1

I want to unlock bootloader on Android 8.0 FBE encrypted with PIN

I don't wanna lose my data, therefore i made backup of userdata partition before

According to CCC the bootloader state is part of encryption. The video neither explain how bootloader state is involved in KDF KEK DEK chain nor this concerns FBE

After unlocking bootloader + factory reset + restoring userdata partition,

encryption probably won't work. does this concern twrp too, is there any method to overcome this?

I cannot test that as i don't want to unlock bootloader without backup at moment

alecxs
  • 4,034
  • 3
  • 16
  • 34
  • Let's discuss this in chat. – defalt Dec 23 '20 at 12:01
  • tried today. dumped userdata, unlocked bootloader, restored userdata. did not work, probably because of deleteKey – alecxs Aug 15 '21 at 20:47
  • 1
    Thanks for this important information. Can you also try wiping /data from TWRP and restore it again? I believe as long as you are not reinitializing the OS, you can restore data after wipe because reinitialization triggers untrusted enrollment in TEE which generates new SID and FBE keys on first boot of OS. – defalt Sep 21 '21 at 09:10
  • @defalt cannot try it was not my mobile. my own phone is not encrypted – alecxs Sep 21 '21 at 15:49
  • 1
    From android enterprise security whitepaper (pdf), The Verifed Boot state is used as an input in the process to derive disk encryption keys. If the Verifed Boot state changes (e.g. the user unlocks the bootloader), then the secure hardware prevents access to data used to derive the disk encryption keys that were used when the bootloader was locked. – defalt Jan 10 '22 at 11:02
  • 1
    Where should I put it here? – defalt Jan 10 '22 at 14:21
  • 1
    Confirmed answer to What is the cryptographic relationship between verified boot state and FBE keys?. – defalt Apr 21 '22 at 12:36
  • some people claim it's possible to unlock bootloader without data wipe (for example with mtkclient) it's no real unlocking then? – alecxs Apr 21 '22 at 12:56
  • 1
    I don't think it's possible anymore with phones that fully complies with AVB2.0 and FBE specification. The Verified Boot State is cryptographically tied to Key Encryption Key that decrypts FBE keys inside TEE. Even if you somehow manage to prevent data wipe just after unlocking (let's say by cutting the power of SoC), that data cannot be decrypted because the KEK output will be different. – defalt Apr 21 '22 at 17:47

0 Answers0