Sometimes when I want to wipe my phone I do a fresh reinstall of graphene as I believe this wipes keys from the secure element which effectively means all old data can no longer be decrypted. Would this in principle be the same as deleting a user profile? Meaning I could create a separate user as a vault and whenever I want to wipe that vault I just delete the user without concern of it being accessible down the track?
Does Deleting User Profile Remove Keys From Secure Element?
- Edited
graphvpnquestion When you delete the user profile, the keys are also deleted. Have a read of the docs for more info about how filesystem-based encryption works on GrapheneOS:
https://grapheneos.org/faq#encryption
Sensitive data is stored in user profiles. User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it. The owner profile is special and is used to store sensitive system-wide operating system data. This is why the owner profile needs to be logged in after a reboot before other user profiles can be used. The owner profile does not have access to the data in other profiles. Filesystem-based encryption is designed so that files can be deleted without having the keys for their data and file names, which enables the owner profile to delete other profiles without them being active.
Thanks for the link.
The OS stores a high entropy random value as the Weaver token on the secure element (Titan M on Pixels) and uses it as another input for key derivation. The Weaver token is stored alongside a Weaver key derived by the OS from the password token. In order to retrieve the Weaver token, the secure element requires the correct Weaver key. A secure internal timer is used to implement hardware-based delays for each attempt at key derivation. It quickly ramps up to 1 day delays before the next attempt. Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots.