Nougat comes with File Based Encryption (FBE) and Direct Boot.
I would like to return to Full Disk Encryption (FDE) instead (or in addition to FBE) and make sure the data partition is fully encrypted when the phone is turned off.
For security reasons, I actually want the phone to be a complete brick until I type-in the Full Disk Encryption password.
This should be possible since my Nexus 5x (upgrade from Marshmallow to Nougat) could do this.
I expect this to involve a factory reset and maybe even rooting, and I'm fine with that.
My reason is that File Based Encryption is inherently much less secure since it gives a choice to app developers what to encrypt and what not. Sooner or later people will store sensitive data unencrypted (for "user experience" reasons), because it's now possible.
I am aware of this question, but the author seemed confused whether his device is encrypted or not, and it doesn't answer how to use FDE instead of FBE.
So, how to use Full Disk Encryption instead of File Based Encryption?
No comments:
Post a Comment