File-based encryption (FBE) and full-disk encryption (FDE)
Last updated February 20th, 2024
Categories:
Environment
-
Knox Platform for Enterprise (KPE)
-
FDE — Samsung Galaxy devices shipped with an Android version lower than 9.0 and Knox version lower than 3.3
-
FBE — Samsung Galaxy devices shipping with Android 9.0 or higher, with Knox 3.3 or higher
Overview
This article provides a general overview of how full-disk encryption (FDE) and file-based encryption (FBE) work, as well as instructions on how to check if your device uses FDE or FBE.
Per Google Android Compatibility Program’s requirements, devices launched with Android 10.0 or higher are required to use file-based encryption.
What is full-disk encryption (FDE)?
FDE was introduced in Android 4.4 to provide users with the option to encrypt the entire User Data partition at the Flash Block level. For devices launching with Android 7.0 or higher, the User Data partition is encrypted by default. To meet industry and government security requirements, Samsung Knox builds upon FDE to enhance the Android Open Source Project (AOSP) implementation, taking advantage of hardware security mechanisms and the Trusted Execution Environment (TEE) on Samsung Galaxy devices.
On FDE-based Android devices, all user data is encrypted using AES-256-XTS or AES-256-CBC (depending on the device) with a randomly generated encryption key, also known as the Primary Key. Once a device is encrypted, all data created by the user is automatically encrypted before being committed to disk and decrypted during the read process.
When the user boots up the device for the first time (for example, following a factory reset), the 256-bit Primary Key is randomly generated and encrypted in storage by the TEE-based Keymaster component. This component uses keys derived from a default password and a device-unique hardware based key to protect against offline attacks. If the user sets a PIN, password, or pattern on the device, and configures Secure Startup via Settings > Biometrics and Security, the Primary Key is re-encrypted by the Keymaster using the user’s credentials and stored. If Secure Startup is not enabled after being configured, the Primary Key is re-encrypted using the default password instead of the user’s credentials.
During subsequent device reboots, the Primary Key is recovered using either the default password or the user’s credentials, depending on whether Secure Startup was configured, allowing the system to mount the user data partition and decrypt its data while it is read from Flash memory.
Changing the user credentials on the device does not re-encrypt the user data. Instead, the Primary Key is re-encrypted with the new password.
What is file-based encryption (FBE)?
Available on all Samsung Galaxy devices shipping with Android 9.0 or higher and Knox 3.3 or higher, FBE protects files in the user data Flash partition. Each file is independently encrypted using AES-256-XTS, with a unique File Encryption Key that is derived from a Primary Key. In FBE, Primary Keys are randomly generated and protected by the TEE-based Keymaster component, similar to the FDE implementation.
Devices that launched with Android versions before version 9 continue to use FDE even after upgrading to Android 10 through a maintenance release.
FBE also introduced a new feature called Direct Boot, which lets encrypted devices boot straight to the lock screen. This feature allows for extended functionality over FDE-based devices, which require the user to enter their credentials before the OS boots and any user data is accessed. If the user chooses not to enter their credentials, the device is unable to receive phone calls and alarms are prevented from functioning.
FBE-based devices allow certain apps to be aware of their encryption and run with limited functionality enabled through the use of two storage locations:
-
Credential Encrypted (CE) storage is only available after the user enters their credentials and unlocks the device.
-
Device Encrypted (DE) storage is accessible during Direct Boot mode, as well as after the user unlocks the device.
This change to device encryption provides a more flexible data protection scheme. Different areas of the user data file system are protected by their own Primary Keys that are derived from different credentials. Separate Primary Keys are generated for CE and DE storage, with CE Primary Keys using both the device-unique hardware key and the user credentials, and DE keys protected using only the device-unique hardware based key.
Since the DE storage area is not bound to the user’s credentials, this storage is made available upon device reboot, allowing Direct Boot-aware applications to function before the user unlocks the device. For example, this allows phone calls to be received immediately after startup even before the user unlocks the device. This flexibility also allows work profiles to be protected using a set of Primary Keys separate from personal device data storage.
How do I check if my device uses FDE or FBE?
To check if your device uses FDE or FBE:
-
On your device, navigate to Settings > Biometrics and security.
-
In the Biometrics and security menu, check if the Secure startup menu exists or not.
-
If Secure startup is available, your device uses FDE.
-
If Secure startup is unavailable, your device uses FBE.
-
Related articles
To learn more about Android’s implementation of full-disk encryption and file-based encryption:
For a more in-depth view into how KPE protects your data:
On this page
Is this page helpful?