Project

General

Profile

Feature #2099

Separate screen lock and boot passwords

Added by dl lud 11 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
07/26/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Unknown

Description

On Replicant 6 you can set different passwords for the screen lock and boot. Such can be done with commands such as:
  • vdc cryptfs enablecrypto inplace password MyLongPassword
  • vdc cryptfs enablecrypto wipe password MyLongPassword

Or with an app such as SnooperStopper, which uses vdc cryptfs underneath.

This allows for a great compromise between security and usability. You can set a simple PIN for the screen lock, and a long alphanumeric password for boot which is your actual encryption key.

Unfortunately it seems that vdc cryptfs no longer works on recent Android versions (I tested with Lineage 16). This probably stems from the fact that Android now relies on a Trusted Execution Environment (TEE) to (securely?) derive an encryption key out of the user's lock screen PIN and then store it.

Replicant 10 will be unable to use a TEE for several different reasons:
  • Old devices have SoCs that do not support a TEE.
  • There may be no free software TEE implementation available for the target device.
  • Even if a free software TEE is available, the device's bootloader is locked and cannot load it.
    For further details check Gatekeeper HAL backend.

As such, finding a way to have a separate boot password/encryption key on Replicant 10 seems to be a must. Otherwise users will be faced with a dilemma:
a) Use a simple PIN and be exposed to bruteforce attacks.
b) Use a long password and take some long minutes to unlock the phone everytime they need it.

Also available in: Atom PDF