There's a new section in the GrapheneOS FAQ covering disk encryption:
grapheneos.org/faq#encryption
Other than GrapheneOS allowing ending user sessions and raising the padding size, this also applies to AOSP on devices with a secure element offering Weaver like the Pixel 2 and later.
Conversation
This covers the baseline disk encryption.
Apps can use the hardware keystore API to provide another layer of encryption with options like setting keys to be only available when unlocked. Can also be mixed with their own encryption.
See github.com/mollyim/mollyi for an example.
1
4
13
Before the Titan M introduced with the Pixel 3, the Pixel 2 used an off-the-shelf NXP security chip to implement Weaver. The implementation is open source:
android.googlesource.com/platform/exter
It would be easy for other devices to implement. However, it's not mandatory so they don't bother.
1
2
13
The NXP security chip on the Pixel 2 and the Titan M on later devices also use insider attack resistance:
android-developers.googleblog.com/2018/05/inside
An attacker with the signing keys for the secure element firmware and the OS cannot update the firmware without authenticating as the owner profile.
Weaver is how a strong level of security is provided for the vast majority of users not using a strong passphrase as their lock method.
A random 6-digit PIN becomes quite hard to bypass when dealing with a secure element with insider attack resistance allowing 1 attempt per day.
1
5
18
User profiles are isolated workspaces with their own disk encryption keys. Consider using them!
Using a secondary user as your main profile is one of our recommendations for high risk users. That way, you can still boot up and use the device without decrypting your main profile.
4
8
26
Replying to
what impact does using secondary user profiles have on system resources on a not-so-new device such as Pixel 3? i already use a work profile on my device for different reason (for some important but not trusted apps from play store). would it "survive" the third one?
1
1
It doesn't use substantial resources other than additional memory to run more instances of apps. The base system processes are reused across different profiles. It's not a virtual machine.
if i want to use a special user profile for enhanced security how important is to have different passphrase for it as for the main profile? my understanding is that i can use the same without much security compromise but i'm not so sure about that.