Wipe and rotate hardware-backed keys rather than data:
reddit.com/r/GrapheneOS/c
Factory reset or profile deletion is the right way to prevent future access to data. Clearing app data or uninstalling works on a per-app basis if the app encrypts data with the keystore like Signal.
Conversation
How do you reliably erase an app-specific hardware-backed key without blowing away the entire profile? Don't they just get wrapped with a long-lived key and then stored in normal flash?
1
> How do you reliably erase an app-specific hardware-backed key without blowing away the entire profile?
As stated in the comment, the app can reliably delete hardware-backed keys. Clearing the app data or uninstalling the app will also reliably delete hardware-backed keys too.
1
1
2
> Don't they just get wrapped with a long-lived key and then stored in normal flash?
No, that's not at all how the StrongBox keystore works and it's an oversimplication of the traditional TEE-based keystore. Rollback resistance is a standard feature.
2
1
3
Unfortunately, that's not true. Rollback resistance is optional for StrongBox Keymaster, just like TEE. Titan M's StrongBox Keymaster does not implement rollback resistance. This is an area I'm working to improve -- along with increasing the number of devices with StrongBox.
1
1
I didn't mean in the context of StrongBox but rather that Qualcomm implements it on all the devices GrapheneOS has supported or is likely to support. StrongBox stores the keys internally so while rollback resistance would be useful for tamper resistance, it's not as important.
My post on Reddit was written based on the StrongBox model for key storage since I was specifically talking about GrapheneOS on the devices it doesn't consider legacy models. It's more nuanced with the TEE keystore and the details depend on how rollback resistance is implemented.