Post Syndicated from corbet original http://lwn.net/Articles/693115/rss
The “Bits Please” blog has a
detailed description of how one breaks full-disk encryption on an
Android phone. Included therein is a lot of information on how full-disk
encryption works on Android devices and its inherent limitations.
“Instead of creating a scheme which directly uses the hardware key
without ever divulging it to software or firmware, the code above performs
the encryption and validation of the key blobs using keys which are
directly available to the TrustZone software! Note that the keys are also
constant – they are directly derived from the SHK (which is fused into the
hardware) and from two ‘hard-coded’ strings.
Let’s take a moment to explore some of the implications of this
finding.”