Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / compatibility / cdd / bdb98084f20184dbfd61369b6fdce3c837c5ab42
commitbdb98084f20184dbfd61369b6fdce3c837c5ab42[log] [tgz]
authorgian <gian@google.com>Mon Jun 19 18:13:09 2017 -0700
committerGian G Spicuzza <gian@google.com>Fri Jul 07 21:11:48 2017 +0000
treec905977468a169871d0f55809849e252bf041874
parent6005a5119bce2e4df651b840d5da04f7f057ede8 [diff]
CDD: Require a default passcode to wrap the encryption key

If the user has not specified a lock screen credential, the process for
recovering the disk encryption key should still be bound to Keymaster
and the root of trust, so that an attacker who changes the OS to an
unsigned OS can't easily recover the disk encryption key. A default
passcode is the easy way to achieve that.

Given this, we are changing "SHOULD" to "MUST".

Bug: 33744049
Change-Id: I8e5026f394a8e4e6902f2b86449b367b6668f13b
1 file changed
tree: c905977468a169871d0f55809849e252bf041874
  1. 10_software-compatibility-testing/
  2. 11_updatable-software/
  3. 12_document-changelog/
  4. 13_contact-us/
  5. 1_introduction/
  6. 2_device-types/
  7. 3_software/
  8. 4_application-packaging/
  9. 5_multimedia/
  10. 6_dev-tools-and-options/
  11. 7_hardware-compatibility/
  12. 8_performance-and-power/
  13. 9_security-model/
  14. source/
  15. make_cdd.py