Encrypt usb medias like sd cards natively #4500
Labels
Comments
|
This sounds like a really good idea. Fixing the implementation to use LUKS and storing the key in the keystore would be better. But as it is, this FR sounds like it could be pretty close to vanilla AOSP features. |
|
Storing the key in the hardware keystore isn't a good approach. We would just use the same kind of encryption approach as the OS does for data if we did this, but with a single key for all metadata and data blocks with the same kind of credential-based key derivation for it. We could even potentially dedicate a Weaver slot to it but it wouldn't be possible to do that for more than a very limited amount. Not clear we want to implement this, but it's a possibility. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At least a while ago it was pretty easy to encrypt a SD card, I don't know about the current implementation if there's still one.
It would help, since newer pixels don't have a SD storage slot, to encrypt any USB storage device as it were a SD card.
(I don't really care if it won't be readable across other operative systems due to hardware-based encryption, maybe it's better this way)
The text was updated successfully, but these errors were encountered: