1

I am very new to Android's FBE and still learning the basics.

From what I could understand, the way FBE works is that for each file to be stored on the disk, the kernel requests for a key from some secure hardware logic. The kernel then assigns this key to the file to be encrypted and is then stored on the disk. When that file is read from the disk in future, the kernel will use the same key to decrypt it. 

  1. Since there are multiple files that use multiple keys, who keeps track of the key used to encrypt each file?
  2. Are these details stored in some secure non-volatile memory? If the device is reboot, and the keys removed from RAM, how is this information mapped again?
  3. If some files are deleted on the disk, do the keys get re-used?
adanda
  • 11
  • 1
  • https://android.stackexchange.com/q/216155 – alecxs Jul 06 '20 at 15:09
  • 1
    The file keys are stored directly in the ext4 file-system "dentry" of each file. See bottom of page 9 https://pdfs.semanticscholar.org/e1cf/9ad5614f3a24b24088e4b22e9218f0abc3a0.pdf Note: The key derivation process shown in this paper is outdated, but the key storage is AFAIK still used this way. – Robert Jul 06 '20 at 15:16

0 Answers0