diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2017-09-29 23:17:46 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2017-09-29 23:17:46 +0000 |
commit | f231ed8efb5bcdd321a8af8488e05b29fe63534d (patch) | |
tree | d3730610c16bf5f2861fd6769c518831fe3ef4b2 | |
parent | 5c11cdc20cc5f5b25f717049660951c22af82f3d (diff) | |
parent | a3990800c9e442c2150f350b5c6eca2cc1ae5e96 (diff) | |
download | source.android.com-f231ed8efb5bcdd321a8af8488e05b29fe63534d.tar.gz |
Merge "Fix information about fileencryption flag"
-rw-r--r-- | en/security/encryption/file-based.html | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/en/security/encryption/file-based.html b/en/security/encryption/file-based.html index 0a01a938..0aad506b 100644 --- a/en/security/encryption/file-based.html +++ b/en/security/encryption/file-based.html @@ -242,12 +242,16 @@ encryption and improve the user experience. </p> <h3 id="enabling-file-based-encryption">Enabling file-based encryption</h3> <p> -FBE is enabled by adding the flag <code>fileencryption</code> with no parameters +FBE is enabled by adding the flag +<code>fileencryption=contents_encryption_mode[:filenames_encryption_mode]</code> to the <code>fstab</code> line in the final column for the <code>userdata</code> -partition. You can see an example at: -<a href="https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead"> -https://android.googlesource.com/device/lge/bullhead/+/nougat-release/fstab_fbe.bullhead</a> -</p> +partition. <code>contents_encryption_mode</code> parameter defines which +cryptographic algorithm is used for the encryption of file contents and +<code>filenames_encryption_mode</code> for the encryption of filenames. +<code>contents_encryption_mode</code> can be only <code>aes-256-xts</code>. +<code>filenames_encryption_mode</code> has two possible values: <code>aes-256-cts</code> +and <code>aes-256-heh</code>. If <code>filenames_encryption_mode</code> is not specified +then <code>aes-256-cts</code> value is used. <p> Whilst testing the FBE implementation on a device, it is possible to specify the following flag: |