold sees 1 in that attribute, he sets the property vold.decrypt to trigger_restart_framework . This causes Init.rc to restart the service in the class main and start the service in class Late_start for the first time since it was started.

14. Open Full Frame

    Now the framework uses the decryption/data file system to start all of his services and the system is ready to be put into use.

failed

A decryption failed device may be for the following reasons. The device starts up using the general series steps:

1. Detection of cryptographic devices with passwords
2. Mount Tmpfs
3. Open Frame Prompt Enter password

However, the device may experience some errors after the framework is opened:

• Passwords match but cannot decrypt data
• User entered the wrong password 30 times

If these errors are not resolved, prompt the user for factory cleanup:

If Vold detects an error during encryption and if the data has not been decrypted, the framework starts, Vold sets the property vold.encrypt_progress to error_not_encrypted。UI提示用户重启，并且警告他们加密过程没有开始。如果在框架卸下之后,在进度条开启之前，错误发生了，vold将会重启系统。如果重启失败，他会设置 vold.encrypt_progress as Error_shutting_down, and returns-1; But there will be nothing to catch the error. This is not expected to happen.

If Vold detects an error during the encryption process, he sets error_partially_encrypted and vold.encrypt_progress为 returns-1. The UI should show a message box saying the encryption failed and provide a button to prompt the user to restore the factory reset device.

Storage encryption keys

The encryption key value is stored in the encrypted metadata. Hardware support is implemented by using a trusted environment signature. Previously, we encrypted the primary key by applying scrypt to the user's password and storage salt. To make the key resistant to attack, we use a stored tee key to sign a combined key value to inherit his algorithm. The combined signature is programmed with an appropriate key length through an scrypt application. This key is used to encrypt and decrypt the master key. Here is the procedure for storing this key:

1. Generate a random 16-bit Disk encryption key (DEK) and a salt of 16.
2. Apply Scrypt and salt to the user password to generate a 32-bit intermediate key 1 (IK1).
3. Use 0 to populate IK1 to the size of the hardware-bound private key (HBK). In particular, we fill in as: 00 | | IK1 | | 00..00; A 0-bit: IK1 bytes, 223 zero bytes.
4. Signed with HBK IK1 to generate a 256-bit IK2
5. Apply scrypt to IK2 and salt to generate 32 for IK3
6. Use the first 16 bits of IK3 as KEK, and the last 16 bits as IV
7. Encrypt the Dek with Aes_cbs, with key KEK, and initialize Vector IV

Change Password

When the user chooses to modify or remove the password in the settings, the UI sends the command cryptfs changepw to Vold, Vold re-encrypts the disk master key with the new password.

Cryptographic Properties

Vold and Init communicate with each other by setting properties. Some of the following properties are available for encryption.

Vold Property

Properties	Description
vold.decrypt trigger_encryption	Encrypt a device without a password
vold.decrypt trigger_default_encryption	Check if the device is encrypted without a password. If yes, decrypt and mount him, if not, set vold.decrypt to trigger_restart_min_framework.
vold.decrypt trigger_reset_main	The Vold setting closes the UI to ask for the disk password
vold.decrypt trigger_post_fs_data	Set up by Vold to prepare/data with the necessary directories
vold.decrypt trigger_restart_framework	Set up by Vold to start the actual framework and all services
vold.decrypt trigger_shutdown_framework	Disable the overall framework by Vold setting to initiate encryption
vold.decrypt trigger_restart_min_framework	Vold set the start progress bar to encrypt or prompt the user to enter a password, depending on the value of Ro.crypto.state
vold.encrypt_progress	When the framework is started, if this property is set, enter the progress bar mode
vold.encrypt_progress 0 to 100	The progress bar should show a collection of hundred scores.
vold.encrypt_progress error_partially_encrypted	The progress bar should show an encryption failure prompt and give the user an option to reset the device to the factory.
vold.encrypt_progress error_reboot_failed	The progress bar should display a message saying that encryption is complete and giving the User a button to prompt the user to restart the device. We don't expect this error to happen.
vold.encrypt_progress error_not_encrypted	The progress bar should show an information box saying that an error has occurred, that no data is encrypted, and that the user is prompted to restart the system with a button.
vold.encrypt_progress error_shutting_down	The progress bar is not running, so it is unclear who responds to this error. He should not have happened.
vold.post_fs_data_done 0	Set vold.decrypt to set trigger_post_fs_data之前 by Vold
vold.post_fs_data_done 1	In completing the taskpost-fs-data之后由init.rc设置

Init property

Properties	Description
ro.crypto.fs_crypto_blkdev	Used by the Vold command checkpw set for use later by the Vold command restart.
ro.crypto.state unencrypted	It is set by init that the system is running with an unencrypted/data ro.crypto.state encrypted. Set by Init says this system is running with an encrypted/data
ro.crypto.fs_type ro.crypto.fs_real_blkdev  ro.crypto.fs_mnt_point ro.crypto.fs_options ro.crypto.fs_flags	In which he tried to mount the carry init.rc -on from. vold中传来的参数的/data的时候， These five properties are set by Init to set the crypto map
ro.crypto.tmpfs_options	When mounting the Tmpfs/data file system, it is set by init.rc using the parameters that init should use.

init behavior

On Post-FS-data
On nonencrypted
on property:Vold.Decrypt=Trigger_reset_main
on property:Vold.Decrypt=Trigger_post_fs_data
on property:Vold.Decrypt=Trigger_restart_min_framework
on property:Vold.Decrypt=Trigger_restart_framework
on property:Vold.Decrypt=Trigger_shutdown_framework
on property:Vold.Decrypt=trigger_encryption
on property:Vold.Decrypt=trigger_default_encryption

Android Full disk encryption