• General
  • Secondary Profiles Password Encryption Security

If your owner profile has an alphanumeric password and secondary profiles use a separate 4-digit code. Upon reboot, can the secondary profiles be decrypted with their 4-digit code or do they have to decrypt the whole phone with the alphanumeric password before?

    8v55 "Sensitive data is stored in user profiles. User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it. The owner profile is special and is used to store sensitive system-wide operating system data. This is why the owner profile needs to be logged in after a reboot before other user profiles can be used. The owner profile does not have access to the data in other profiles. Filesystem-based encryption is designed so that files can be deleted without having the keys for their data and file names, which enables the owner profile to delete other profiles without them being active."

    https://grapheneos.org/faq#encryption

    https://discuss.grapheneos.org/d/13895-are-secondary-profiles-protected-by-owners-password/15

    Owner lock method is not intended to be a boot passphrase and the current situation where it partially acts that way due to technical limitations is not a security feature and is likely not going to work that way in a few years. It's a technical limitation imposed by having sensitive OS data that's not split up by user but which is needed to run any user. They had to put it somewhere, so they put it in Owner. If there was a boot passphrase, this wouldn't make sense, but their design doesn't have one because it hurts usability and accessibility too much.