Urgent, but simple to implement additions on encryption in SFOS

SFOS now has encrypted LUKS storage and supports pin-code / fingerprints to unlock.
But in some aspects it looks more like a security theater, than an OS designed with security in mind.
What has to be implemented:

  1. decouple LUKS storage pw (boot pw) from PIN - allow them to be different.
  2. double Power Button click should disable fingerprint scanner till after next PIN code unlock.


  1. decouple LUKS storage password (boot pw) from PIN - allow them to be different.
    Currently the PIN code acts as a password for LUKS volume, and PIN codes are short numeric codes.
    In a situation when you lose access to your encrypted SFOS phone for some time, opponent can boot it into recovery, dump the LUKS volume header (or the whole storage), and then bruteforce you numeric PIN on a videocard. So he will have you PIN to unlock the phone and storage in some ~30 minutes.
    You even don’t have to know that this happened, i.e. he can boot the phone into recovery, dump the LUKS header and return the phone, it will take 5 minutes tops.
    Then he can bruteforce the PIN offline and unlock the phone secretly next time he has access to it.
    And you wouldn’t even know it.

Solution: leave PIN code only for runtime unlocking, allow to set different full-keyboard alpha-numeric password for boot LUKS unlocking (when turning on).

  1. double Power Button click should disable fingerprint scanner till after next PIN code unlock.
    This is already implemented on iOS at least, because there are situations in some countries when you can be forced to apply your finger to fingerprint scanner.
    So in such situations ability to quickly “block” fingerprint unlocking is essential.

how would you dump in recovery wihout knowing pin code?

fastboot boot <kernel> [ <ramdisk> [ <second> ] ] Download and boot kernel.

I think this post about easily decrypting your home directory is a good overview (I never tried it, don’t know if it works):

If it’s true, then Jolla strongly needs to consider adding the ability for either a separate boot passphrases, or allowing passphrases in addition to PINs. Either should be a very simple implementation.

can you fastboot boot random image with locked bootloader?

Afaik, you cannot boot Sailfish with a locked bootloader, so it’s irrelevant if a locked bootloader prevents you from fastbooting random images… :wink:

Btw, Jolla, if you worry that Average Joe will forget the boot pw, you can generate a recovery key-file and put it into another LUKS slot and ask user to save it in case he forgets the boot pw.

1 Like


I don’t know how simple it is to implement, but a recovery QR-code would be a great solution from a usability point of view. Or even the possibility to use a QR-code as passphrase.

1 Like

That would then require access to the camera to be available before the boot password is entered, which sounds pretty dangerous to me. Not to mention a QR code is just text encoded in image form, so anyone who could see the QR code would be able to read your password by simply scanning it with their own device.

1 Like