Direct Boot 提供了在设备解锁前运行关键应用的能力,主要针对时间敏感的应用。它允许部分系统组件在设备启动时运行,同时保持数据安全。文件基加密依赖于内核对ext4加密的支持,Keymaster HAL和TEE确保DE密钥的安全。开发者应注意限制在设备保护存储中保存的数据,避免长期存储敏感凭证,并使用临时令牌。验证文件加密可通过cts的kvm-xfstests和制造商设置检查。
摘要由CSDN通过智能技术生成
What is Direct Boot?
Starting with Android N, a device that has been powered on can boot into a new mode called Direct Boot before the user has a chance to unlock it for the first time.
Direct Boot For Users
1、Boot directly to lock screen
2、Calls, SMS, alarms work after device reboot before unlock
3、Per-user disk encryption
Direct Boot For Developers
Data
On an FBE-enabled device, each user of the device has two storage locations available to applications:
1、Credential Encrypted (CE) storage:
By default, all app`s data in here
2、Device Encrypted (DE) storage:
DirectBootAware run before first user unlock and can use it