Conversation

twitter.com/GrapheneOS/sta android.googlesource.com/platform/frame is the place to start if you're interested in finer details of the implementation. For Pixel 2 and later, isWeaverAvailable() is true. SyntheticPasswordCrypto.personalisedHash(...) is used to quickly derive a value with SHA-512.
Quote Tweet
There's a new section in the GrapheneOS FAQ covering disk encryption: grapheneos.org/faq#encryption Other than GrapheneOS allowing ending user sessions and raising the padding size, this also applies to AOSP on devices with a secure element offering Weaver like the Pixel 2 and later.
Show this thread
1
5
For example, the Weaver key is made by passing "weaver-key" and the password token to SyntheticPasswordCrypto.personalisedHash(...). That way, the password token derived with scrypt isn't actually sent to the secure element. That's used for deriving a bunch of different keys.
1
1
There's also other hashing that's not really noteworthy such as the lockscreen implementation hashing the password in a similar way before passing it along, etc. The actual work factor is provided by scrypt and the SoC-specific hardware-accelerated, hardware-bound key derivation.
2
2
Focusing on the important aspects in the FAQ section. Skipping over how it works on devices without Weaver and user profiles without a password also helps keep things simpler. Devices without Weaver use personalisedHash of a 16kiB randomly generated file to help with wiping keys.