1

The Security page for Android discusses file-based vs full-disk encryption. It discusses some rationale about why FBE in Android 7.0 is an enhancement over FDE when it come to a smartphone.

But, if the encryption subject is considered for Embedded Linux devices which approach works better for

Do all these devices use:

  • same kind of encryption, or rather
  • the FDE/FBE choice differs based on class of device.
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
sob
  • 215
  • 2
  • 10

1 Answers1

3

Choice of encryption model is going to depend on the device's threat model and available resources. Both Full Disk Encryption and File-based encryption are designed to protect data at rest. Full disk encryption is going to offer you more protection in the event of a stolen HDD, provided the device is powered off. FDE, however, will not protect you in the event the device is powered on. File-based encryption will offer more protection against attacks when the device is powered on, as it allows you to unlock different files using different keys independently.

Regarding the specific devices you mentioned, the choice is all going to depend on the threat model that the developer used.

Dan Landberg
  • 3,312
  • 12
  • 17