diff options
author | Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com> | 2017-09-29 17:28:28 +0300 |
---|---|---|
committer | Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com> | 2017-09-29 23:49:36 +0300 |
commit | a3990800c9e442c2150f350b5c6eca2cc1ae5e96 (patch) | |
tree | d3730610c16bf5f2861fd6769c518831fe3ef4b2 /en | |
parent | 5c11cdc20cc5f5b25f717049660951c22af82f3d (diff) | |
download | source.android.com-a3990800c9e442c2150f350b5c6eca2cc1ae5e96.tar.gz |
Fix information about fileencryption flag
fileencryption flag is used for marking userdata partition as encrypted
via FBE. Also, this flag should specify encryption method for file
contents and filenames.
Reference:
https://android.googlesource.com/platform/system/core/+/b478f706d76483519a197ad24c0acbb146ebe10e%5E%21/
https://android.googlesource.com/platform/system/core/+/b478f706d76483519a197ad24c0acbb146ebe10e/fs_mgr/fs_mgr_fstab.cpp#225
Test: none
Change-Id: I0cb7b85d197b7d4692e2e8db2a076005438fc4d0
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
Diffstat (limited to 'en')
-rw-r--r-- | en/security/encryption/file-based.html | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/en/security/encryption/file-based.html b/en/security/encryption/file-based.html index 0a01a938..0aad506b 100644 --- a/en/security/encryption/file-based.html +++ b/en/security/encryption/file-based.html @@ -242,12 +242,16 @@ encryption and improve the user experience. </p> <h3 id="enabling-file-based-encryption">Enabling file-based encryption</h3> <p> -FBE is enabled by adding the flag <code>fileencryption</code> with no parameters +FBE is enabled by adding the flag +<code>fileencryption=contents_encryption_mode[:filenames_encryption_mode]</code> to the <code>fstab</code> line in the final column for the <code>userdata</code> -partition. You can see an example at: -<a href="https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead"> -https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead</a> -</p> +partition. <code>contents_encryption_mode</code> parameter defines which +cryptographic algorithm is used for the encryption of file contents and +<code>filenames_encryption_mode</code> for the encryption of filenames. +<code>contents_encryption_mode</code> can be only <code>aes-256-xts</code>. +<code>filenames_encryption_mode</code> has two possible values: <code>aes-256-cts</code> +and <code>aes-256-heh</code>. If <code>filenames_encryption_mode</code> is not specified +then <code>aes-256-cts</code> value is used. <p> Whilst testing the FBE implementation on a device, it is possible to specify the following flag: |