I am very new to Android’s FBE and still learning the basics.
From what I could understand, the way FBE works is that for each file to be stored on the disk, the kernel requests for a key from some secure hardware logic. The kernel then assigns this key to the file to be encrypted and is then stored on the disk. When that file is read from the disk in future, the kernel will use the same key to decrypt it.
- Since there are multiple files that use multiple keys, who keeps track of the key used to encrypt each file?
- Are these details stored in some secure non-volatile memory? If the device is reboot, and the keys removed from RAM, how is this information mapped again?
- If some files are deleted on the disk, do the keys get re-used?