# Encrypted Storage

Since Android U, AVF (with Microdroid) supports Encrypted Storage which is the storage solution
in a VM. Within a VM, this is mounted at a path that can be retrieved via the [`AVmPayload_getEncryptedStoragePath()`][vm_payload_api].
Any data written in encrypted storage is persisted and is available next time the VM is run.

Encrypted Storage is backed by a para-virtualized block device on the guest which is further
backed by a disk image file in the host. The block device is formatted with an ext4 filesystem.

## Security

Encrypted Storage uses block level encryption layer (Device-Mapper's "crypt" target) using a key
derived from the VM secret and AES256 cipher with HCTR2 mode. The Block level encryption ensures
the filesystem is also encrypted.

### Integrity
Encrypted Storage does not offer the level of integrity offered by primitives such as
authenticated encryption/dm-integrity/RPMB. That level of integrity comes with substantial
disk/performance overhead. Instead, it uses HCTR2 which is a super-pseudorandom
permutation encryption mode, this offers better resilience against malleability attacks (than other
modes such as XTS).

## Encrypted Storage and Updatable VMs

With [Updatable VM feature][updatable_vm] shipping in Android V, Encrypted Storage can be accessed
even after OTA/updates of boot images and apks. This requires chipsets to support [Secretkeeper HAL][sk_hal].


[vm_payload_api]: https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Virtualization/vm_payload/include/vm_payload.h;l=2?q=vm_payload%2Finclude%2Fvm_payload.h&ss=android%2Fplatform%2Fsuperproject%2Fmain
[updatable_vm]: https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Virtualization/docs/updatable_vm.md
[sk_hal]: https://cs.android.com/android/platform/superproject/main/+/main:system/secretkeeper/README.md