Before and After First Unlock

If you’ve used a desktop operating system, you may have encountered full-disk encryption. The name is self explanatory. When full-disk encryption is used on a desktop or laptop, the entire contents of the hard drive (minus whatever is needed to properly boot the system far enough to enter the decryption key) are encrypted. The contents are only accessible after the decryption key has been provided during boot up.

iOS and modern versions of Android use a different model called file-based encryption. Rather than encrypt the entire contents of the device, files are encrypted individually per a policy. This is why you can make a call on an iOS or Android phone after is has been booted but before it has been unlocked. But like with full-disk encryption, the encrypted files are only accessible after the device is first unlocked after a boot up.

The states where encrypted data is inaccessible and accessible are referred to as before and after first unlock respectively. Before the first unlock data is considered at rest. The device is unable to decrypt the encrypted data because the necessary decryption key hasn’t been provided by the owner. After the first unlock the device stores the decryption key so it can decrypt and access the encrypted data. How the keys are stored varies. Many devices store the decryption keys in memory, but the more secure method is to store decryption keys in a secure chip such as the Secure Enclave hardware on iPhones or the Titan M chip on Pixel devices (technically the decryption key is usually derived by the secure chip using the provided decryption key and other inputs, but I’ll skip over those details in this post). Using a secure chip adds a barrier between the decryption key and malicious software or hardware able to gain unfettered access to system memory.

When you read stories about law enforcers extracting encrypted data from a device without the owner’s cooperation, they are almost always extracting the data after the first unlock:

The main difference between Complete Protection and AFU relates to how quick and easy it is for applications to access the keys to decrypt data. When data is in the Complete Protection state, the keys to decrypt it are stored deep within the operating system and encrypted themselves. But once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone.

Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It’s true that you need a specific type of operating system vulnerability to grab the keys—and both Apple and Google patch as many of those flaws as possible—but if you can find it, the keys are available, too.

When law enforcers confiscate a device, it’s common practice to both prevent the device from powering off and to isolate it from any network access. This prevents the device from entering before the first unlock state and from being remotely wiped. Mobile phones have their own batteries, which increases the time law enforcers have between confiscation and connecting it to a secondary power source. Placing the phone into a Faraday bag isolates it from network access. Once a device has been prevented from powering off or being remotely wiped, law enforcers can work to decrypt the contents of the phone at their leisure.

Before continuing I will note that law enforcers aren’t the only individuals interested in gaining unauthorized access to the encrypted contents on a device. I’m highlighting them because they receive the most press coverage. Keep in mind that many unauthorized parties such as abusers and stalkers have the same interest albeit for different reasons.

The safest state for encrypted content is at rest. This is why I always recommend people power down their devices before entering airport checkpoints or border crossings. Those are situations where encounters with law enforcers are guaranteed and the chances of devices being confiscated is higher than average. I also recommend people power down their desktops and especially laptops when not in use. That way if the device is stolen, the contents remain inaccessible to the thief. However, powering down devices isn’t always practical, especially when the device in question is a smartphone. If you’re meeting somebody at an airport, you might need to keep your phone powered on in case the party with whom you’re meeting needs to contact you (although I will argue that proper planning can avoid this scenario and, if not, rebooting the device and leaving it in before the first unlock state will allow you to be accessible while keeping your data at rest). If a mugger demands your smartphone, they probably won’t allow you to power it down before handing it over.

This is why I was happy to discover a feature in GrapheneOS. In the settings application under the Security category there is an option called Auto reboot. By default this is disabled, but if you tap on it, you’ll be greeted with a dialog box offering different lengths of time. If you select one of those options, the phone will automatically reboot if it hasn’t been unlocked in the selected period of time. This ensures that the device will return to before the first unlock state after you haven’t unlocked it for the selected period of time. If you unlock your device frequently and don’t mind entering your password when you wake up in the morning, you can select a short time period. If you don’t want to enter the password every morning, you can select eight hours (or slightly more than however many hours you typically sleep). This feature creates a specific window of time between when a device is confiscated or stolen and when it returns to before the first unlock state.

This is a security feature I would like to see adopted by other operating systems. Knowing my laptop had a finite period of time between when I last unlocked it and when it returns to before the first unlock state would give me the convenience of putting it in sleep mode rather than powering it down completely when transporting it (I fully admit powering down isn’t a huge inconvenience for me since I don’t transport my laptop frequently, but a lot of people transport their laptop between home and work twice a day).