fbe 业务流程分析
总结
- 根据/data/unencrypted/key和/data/misc/vold/user_keys/de/0/路径是否存在判断首次开机还是非首次开机
- system DE存储空间和user DE存储空间使用keymasterkey加解密,密钥元素secret和token为空
- 不设置锁屏密码,user CE存储空间使用keymasterkey加解密,密钥元素secret和token为空
- 设置锁屏密码,user CE存储空间使用withoutkeymastery加解密,密钥元素secret为非空,token为空
- 删除锁屏密码后,user CE 存储空间采用 不设置锁密码 加密策略
- 添加锁屏密码、修改锁屏密码、删除锁屏密码后在添加锁屏密码,传下来的secret值是一样的,确保不同场景下加密的文件都能解密
- 对user CE存储空间加解密的key,不管是设置锁屏密码还是不设置锁屏密码,这个key始终是一样的即首次开机生成的key。不同的只是加密元素和加密方式。
- /data/misc/vold/user_keys/ce/0/current # cat stretching
nopassword // 没有设置锁屏密码
none // 设置锁屏密码
/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob // 此文件存在意味keymaster加解密、否则使用withoutkeymastery加解密
fbe首次开机流程
e4crypt_initialize_global_de
// 创建system DE key
Creating new key in /data/unencrypted/key
// 使用keymaster key加密
encryptWithKeymasterKey
// 把key ref和key键值对添加到keyring
Added key 586522868 (ext4:67da18ded3ad485e) to keyring 1037041109 in process 587
Added key 980373597 (f2fs:67da18ded3ad485e) to keyring 1037041109 in process 587
Added key 378832651 (fscrypt:67da18ded3ad485e) to keyring 1037041109 in process 587
Wrote system DE key reference to:/data/unencrypted/ref
// 由init.rc 里的mkdir创建system DE存储空间
e4crypt_init_user0
// 创建user DE & CE key,且用keymaster key加密
@@## encryptWithKeymasterKey
Created key: /data/misc/vold/user_keys/ce/0/current
@@## encryptWithKeymasterKey
Created key: /data/misc/vold/user_keys/de/0
// 把user DE & CE key ref和key键值对添加到keyring
Added key 874094742 (ext4:290ab433e0a0fa60) to keyring 1037041109 in process 587
Added key 598664941 (f2fs:290ab433e0a0fa60) to keyring 1037041109 in process 587
Added key 154377517 (fscrypt:290ab433e0a0fa60) to keyring 1037041109 in process 587
Added key 397224737 (ext4:18614a45fe4939f4) to keyring 1037041109 in process 587
Added key 496597483 (f2fs:18614a45fe4939f4) to keyring 1037041109 in process 587
Added key 4447633 (fscrypt:18614a45fe4939f4) to keyring 1037041109 in process 587
//建立user DE目录,给目录设置加密策略即 key ref
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
Preparing: /data/system/users/0
Preparing: /data/misc/profiles/cur/0
Preparing: /data/system_de/0
Preparing: /data/misc_de/0
Preparing: /data/vendor_de/0
Preparing: /data/user_de/0
Policy for /data/system_de/0 set to 290ab433e0a0fa60 modes 127/4
Policy for /data/misc_de/0 set to 290ab433e0a0fa60 modes 127/4
Policy for /data/vendor_de/0 set to 290ab433e0a0fa60 modes 127/4
Policy for /data/user_de/0 set to 290ab433e0a0fa60 modes 127/4
// token=“!”,secret="!",意味着token和secret是空的
e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
// 由于user CE key和key ref已经添加到keyring
Tried to unlock already-unlocked key for user 0
//建立user CE目录,给目录设置加密策略
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
Preparing: /data/system_ce/0
Preparing: /data/misc_ce/0
Preparing: /data/vendor_ce/0
Preparing: /data/media/0
Preparing: /data/data
Policy for /data/system_ce/0 set to 18614a45fe4939f4 modes 127/4
Policy for /data/misc_ce/0 set to 18614a45fe4939f4 modes 127/4
Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
Policy for /data/media/0 set to 18614a45fe4939f4 modes 127/4
Policy for /data/data set to 18614a45fe4939f4 modes 127/4
fbe未添加锁屏密码,非首次开机流程
e4crypt_initialize_global_de
// 获取system DE key,使用keymasterkey解密,加载到keyring
Key exists, using: /data/unencrypted/key
@@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
@@## decryptWithKeymasterKey
Added key 980039627 (ext4:67da18ded3ad485e) to keyring 835505565 in process 583
Added key 959702073 (f2fs:67da18ded3ad485e) to keyring 835505565 in process 583
Added key 606242813 (fscrypt:67da18ded3ad485e) to keyring 835505565 in process 583
Wrote system DE key reference to:/data/unencrypted/ref
// 使用keymasterkey解密user DE key,加载到keyring,建立DE存储空间,设置加密策略
e4crypt_init_user0
@@## decryptWithKeymasterKey
Added key 478727481 (ext4:290ab433e0a0fa60) to keyring 835505565 in process 583
Added key 765526525 (f2fs:290ab433e0a0fa60) to keyring 835505565 in process 583
Added key 469387747 (fscrypt:290ab433e0a0fa60) to keyring 835505565 in process 583
Installed de key for user 0
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
Preparing: /data/system_de/0
Preparing: /data/misc_de/0
Preparing: /data/vendor_de/0
Preparing: /data/user_de/0
Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value
// token和secret是空的,使用keymasterkey解密user CE key,加载到keyring,建立DE存储空间,设置加密策略
e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
Trying user CE key /data/misc/vold/user_keys/ce/0/current
@@## retrieveKey: appId= �s7_a�-��
@@## decryptWithKeymasterKey
Successfully retrieved key
Added key 69920630 (ext4:18614a45fe4939f4) to keyring 835505565 in process 583
Added key 897462990 (f2fs:18614a45fe4939f4) to keyring 835505565 in process 583
Added key 506661260 (fscrypt:18614a45fe4939f4) to keyring 835505565 in process 583
Installed ce key for user 0
e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
Preparing: /data/system_ce/0
Preparing: /data/misc_ce/0
Preparing: /data/vendor_ce/0
Preparing: /data/media/0
Preparing: /data/data
Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
Found policy 18614a45fe4939f4 at /data/data which matches expected value
fbe添加锁屏密码流程, 修改锁屏密码不再调用下面流程
// 调用两次e4crypt_add_user_key_auth,第一次传递的token和secret是空,第二次传递的token是空,secret是非空
// secret空使用keymasterkey加解密,非空使用非keymaster进行加解密
// e4crypt_add_user_key_auth第一次调用新创建CE key: /data/misc/vold/user_keys/ce/0/cx0000000000,使用secdiscard、rm删除current CE key。
// rename cx0000000000 to current
// 第二次调用流程和第一次一样,区别就是secret非空,使用非keymaster加解密
vold : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! !
vold : Skipping non-key .
vold : Skipping non-key ..
vold : @@## getStretching: kStretch_nopassword
vold : @@## storeKey: appId= UpN?K&�w��3��_DMk��ۆ%O��|������e��OU�ɤ���Hmt;�t`H�
vold : @@## storeKey: usesKeymaster
vold : @@## encryptWithKeymasterKey
vold : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
vold : e4crypt_fixate_newest_user_key_auth 0
vold : /system/bin/secdiscard
vold : --
vold : /data/misc/vold/user_keys/ce/0/current/encrypted_key
vold : /data/misc/vold/user_keys/ce/0/current/secdiscardable
vold : /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
vold : /system/bin/rm
vold : -rf
vold : /data/misc/vold/user_keys/ce/0/current
vold : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current
vold : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
vold : @@## getStretching: kStretch_none
vold : @@## encryptWithoutKeymaster
vold : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
vold : e4crypt_fixate_newest_user_key_auth 0
vold : /system/bin/secdiscard
vold : --
vold : /data/misc/vold/user_keys/ce/0/current/encrypted_key
vold : /data/misc/vold/user_keys/ce/0/current/secdiscardable
vold : /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
vold : /system/bin/rm
vold : -rf
vold : /data/misc/vold/user_keys/ce/0/current
vold : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current
fbe删除锁屏密码后,再次添加锁屏密码
// token为空,secret为非空
05-24 03:20:12.251 587 612 D vold : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
05-24 03:20:12.284 587 612 D vold : @@## getStretching: kStretch_none
05-24 03:20:12.289 587 612 D vold : @@## storeKey: appId= {=i)v����# ���H�̑ڴ��+F3?�[|�Ųj/��z��U̾��2��KZ�3)������d�'@��~�
�0�e����C�?u�r��҄2�a*S��Ω�i�#b�l�����QI
05-24 03:20:12.289 587 612 D vold : @@## encryptWithoutKeymaster
05-24 03:20:12.296 587 612 D vold : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
05-24 03:20:12.299 587 612 D vold : e4crypt_fixate_newest_user_key_auth 0
05-24 03:20:12.318 587 612 V vold : /system/bin/secdiscard
05-24 03:20:12.318 587 612 V vold : --
05-24 03:20:12.318 587 612 V vold : /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.318 587 612 V vold : /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.318 587 612 V vold : /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.394 3274 3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
05-24 03:20:12.398 3274 3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
05-24 03:20:12.398 3274 3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.398 3274 3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:20:12.398 3274 3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
05-24 03:20:12.401 3274 3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
05-24 03:20:12.401 3274 3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.402 3274 3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:20:12.402 3274 3274 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/keymaster_key_blob' unlink=1
05-24 03:20:12.404 3274 3274 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob block device is tmpfs
05-24 03:20:12.404 3274 3274 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.404 3274 3274 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob
05-24 03:20:12.411 587 612 V vold : /system/bin/rm
05-24 03:20:12.411 587 612 V vold : -rf
05-24 03:20:12.412 587 612 V vold : /data/misc/vold/user_keys/ce/0/current
05-24 03:20:12.522 587 612 D vold : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current
fbe添加锁屏密码后开机流程
// 使用keymasterkey解锁system DE key,安装keyring
// 使用keymasterkey解锁user DE key,安装keyring,建立DE存储空间,设置加密策略
// 用户输入正确解锁密码后,e4crypt_unlock_user_key传入的secret为非空,使用WithoutKeymaster解锁user CE key,安装keyring,建立CE 存储空间,设置加密策略
01-15 03:35:37.197 585 599 I vold : e4crypt_initialize_global_de
01-15 03:35:37.201 585 599 D vold : Key exists, using: /data/unencrypted/key
01-15 03:35:37.212 585 599 D vold : @@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
01-15 03:35:37.226 585 599 D vold : @@## decryptWithKeymasterKey
01-15 03:35:37.236 585 599 D vold : Added key 579279655 (ext4:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.236 585 599 D vold : Added key 903985145 (f2fs:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.236 585 599 D vold : Added key 744343326 (fscrypt:67da18ded3ad485e) to keyring 401270441 in process 585
01-15 03:35:37.240 585 599 I vold : Wrote system DE key reference to:/data/unencrypted/ref
01-15 03:35:37.484 585 585 D vold : e4crypt_init_user0
01-15 03:35:37.484 585 585 D vold : Preparing: /data/misc/vold/user_keys
01-15 03:35:37.486 585 585 D vold : Preparing: /data/misc/vold/user_keys/ce
01-15 03:35:37.487 585 585 D vold : Preparing: /data/misc/vold/user_keys/de
01-15 03:35:37.496 585 585 D vold : @@## retrieveKey: appId=
6(
01-15 03:35:37.502 585 585 D vold : @@## decryptWithKeymasterKey
01-15 03:35:37.515 585 585 D vold : Added key 100612541 (ext4:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.515 585 585 D vold : Added key 102678144 (f2fs:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.516 585 585 D vold : Added key 725297733 (fscrypt:290ab433e0a0fa60) to keyring 401270441 in process 585
01-15 03:35:37.516 585 585 D vold : Installed de key for user 0
01-15 03:35:37.516 585 585 D vold : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
01-15 03:35:37.519 585 585 D vold : Preparing: /data/system_de/0
01-15 03:35:37.520 585 585 D vold : Preparing: /data/misc_de/0
01-15 03:35:37.520 585 585 D vold : Preparing: /data/vendor_de/0
01-15 03:35:37.521 585 585 D vold : Preparing: /data/user_de/0
01-15 03:35:37.528 585 585 I vold : Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
01-15 03:35:37.528 585 585 I vold : Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
01-15 03:35:37.529 585 585 I vold : Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
01-15 03:35:37.552 585 585 I vold : Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value
05-24 03:10:54.665 585 585 D vold : e4crypt_unlock_user_key 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
05-24 03:10:54.670 585 585 D vold : Trying user CE key /data/misc/vold/user_keys/ce/0/current
05-24 03:10:54.695 585 585 D vold : @@## decryptWithoutKeymaster
05-24 03:10:54.695 585 585 D vold : Successfully retrieved key
05-24 03:10:54.696 585 585 D vold : Added key 721367201 (ext4:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.696 585 585 D vold : Added key 955440003 (f2fs:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.696 585 585 D vold : Added key 1040194022 (fscrypt:18614a45fe4939f4) to keyring 401270441 in process 585
05-24 03:10:54.697 585 585 D vold : Installed ce key for user 0
05-24 03:10:54.702 585 585 D vold : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
05-24 03:10:54.702 585 585 D vold : Preparing: /data/system_ce/0
05-24 03:10:54.702 585 585 D vold : Preparing: /data/misc_ce/0
05-24 03:10:54.702 585 585 D vold : Preparing: /data/vendor_ce/0
05-24 03:10:54.706 585 585 D vold : Preparing: /data/media/0
05-24 03:10:54.713 585 585 D vold : Preparing: /data/data
05-24 03:10:54.717 585 585 I vold : Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
05-24 03:10:54.719 585 585 I vold : Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
05-24 03:10:54.720 585 585 I vold : Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
05-24 03:10:54.724 585 585 I vold : Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
05-24 03:10:54.729 585 585 I vold : Found policy 18614a45fe4939f4 at /data/data which matches expected value
fbe 删除锁屏密码流程
05-24 03:12:40.549 585 585 D vold : e4crypt_clear_user_key_auth 0 serial=0 token_present=0 ! C28D9406E1A4EAEF9D6404A72740FFE57E810BD430CC65B0FFC19743ED983F750503A1728CC4D28432EE612A539489CEA99869CC23629A6CACE6FC931E8D5149
05-24 03:12:40.549 585 585 D vold : e4crypt_add_user_key_auth 0 serial=0 token_present=0 ! !
-24 03:12:40.576 585 585 D vold : @@## getStretching: kStretch_nopassword
05-24 03:12:40.586 585 585 D vold : @@## storeKey: appId= I_I����b���"���9��ޏ�v��!e�ꚜ�����w��CۿϖH����i�Z��=�
05-24 03:12:40.586 585 585 D vold : @@## storeKey: usesKeymaster
5-24 03:12:40.597 585 585 D vold : Creating key that doesn't need auth token
05-24 03:12:40.613 585 585 D vold : @@## encryptWithKeymasterKey
05-24 03:12:40.641 585 585 D vold : Created key: /data/misc/vold/user_keys/ce/0/cx0000000000
05-24 03:12:40.644 585 601 D vold : e4crypt_fixate_newest_user_key_auth 0
05-24 03:12:40.645 585 601 V vold : /system/bin/secdiscard
05-24 03:12:40.645 585 601 V vold : --
05-24 03:12:40.645 585 601 V vold : /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.646 585 601 V vold : /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.740 3209 3209 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/encrypted_key' unlink=1
05-24 03:12:40.745 3209 3209 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/encrypted_key block device is tmpfs
05-24 03:12:40.746 3209 3209 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.748 3209 3209 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/encrypted_key
05-24 03:12:40.748 3209 3209 D secdiscard: Securely discarding '/data/misc/vold/user_keys/ce/0/current/secdiscardable' unlink=1
05-24 03:12:40.751 3209 3209 D secdiscard: For path /data/misc/vold/user_keys/ce/0/current/secdiscardable block device is tmpfs
05-24 03:12:40.751 3209 3209 E secdiscard: Secure discard failed for: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.752 3209 3209 D secdiscard: Discarded: /data/misc/vold/user_keys/ce/0/current/secdiscardable
05-24 03:12:40.760 585 601 V vold : /system/bin/rm
05-24 03:12:40.761 585 601 V vold : -rf
05-24 03:12:40.761 585 601 V vold : /data/misc/vold/user_keys/ce/0/current
05-24 03:12:40.867 585 601 D vold : Renaming /data/misc/vold/user_keys/ce/0/cx0000000000 to /data/misc/vold/user_keys/ce/0/current
fbe 删除锁屏密码开机流程,和 fbe未添加锁屏密码,非首次开机流程一样
01-15 03:40:27.180 587 609 I vold : e4crypt_initialize_global_de
01-15 03:40:27.187 587 609 D vold : Key exists, using: /data/unencrypted/key
01-15 03:40:27.220 587 609 D vold : @@## retrieveKey: appId= Ɨ[�<xJ�F�4D̀R��d��O��v��P&�NbU�mW#1R��d��5�w�_L����ڣ
-15 03:40:27.234 587 609 D vold : @@## decryptWithKeymasterKey
01-15 03:40:27.246 587 609 D vold : Added key 470843117 (ext4:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.246 587 609 D vold : Added key 752559141 (f2fs:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.246 587 609 D vold : Added key 526774868 (fscrypt:67da18ded3ad485e) to keyring 282854552 in process 587
01-15 03:40:27.249 587 609 I vold : Wrote system DE key reference to:/data/unencrypted/ref
01-15 03:40:27.465 587 587 D vold : e4crypt_init_user0
01-15 03:40:27.466 587 587 D vold : Preparing: /data/misc/vold/user_keys
01-15 03:40:27.467 587 587 D vold : Preparing: /data/misc/vold/user_keys/ce
01-15 03:40:27.469 587 587 D vold : Preparing: /data/misc/vold/user_keys/de
03:40:27.478 587 587 D vold : @@## retrieveKey: appId= I_I����b
01-15 03:40:27.485 587 587 D vold : @@## decryptWithKeymasterKey
01-15 03:40:27.497 587 587 D vold : Added key 647569142 (ext4:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497 587 587 D vold : Added key 229967728 (f2fs:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497 587 587 D vold : Added key 313799905 (fscrypt:290ab433e0a0fa60) to keyring 282854552 in process 587
01-15 03:40:27.497 587 587 D vold : Installed de key for user 0
01-15 03:40:27.497 587 587 D vold : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
01-15 03:40:27.497 587 587 D vold : Preparing: /data/system/users/0
01-15 03:40:27.499 587 587 D vold : Preparing: /data/misc/profiles/cur/0
01-15 03:40:27.500 587 587 D vold : Preparing: /data/system_de/0
01-15 03:40:27.502 587 587 D vold : Preparing: /data/misc_de/0
01-15 03:40:27.503 587 587 D vold : Preparing: /data/vendor_de/0
01-15 03:40:27.503 587 587 D vold : Preparing: /data/user_de/0
01-15 03:40:27.505 587 587 I vold : Found policy 290ab433e0a0fa60 at /data/system_de/0 which matches expected value
01-15 03:40:27.506 587 587 I vold : Found policy 290ab433e0a0fa60 at /data/misc_de/0 which matches expected value
01-15 03:40:27.506 587 587 I vold : Found policy 290ab433e0a0fa60 at /data/vendor_de/0 which matches expected value
01-15 03:40:27.515 587 587 I vold : Found policy 290ab433e0a0fa60 at /data/user_de/0 which matches expected value
05-24 03:10:47.890 587 587 D vold : e4crypt_unlock_user_key 0 serial=0 token_present=0 ! !
05-24 03:10:47.894 587 587 D vold : Skipping non-key .
05-24 03:10:47.894 587 587 D vold : Skipping non-key ..
05-24 03:10:47.895 587 587 D vold : Trying user CE key /data/misc/vold/user_keys/ce/0/current
05-24 03:10:47.912 587 587 D vold : @@## retrieveKey: appId= I_I����b���"���9��ޏ�v��!e�ꚜ�����w��CۿϖH����i�Z��=�
05-24 03:10:47.930 587 587 I vold : List of Keymaster HALs found:
05-24 03:10:47.931 587 587 I vold : Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-24 03:10:47.931 587 587 I vold : Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-24 03:10:47.931 587 587 D vold : @@## decryptWithKeymasterKey
05-24 03:10:47.950 587 587 D vold : Successfully retrieved key
05-24 03:10:47.950 587 587 D vold : Added key 933288432 (ext4:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950 587 587 D vold : Added key 533508179 (f2fs:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950 587 587 D vold : Added key 122829941 (fscrypt:18614a45fe4939f4) to keyring 282854552 in process 587
05-24 03:10:47.950 587 587 D vold : Installed ce key for user 0
05-24 03:10:47.954 587 612 D vold : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 2
05-24 03:10:47.954 587 612 D vold : Preparing: /data/system_ce/0
05-24 03:10:47.954 587 612 D vold : Preparing: /data/misc_ce/0
05-24 03:10:47.954 587 612 D vold : Preparing: /data/vendor_ce/0
05-24 03:10:47.967 587 612 D vold : Preparing: /data/media/0
05-24 03:10:47.969 587 612 D vold : Preparing: /data/data
05-24 03:10:47.970 587 612 I vold : Found policy 18614a45fe4939f4 at /data/system_ce/0 which matches expected value
05-24 03:10:47.974 587 612 I vold : Found policy 18614a45fe4939f4 at /data/misc_ce/0 which matches expected value
05-24 03:10:47.974 587 612 I vold : Policy for /data/vendor_ce/0 set to 18614a45fe4939f4 modes 127/4
05-24 03:10:47.976 587 612 I vold : Found policy 18614a45fe4939f4 at /data/media/0 which matches expected value
05-24 03:10:47.978 587 612 I vold : Found policy 18614a45fe4939f4 at /data/data which matches expected value