JUMP TO SOLUTION Solved

Original topic:

Where is Secure Start (or Secure Boot) on the S20?

(Topic created: 03-26-2020 11:08 AM)
51316 Views
userQgWZhVaUe2
Asteroid
Options
Galaxy S Phones

On my Note 8, I was able to 'encrypt device', to prompt for a PIN or PW to boot the phone.   I understand on the Note 10, there's a Secure Start option.   Where are either of those options on the S20?   Is it still possible to encrypt the entire device (I've already encrypted the SD card)?

 

thanks,

 

daryl

17 Replies
Solution
Andee78
Asteroid
Options
Galaxy S Phones

This phone have file based encryption (fbe) which mean you don't need the full disk encryption (fde) feature aka secure startup. 

https://developer.samsungknox.com/blog/samsung-devices-and-file-based-encryption-fbe

https://support.samsungknox.com/hc/en-us/articles/360039577713-File-based-encryption-FBE-and-full-di...

userQgWZhVaUe2
Asteroid
Options
Galaxy S Phones

This makes the phone less secure, IMHO.  When you encrypt the entire device, the phone won't boot until you pass that phase of authentication.  That way, nobody can't even get into the one (police or whomever) without the password.  Now they can hack the phone since it actually starts and just needs a password to get in.  Far less secure.

Andee78
Asteroid
Options
Galaxy S Phones

@userQgWZhVaUe2 not true! FBE is far more secure than FDE.

0 Likes
Reply
userRylCWakzat
Constellation
Options
Galaxy S Phones

FBE is NOT more secure than FDE, it is less so. With FDE the ENTIRE disk is encrypted, not so with FBE. Who gets to decide which files are encrypted with FBE on an Android phone? Do you need to specify each file you want encrypted? What if you miss one? What about the apps that are installed? Are those able to be seen without decryption? I keep my most sensitive work materials secure by 1) Using FDE on my Linux machines requiring a key to even boot the OS. 2) Having my home directory encrypted with a different key. 3) Using a PGP application that keeps files encrypted with yet another key. On my previous phone(an S7) I relied on BOTH FDE and encrypting the most sensitive files with a separate PGP-based application storage.

 

Essentially by removing FDE you take away the most important safe guards  of privacy on your device. Who thinks this is the result of an NSL being served to Google to allow for backdoors to easily be placed onto your phone?

usersCx7GB96zU
Constellation
Options
Galaxy S Phones

Exactly the reason why i dumped my Galaxy S10 phone and will never buy a Samsung phone again.  This kind of security should be top priority! 

 

Entering a code before the phone starts up is super secure, i really liked that. I find it really annoying that they took that option away, so dumb that you did this Samsung.

 

So never a Samsung phone for me again, you lost a loyal Galaxy customer... so bye bye Samsung...   

user5ksXmrJzZ5
Asteroid
Options
Galaxy S Phones

The Samsung had nothing to with ditching Full Disk Encryption (FDE) and replacing it with FBE. 

 

Per Samsung Docs, the Google forced Samsung into complying with using FBE only on Android 10 and later devices. 

 

Screenshot_20201125-130755_Cake Browser.jpg

 

0 Likes
Reply
userUNKCcsAFH4
Constellation
Options
Galaxy S Phones

Perhaps, theoretically. Correct me if I'm wrong, but the S20 has supposed Government graded encryption and security (provided via Knox and the encryption chip "S3FV9RR", second gen). This protects against hardware attacks, and more specifically password and login attacks, as stated on a Samsung news website "https://news.samsung.com/global/strengthening-hardware-security-with-galaxy-s20s-secure-processor#:~....". This is samsungs substitute to the secure backup, and as stated on Google.co.uk, used a file based encryption, so the files can not theoretically be hacked and stolen. And hacks will become harder and more complex to perform, and apparently this chip is government grade (information from an unknown source).

 

Just as a piece of mind when purchasing one of these devices, thus information was sourced from a supposed reliable source, so please do not take everything directly to heart as this has a possibility of inaccuracy. But there should be no worry at all with security with this device, good luck for any new S20 users, it will not let you down! (Information may be subject to change, and feel free to correct anything I have said wrong! 🙂 )

0 Likes
Reply
user5ksXmrJzZ5
Asteroid
Options
Galaxy S Phones

No, it will not be added back. Per Android documentation, all new devices launching with Android 10.0 and later are required to have File Based Encryption (FBE). 

 

Full Disk Encryptions  is a legacy feature now. FBE is much more secure and the new standard now. Please read up the documentations on it. 

 

https://source.android.com/security/encryption/file-based

0 Likes
Reply