Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 3db5a0f48aced13872fc20b9e27d929f34d02540 / . / docs / html / preview / features / direct-boot.jd
blob: aefa4dcaa47a4e6f70802c26429590eec9aea0d1 [file] [log] [blame]
page.title=Direct Boot
page.keywords=preview,sdk,direct boot
page.tags=androidn
@jd:body
<div id="qv-wrapper">
<div id="qv">
<h2>In this document</h2>
<ol>
<li><a href="#run">Requesting Access to Run During Direct Boot</a></li>
<li><a href="#access">Accessing Device Encrypted Storage</a></li>
<li><a href="#notification">Getting Notified of User Unlock</a></li>
<li><a href="#migrating">Migrating Existing Data</a></li>
<li><a href="#testing">Testing Your Encryption Aware App</a></li>
</ol>
</div>
</div>
<p>Android N runs in a secure, <i>Direct Boot</i> mode
when the device has been powered on but the user has not unlocked the
device. To support this, the system provides two storage locations for data:</p>
<ul>
<li><i>Credential encrypted storage</i>, which is the default storage location
and only available after the user has unlocked the device.</li>
<li><i>Device encrypted storage</i>, which is a storage location available both
during Direct Boot mode and after the user has unlocked the device.</li>
</ul>
<p>By default, apps do not run during Direct Boot mode.
If your app needs to take action during Direct Boot mode, you can register
app components that should be run during this mode. Some common use cases
for apps needing to run during Direct Boot mode include:</p>
<ul>
<li>Apps that have scheduled notifications, such as alarm clock
apps.</li>
<li>Apps that provide important user notifications, like SMS apps.</li>
<li>Apps that provide accessibility services, like Talkback.</li>
</ul>
<p>If your app needs to access data while running in Direct Boot mode, use
device encrypted storage. Device encrypted storage contains data
encrypted with a key that is only available after a device has performed a
successful verified boot.</p>
<p>For data that should be encrypted with a key associated with user
credentials, such as a PIN or password, use credential encrypted storage.
Credential encrypted storage is only available after the user has successfully
unlocked the device, up until when the user restarts the device again. If the
user enables the lock screen after unlocking the device, this doesn't lock
credential encrypted storage.</p>
<h2 id="run">Requesting Access to Run During Direct Boot</h2>
<p>Apps must register their components with the system before they
can run during Direct Boot mode or access device encrypted
storage. Apps register with the system by marking components as
<i>encryption aware</i>. To mark your component as encryption aware, set the
<code>android:encryptionAware</code> attribute to true in your manifest.<p>
<p>Encryption aware components can register to receive a
<code>LOCKED_BOOT_COMPLETED</code> broadcast message from the
system when the device has been restarted. At this point device encrypted
storage is available, and your component can execute tasks that need to be
run during Direct Boot mode, such as triggering a scheduled alarm.</p>
<p>The following code snippet is an example of how to register a
{@link android.content.BroadcastReceiver} as encryption aware, and add an
intent filter for <code>LOCKED_BOOT_COMPLETED</code>, in the app manifest:</p>
<pre>
&lt;receiever
android:encryptionAware="true" &gt;
...
&lt;intent-filter&gt;
&lt;action android:name="android.intent.action.LOCKED_BOOT_COMPLETED" /&gt;
&lt;/intent-filter&gt;
&lt;/receiver&gt;
</pre>
<p>Once the user has unlocked the device, all components can access both the
device encrypted storage as well as credential encrypted storage.</p>
<h2 id="access">Accessing Device Encrypted Storage</h2>
<p>To access device encrypted storage, create a second
{@link android.content.Context} instance by calling
<code>Context.createDeviceEncryptedStorageContext()</code>. All storage API
calls made using this context access the device encrypted storage. The
following example accesses the device encrypted storage and opens an existing
app data file:</p>
<pre>
Context directBootContext = Context.createDeviceEncryptedStorageContext();
// Access appDataFilename that lives in device encrypted storage
FileInputStream inStream = directBootContext.openFileInput(appDataFilename);
// Use inStream to read content...
</pre>
<p>Use device encrypted storage only for
information that must be accessible during Direct Boot mode.
Don't use device encrypted storage as a general-purpose encrypted store.
For private user information, or encrypted data that isn't needed during
Direct Boot mode, use credential encrypted storage.</p>
<h2 id="notification">Getting Notified of User Unlock</h2>
<p>Once the user unlocks the device after restart, your app can switch to
accessing credential encrypted storage and use regular system services that
depend on user credentials.</p>
<p>To get notified when the user unlocks the device after a reboot,
register a {@link android.content.BroadcastReceiver} from a running component
to listen for the <code>ACTION_USER_UNLOCKED</code> message. Or, you can
receive the existing {@link android.content.Intent#ACTION_BOOT_COMPLETED
ACTION_BOOT_COMPLETED} message, which now indicates the device has booted and
the user has unlocked the device.</p>
<p>You can directly query if the user has unlocked the device by calling
<code>UserManager.isUserUnlocked()</code>.</p>
<h2 id="migrating">Migrating Existing Data</h2>
<p>If a user updates their device to use Direct Boot mode, you might have
existing data that needs to get migrated to device encrypted storage. Use
<code>Context.migrateSharedPreferencesFrom()</code> and
<code>Context.migrateDatabaseFrom()</code> to migrate preference and database
data between credential encrypted storage and device encrypted storage.</p>
<p>Use your best judgment when deciding what data to migrate from credential
encrypted storage to device encrypted storage. You should not migrate
private user information, such as passwords or authorization tokens, to
device encrypted storage. In some scenarios, you might need to manage
separate sets of data in the two encrypted stores.</p>
<h2 id="testing">Testing Your Encryption Aware App</h2>
<p>Test your encryption aware app using the new Direct Boot mode. There are
two ways to enable Direct Boot.</p>
<p class="caution"><strong>Caution:</strong> Enabling Direct Boot
wipes all user data on the device.</p>
<p>On supported devices with Android N installed, enable
Direct Boot by doing one of the following:</p>
<ul>
<li>On the device, enable <b>Developer options</b> if you haven't already by
going to <b>Settings &gt; About phone</b>, and tapping <b>Build number</b>
seven times. Once the developer options screen is available, go to
<b>Settings &gt; Developer options</b> and select
<b>Convert to file encryption</b>.</li>
<li>Use the following adb shell commands to enable Direct Boot mode:
<pre class="no-pretty-print">
$ adb reboot-bootloader
$ fastboot --wipe-and-use-fbe
</pre>
</li>
</ul>
<p>An emulated Direct Boot mode is also available, in case you need to switch
modes on your test devices. Emulated mode should only be used during
development and may cause data loss. To enable emulated Direct Boot mode,
set a lock pattern on the device, choose "No thanks" if prompted for a
secure start-up screen when setting a lock pattern, and then use the
following adb shell command:</p>
<pre class="no-pretty-print">
$ adb shell sm set-emulate-fbe true
</pre>
<p>To turn off emulated Direct Boot mode, use the following command:</p>
<pre class="no-pretty-print">
$ adb shell sm set-emulate-fbe false
</pre>
<p>Using these commands causes the device to reboot.</p>