Merge "Fix information about fileencryption flag"

1 files changed, 9 insertions, 5 deletions

diff --git a/en/security/encryption/file-based.html b/en/security/encryption/file-based.html
index 0a01a938..0aad506b 100644
--- a/en/security/encryption/file-based.html
+++ b/en/security/encryption/file-based.html
@@ -242,12 +242,16 @@ encryption and improve the user experience.
 </p>
 <h3 id="enabling-file-based-encryption">Enabling file-based encryption</h3>
 <p>
-FBE is enabled by adding the flag <code>fileencryption</code> with no parameters
+FBE is enabled by adding the flag
+<code>fileencryption=contents_encryption_mode[:filenames_encryption_mode]</code>
 to the <code>fstab</code> line in the final column for the <code>userdata</code>
-partition. You can see an example at:
-<a href="https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead">
-https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead</a>
-</p>
+partition. <code>contents_encryption_mode</code> parameter defines which
+cryptographic algorithm is used for the encryption of file contents and
+<code>filenames_encryption_mode</code> for the encryption of filenames.
+<code>contents_encryption_mode</code> can be only <code>aes-256-xts</code>.
+<code>filenames_encryption_mode</code> has two possible values: <code>aes-256-cts</code>
+and <code>aes-256-heh</code>. If <code>filenames_encryption_mode</code> is not specified
+then <code>aes-256-cts</code> value is used.
 <p>
 Whilst testing the FBE implementation on a device, it is possible to specify the
 following flag: