Conversation

Wipe and rotate hardware-backed keys rather than data: reddit.com/r/GrapheneOS/c Factory reset or profile deletion is the right way to prevent future access to data. Clearing app data or uninstalling works on a per-app basis if the app encrypts data with the keystore like Signal.

reddit.com

Wipe free space

You're thinking about this incorrectly. Due to how storage devices work at a low-level, wiping the data isn't a viable way to remove all traces...

Replying to

and

How do you reliably erase an app-specific hardware-backed key without blowing away the entire profile? Don't they just get wrapped with a long-lived key and then stored in normal flash?

Replying to

and

> How do you reliably erase an app-specific hardware-backed key without blowing away the entire profile? As stated in the comment, the app can reliably delete hardware-backed keys. Clearing the app data or uninstalling the app will also reliably delete hardware-backed keys too.

7:29 PM · Feb 10, 2020Twitter Web App

Replying to

and

> Don't they just get wrapped with a long-lived key and then stored in normal flash? No, that's not at all how the StrongBox keystore works and it's an oversimplication of the traditional TEE-based keystore. Rollback resistance is a standard feature.

source.android.com

Keymaster Functions | Android Open Source Project

Replying to

and

StrongBox keeps keys within a dedicated secure element. From my perspective, the TEE keystore is legacy compatibility cruft, and I don't need to be concerned with devices without StrongBox support for much longer. Pixel 2 and 2 XL are legacy targets for GrapheneOS at this point.

Show replies