fbe 业务流程分析

总结

  1. 根据/data/unencrypted/key和/data/misc/vold/user_keys/de/0/路径是否存在判断首次开机还是非首次开机
  2. system DE存储空间和user DE存储空间使用keymasterkey加解密,密钥元素secret和token为空
  3. 不设置锁屏密码,user CE存储空间使用keymasterkey加解密,密钥元素secret和token为空
  4. 设置锁屏密码,user CE存储空间使用withoutkeymastery加解密,密钥元素secret为非空,token为空
  5. 删除锁屏密码后,user CE 存储空间采用 不设置锁密码 加密策略
  6. 添加锁屏密码、修改锁屏密码、删除锁屏密码后在添加锁屏密码,传下来的secret值是一样的,确保不同场景下加密的文件都能解密
  7. 对user CE存储空间加解密的key,不管是设置锁屏密码还是不设置锁屏密码,这个key始终是一样的即首次开机生成的key。不同的只是加密元素和加密方式。
  8. /data/misc/vold/user_keys/ce/0/current # cat stretching
    nopassword // 没有设置锁屏密码
    none // 设置锁屏密码

/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob // 此文件存在意味keymaster加解密、否则使用withoutkeymastery加解密

fbe首次开机流程

e4crypt_initialize_global_de
	// 创建system DE key
	Creating new key in /data/unencrypted/key
	// 使用keymaster key加密
	encryptWithKeymasterKey
	
	// 把key ref和key键值对添加到keyring
	Added key 586522868 (ext4:67da18ded3ad485e) to keyring 1037041109 in process 587
	Added key 980373597 (f2fs:67da18ded3ad485e) to keyring 1037041109 in process 587
	Added key 378832651 (fscrypt:67da18ded3ad485e) to keyring 1037041109 in process 587
	Wrote system DE key reference to:/data/unencrypted/ref
	
	// 由init.rc 里的mkdir创建system DE存储空间
	
e4crypt_init_user0

	// 创建user DE & CE key,且用keymaster key加密
	@@## encryptWithKeymasterKey
	Created key: /data/misc/vold/user_keys/ce/0/current
	@@## encryptWithKeymasterKey
	Created key: /data/misc/vold/user_keys/de/0
	
	// 把user DE & CE key ref和key键值对添加到keyring
	Added key 874094742 (ext4:290ab433e0a0fa60) to keyring 1037041109 in process 587
	Added key 598664941 (f2fs:290ab433e0a0fa60) to keyring 1037041109 in process 587
	Added key 154377517 (fscrypt:290ab433e0a0fa60) to keyring 1037041109 in process 587
	Added key 397224737 (ext4:18614a45fe4939f4) to keyring 1037041109 in process 587
	Added key 496597483 (f2fs:18614a45fe4939f4) to keyring 1037041109 in process 587
	Added key 4447633 (fscrypt:18614a45fe4939f4) to keyring 1037041109 in process 587

	//建立user DE目录,给目录设置加密策略即 key ref
	e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
	Preparing: /data/system/users/0
	Preparing: /data/misc/profiles/cur/0
	Preparing: /data/system_de/0
	Preparing: /data/misc_de/0
	Preparing: /data/vendor_de/0
	Preparing: /data/user_de/0
	Policy for /data/system_de/0 set to 290ab433e0a0fa60 modes 127/4
	Policy for /data/misc_de/0 set to 290ab433e0a0fa60 modes 127/4
	Policy for /data/vendor_de/0 set to 290ab433e0a0fa60 modes 127/4
	Policy for /data/user_de/0 set to 290ab433e0a0fa60 modes 127/4
	
	// token=“!”,secret="!",意味着token和secret是空的
	e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
	// 由于user CE key和key ref已经添加到keyring
	Tried to unlock already-unlocked key for user 0

	//建立user CE目录,给目录设置加密策略
	e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
	Preparing: /data/system_ce/0
	Preparing: /data/misc_ce/0
	Preparing: /data/vendor_ce/0
	Preparing: /data/media/0
	Preparing: /data/data
	Policy for /data/system_ce/0 set to 18614a45fe4939f4 modes 127/4
	Policy for /data/misc_ce/0 set to 18614a45fe4939f4 modes 127/4
	Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
	Policy for /data/media/0 set to 18614a45fe4939f4 modes 127/4
	Policy for /data/data set to 18614a45fe4939f4 modes 127/4

fbe未添加锁屏密码,非首次开机流程

e4crypt_initialize_global_de

// 获取system DE key,使用keymasterkey解密,加载到keyring
Key exists, using: /data/unencrypted/key
@@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
@@## decryptWithKeymasterKey
Added key 980039627 (ext4:67da18ded3ad485e) to keyring 835505565 in process 583
Added key 959702073 (f2fs:67da18ded3ad485e) to keyring 835505565 in process 583
Added key 606242813 (fscrypt:67da18ded3ad485e) to keyring 835505565 in process 583
Wrote system DE key reference to:/data/unencrypted/ref

// 使用keymasterkey解密user DE key,加载到keyring,建立DE存储空间,设置加密策略
e4crypt_init_user0
@@## decryptWithKeymasterKey
Added key 478727481 (ext4:290ab433e0a0fa60) to keyring 835505565 in process 583
Added key 765526525 (f2fs:290ab433e0a0fa60) to keyring 835505565 in process 583
Added key 469387747 (fscrypt:290ab433e0a0fa60) to keyring 835505565 in process 583
Installed de key for user 0
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
Preparing: /data/system_de/0
Preparing: /data/misc_de/0
Preparing: /data/vendor_de/0
Preparing: /data/user_de/0
Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value

// token和secret是空的,使用keymasterkey解密user CE key,加载到keyring,建立DE存储空间,设置加密策略
e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
Trying user CE key /data/misc/vold/user_keys/ce/0/current
@@## retrieveKey: appId= �s7_a�-��

@@## decryptWithKeymasterKey
Successfully retrieved key
Added key 69920630 (ext4:18614a45fe4939f4) to keyring 835505565 in process 583
Added key 897462990 (f2fs:18614a45fe4939f4) to keyring 835505565 in process 583
Added key 506661260 (fscrypt:18614a45fe4939f4) to keyring 835505565 in process 583
Installed ce key for user 0
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
Preparing: /data/system_ce/0
Preparing: /data/misc_ce/0
Preparing: /data/vendor_ce/0
Preparing: /data/media/0
Preparing: /data/data
Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
Found policy 18614a45fe4939f4 at /data/data which matches expected value

fbe添加锁屏密码流程, 修改锁屏密码不再调用下面流程

// 调用两次e4crypt_add_user_key_auth,第一次传递的token和secret是空,第二次传递的token是空,secret是非空
// secret空使用keymasterkey加解密,非空使用非keymaster进行加解密
// e4crypt_add_user_key_auth第一次调用新创建CE key: /data/misc/vold/user_keys/ce/0/cx0000000000,使用secdiscard、rm删除current CE key。
// rename cx0000000000 to current
// 第二次调用流程和第一次一样,区别就是secret非空,使用非keymaster加解密

vold    : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! !
vold    : Skipping non-key .
vold    : Skipping non-key ..
vold    : @@## getStretching: kStretch_nopassword
vold    : @@## storeKey: appId= UpN?K&�w��3��_DMk��ۆ%O��|������e��OU�ɤ���Hmt;�t`H�
vold    : @@## storeKey: usesKeymaster

vold    : @@## encryptWithKeymasterKey
vold    : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000

vold    : e4crypt_fixate_newest_user_key_auth 0

vold    : /system/bin/secdiscard
vold    :     --
vold    :     /data/misc/vold/user_keys/ce/0/current/encrypted_key
vold    :     /data/misc/vold/user_keys/ce/0/current/secdiscardable
vold    :     /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
vold    : /system/bin/rm
vold    :     -rf
vold    :     /data/misc/vold/user_keys/ce/0/current
vold    : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current

vold    : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
vold    : @@## getStretching: kStretch_none

vold    : @@## encryptWithoutKeymaster
vold    : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
vold    : e4crypt_fixate_newest_user_key_auth 0

vold    : /system/bin/secdiscard
vold    :     --
vold    :     /data/misc/vold/user_keys/ce/0/current/encrypted_key
vold    :     /data/misc/vold/user_keys/ce/0/current/secdiscardable
vold    :     /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
vold    : /system/bin/rm
vold    :     -rf
vold    :     /data/misc/vold/user_keys/ce/0/current
vold    : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current

fbe删除锁屏密码后,再次添加锁屏密码

// token为空,secret为非空
05-24 03:20:12.251   587   612 D vold    : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149

05-24 03:20:12.284   587   612 D vold    : @@## getStretching: kStretch_none
05-24 03:20:12.289   587   612 D vold    : @@## storeKey: appId= {=i)v����#    ���H�̑ڴ��+F3?�[|�Ųj/��z��U̾��2��KZ�3)������d�'@��~�
�0�e����C�?u�r��҄2�a*S��Ω�i�#b�l�����QI
05-24 03:20:12.289   587   612 D vold    : @@## encryptWithoutKeymaster
05-24 03:20:12.296   587   612 D vold    : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
05-24 03:20:12.299   587   612 D vold    : e4crypt_fixate_newest_user_key_auth 0

05-24 03:20:12.318   587   612 V vold    : /system/bin/secdiscard
05-24 03:20:12.318   587   612 V vold    :     --
05-24 03:20:12.318   587   612 V vold    :     /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.318   587   612 V vold    :     /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.318   587   612 V vold    :     /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.394  3274  3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
05-24 03:20:12.398  3274  3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
05-24 03:20:12.398  3274  3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.398  3274  3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.398  3274  3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
05-24 03:20:12.401  3274  3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
05-24 03:20:12.401  3274  3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.402  3274  3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.402  3274  3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
05-24 03:20:12.404  3274  3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
05-24 03:20:12.404  3274  3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.404  3274  3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.411   587   612 V vold    : /system/bin/rm
05-24 03:20:12.411   587   612 V vold    :     -rf
05-24 03:20:12.412   587   612 V vold    :     /data/misc/vold/user_keys/ce/0/current
05-24 03:20:12.522   587   612 D vold    : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current

fbe添加锁屏密码后开机流程

// 使用keymasterkey解锁system DE key,安装keyring
// 使用keymasterkey解锁user DE key,安装keyring,建立DE存储空间,设置加密策略
// 用户输入正确解锁密码后,e4crypt_unlock_user_key传入的secret为非空,使用WithoutKeymaster解锁user CE key,安装keyring,建立CE 存储空间,设置加密策略
01-15 03:35:37.197   585   599 I vold    : e4crypt_initialize_global_de
01-15 03:35:37.201   585   599 D vold    : Key exists, using: /data/unencrypted/key
01-15 03:35:37.212   585   599 D vold    : @@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
01-15 03:35:37.226   585   599 D vold    : @@## decryptWithKeymasterKey
01-15 03:35:37.236   585   599 D vold    : Added key 579279655 (ext4:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.236   585   599 D vold    : Added key 903985145 (f2fs:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.236   585   599 D vold    : Added key 744343326 (fscrypt:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.240   585   599 I vold    : Wrote system DE key reference to:/data/unencrypted/ref

01-15 03:35:37.484   585   585 D vold    : e4crypt_init_user0
01-15 03:35:37.484   585   585 D vold    : Preparing: /data/misc/vold/user_keys
01-15 03:35:37.486   585   585 D vold    : Preparing: /data/misc/vold/user_keys/ce
01-15 03:35:37.487   585   585 D vold    : Preparing: /data/misc/vold/user_keys/de

01-15 03:35:37.496   585   585 D vold    : @@## retrieveKey: appId= 
6(
01-15 03:35:37.502   585   585 D vold    : @@## decryptWithKeymasterKey
01-15 03:35:37.515   585   585 D vold    : Added key 100612541 (ext4:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.515   585   585 D vold    : Added key 102678144 (f2fs:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.516   585   585 D vold    : Added key 725297733 (fscrypt:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.516   585   585 D vold    : Installed de key for user 0
01-15 03:35:37.516   585   585 D vold    : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
01-15 03:35:37.519   585   585 D vold    : Preparing: /data/system_de/0
01-15 03:35:37.520   585   585 D vold    : Preparing: /data/misc_de/0
01-15 03:35:37.520   585   585 D vold    : Preparing: /data/vendor_de/0
01-15 03:35:37.521   585   585 D vold    : Preparing: /data/user_de/0
01-15 03:35:37.528   585   585 I vold    : Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
01-15 03:35:37.528   585   585 I vold    : Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
01-15 03:35:37.529   585   585 I vold    : Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
01-15 03:35:37.552   585   585 I vold    : Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value

05-24 03:10:54.665   585   585 D vold    : e4crypt_unlock_user_key 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
05-24 03:10:54.670   585   585 D vold    : Trying user CE key /data/misc/vold/user_keys/ce/0/current
05-24 03:10:54.695   585   585 D vold    : @@## decryptWithoutKeymaster
05-24 03:10:54.695   585   585 D vold    : Successfully retrieved key
05-24 03:10:54.696   585   585 D vold    : Added key 721367201 (ext4:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.696   585   585 D vold    : Added key 955440003 (f2fs:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.696   585   585 D vold    : Added key 1040194022 (fscrypt:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.697   585   585 D vold    : Installed ce key for user 0
05-24 03:10:54.702   585   585 D vold    : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
05-24 03:10:54.702   585   585 D vold    : Preparing: /data/system_ce/0
05-24 03:10:54.702   585   585 D vold    : Preparing: /data/misc_ce/0
05-24 03:10:54.702   585   585 D vold    : Preparing: /data/vendor_ce/0
05-24 03:10:54.706   585   585 D vold    : Preparing: /data/media/0
05-24 03:10:54.713   585   585 D vold    : Preparing: /data/data
05-24 03:10:54.717   585   585 I vold    : Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
05-24 03:10:54.719   585   585 I vold    : Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
05-24 03:10:54.720   585   585 I vold    : Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
05-24 03:10:54.724   585   585 I vold    : Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
05-24 03:10:54.729   585   585 I vold    : Found policy 18614a45fe4939f4 at /data/data which matches expected value

fbe 删除锁屏密码流程

05-24 03:12:40.549   585   585 D vold    : e4crypt_clear_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
05-24 03:12:40.549   585   585 D vold    : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! !
-24 03:12:40.576   585   585 D vold    : @@## getStretching: kStretch_nopassword
05-24 03:12:40.586   585   585 D vold    : @@## storeKey: appId= I_I����b���"���9��ޏ�v��!e�ꚜ�����w��CۿϖH����i�Z��=�
05-24 03:12:40.586   585   585 D vold    : @@## storeKey: usesKeymaster
5-24 03:12:40.597   585   585 D vold    : Creating key that doesn't need auth token
05-24 03:12:40.613   585   585 D vold    : @@## encryptWithKeymasterKey
05-24 03:12:40.641   585   585 D vold    : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
05-24 03:12:40.644   585   601 D vold    : e4crypt_fixate_newest_user_key_auth 0

05-24 03:12:40.645   585   601 V vold    : /system/bin/secdiscard
05-24 03:12:40.645   585   601 V vold    :     --
05-24 03:12:40.645   585   601 V vold    :     /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.646   585   601 V vold    :     /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.740  3209  3209 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
05-24 03:12:40.745  3209  3209 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
05-24 03:12:40.746  3209  3209 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.748  3209  3209 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.748  3209  3209 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
05-24 03:12:40.751  3209  3209 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
05-24 03:12:40.751  3209  3209 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.752  3209  3209 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.760   585   601 V vold    : /system/bin/rm
05-24 03:12:40.761   585   601 V vold    :     -rf
05-24 03:12:40.761   585   601 V vold    :     /data/misc/vold/user_keys/ce/0/current
05-24 03:12:40.867   585   601 D vold    : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current

fbe 删除锁屏密码开机流程,和 fbe未添加锁屏密码,非首次开机流程一样

01-15 03:40:27.180   587   609 I vold    : e4crypt_initialize_global_de
01-15 03:40:27.187   587   609 D vold    : Key exists, using: /data/unencrypted/key
01-15 03:40:27.220   587   609 D vold    : @@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
-15 03:40:27.234   587   609 D vold    : @@## decryptWithKeymasterKey
01-15 03:40:27.246   587   609 D vold    : Added key 470843117 (ext4:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.246   587   609 D vold    : Added key 752559141 (f2fs:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.246   587   609 D vold    : Added key 526774868 (fscrypt:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.249   587   609 I vold    : Wrote system DE key reference to:/data/unencrypted/ref
01-15 03:40:27.465   587   587 D vold    : e4crypt_init_user0
01-15 03:40:27.466   587   587 D vold    : Preparing: /data/misc/vold/user_keys
01-15 03:40:27.467   587   587 D vold    : Preparing: /data/misc/vold/user_keys/ce
01-15 03:40:27.469   587   587 D vold    : Preparing: /data/misc/vold/user_keys/de
03:40:27.478   587   587 D vold    : @@## retrieveKey: appId= I_I����b
01-15 03:40:27.485   587   587 D vold    : @@## decryptWithKeymasterKey
01-15 03:40:27.497   587   587 D vold    : Added key 647569142 (ext4:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497   587   587 D vold    : Added key 229967728 (f2fs:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497   587   587 D vold    : Added key 313799905 (fscrypt:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497   587   587 D vold    : Installed de key for user 0
01-15 03:40:27.497   587   587 D vold    : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
01-15 03:40:27.497   587   587 D vold    : Preparing: /data/system/users/0
01-15 03:40:27.499   587   587 D vold    : Preparing: /data/misc/profiles/cur/0
01-15 03:40:27.500   587   587 D vold    : Preparing: /data/system_de/0
01-15 03:40:27.502   587   587 D vold    : Preparing: /data/misc_de/0
01-15 03:40:27.503   587   587 D vold    : Preparing: /data/vendor_de/0
01-15 03:40:27.503   587   587 D vold    : Preparing: /data/user_de/0
01-15 03:40:27.505   587   587 I vold    : Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
01-15 03:40:27.506   587   587 I vold    : Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
01-15 03:40:27.506   587   587 I vold    : Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
01-15 03:40:27.515   587   587 I vold    : Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value

05-24 03:10:47.890   587   587 D vold    : e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
05-24 03:10:47.894   587   587 D vold    : Skipping non-key .
05-24 03:10:47.894   587   587 D vold    : Skipping non-key ..
05-24 03:10:47.895   587   587 D vold    : Trying user CE key /data/misc/vold/user_keys/ce/0/current
05-24 03:10:47.912   587   587 D vold    : @@## retrieveKey: appId= I_I����b���"���9��ޏ�v��!e�ꚜ�����w��CۿϖH����i�Z��=�
05-24 03:10:47.930   587   587 I vold    : List of Keymaster HALs found:
05-24 03:10:47.931   587   587 I vold    : Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-24 03:10:47.931   587   587 I vold    : Using Keymaster HAL: 4 from QTI for encryption.  Security level: TRUSTED_ENVIRONMENT, HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-24 03:10:47.931   587   587 D vold    : @@## decryptWithKeymasterKey
05-24 03:10:47.950   587   587 D vold    : Successfully retrieved key
05-24 03:10:47.950   587   587 D vold    : Added key 933288432 (ext4:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950   587   587 D vold    : Added key 533508179 (f2fs:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950   587   587 D vold    : Added key 122829941 (fscrypt:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950   587   587 D vold    : Installed ce key for user 0
05-24 03:10:47.954   587   612 D vold    : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
05-24 03:10:47.954   587   612 D vold    : Preparing: /data/system_ce/0
05-24 03:10:47.954   587   612 D vold    : Preparing: /data/misc_ce/0
05-24 03:10:47.954   587   612 D vold    : Preparing: /data/vendor_ce/0
05-24 03:10:47.967   587   612 D vold    : Preparing: /data/media/0
05-24 03:10:47.969   587   612 D vold    : Preparing: /data/data
05-24 03:10:47.970   587   612 I vold    : Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
05-24 03:10:47.974   587   612 I vold    : Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
05-24 03:10:47.974   587   612 I vold    : Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
05-24 03:10:47.976   587   612 I vold    : Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
05-24 03:10:47.978   587   612 I vold    : Found policy 18614a45fe4939f4 at /data/data which matches expected value

posted @ 2020-12-05 16:19  bobfly1984  阅读(2127)  评论(0编辑  收藏  举报