CDD: AES encrypt the encryption key by default
For Android O-MR1 we are requiring that all encryption keys are
encrypted with AES by default, unless the user explicitly opts out.
Bug: 33744049
Change-Id: Ic74dcd960ef89b752f580bd2ce2e42acca643c1f
Test: Not necessary -- this is a policy change.
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 65ee9d6..94763d8 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -86,8 +86,8 @@
* [C-1-2] MUST use a default passcode to wrap the encryption key and
MUST NOT write the encryption key to storage at any time
without being encrypted.
- * [C-1-3] MUST provide the user the possibility to AES encrypt the
- encryption key, except when it is in active use, with the lock screen
+ * [C-1-3] MUST AES encrypt the encryption key by default unless the user
+ explicitly opts out, except when it is in active use, with the lock screen
credentials stretched using a slow stretching algorithm
(e.g. PBKDF2 or scrypt).
* [C-1-4] The above default password stretching algorithm MUST be
@@ -98,4 +98,4 @@
(even when wrapped with the user passcode and/or hardware bound key).
The upstream Android Open Source project provides a preferred implementation
-of this feature, based on the Linux kernel feature dm-crypt.
\ No newline at end of file
+of this feature, based on the Linux kernel feature dm-crypt.