What even is this nonsense, Android.
Conversation
You’re using TrustZone-generated signatures (fed into scrypt) to protect the full-disk encryption key on Android devices?
3
10
Replying to
That documentation is 8 years old... and the top of the page points out it is deprecated for android 10+
1
6
grapheneos.org/faq#encryption explains how it works on the Pixel 2 and later at high level. It's clear about which things are GrapheneOS enhancements.
Weaver and the owner account authentication for insider attack protection are what integrates it with the secure element.
1
1
OS does initial scrypt-based key derivation and uses personalized hashes of result for the different uses. One of those is getting the Weaver token from the secure element. Secure element requires owner authentication before firmware can be updated (insider attack protection).
1
1
Another personalized hash is sent along with Weaver token retrieved from the secure element to the TEE. TEE does the hardware bound key derivation, decrypts disk encryption key and passes it to inline decryption hardwar on modern Qualcomm, Exynos and Tensor without OS getting it.
1
1
We could split this into a dedicated article to provide more details and cover the hardware keystores, etc.
GrapheneOS also has a quite useful auto-reboot feature. User chooses an amount of time the device will wait for a user profile to be unlocked before the device reboots.