In the bfu columns it says bfu: yes bf: no. And in the other columns it says ffs: yes bf: no. So they can’t access the full file system from bfu, they can only access… bfu? What does that mean? They can clone the encrypted storage? ‘Unlock’ the system partition?
Before First Unlock, After First Unlock: when you first reboot your device, storage is completely encrypted with no background processes unless you enter your password for the first time.
“BFU” exploits are processes that work before first unlock, and can access the full contents of the phone’s storage, communications, account data, etc…
After first unlock refers to the phone after that stage (even if you lock your phone afterwards, it’s AFU. Restart is needed for complete security).
FFS presumably stands for “Full File System [access]”.
BF is Brute Force (cracking the security password without fear of being locked out/data wiped).
In the afu columns they specify that their tool can get full file system access. But in the bfu columns they only specify if they can or cannot access bfu. They can’t access the full contents of the phone as in that case those would also read ffs: yes. So that means there’s a hack they can do on bfu that doesn’t allow access to the file system but is still useful enough to advertise.
Ah, good catch. In the BFU state the device is fully encrypted, so maybe that indicates that they can’t access encrypted data inside the device without brute forcing the decryption key (which may not be possible). In comparison, AFU should have lower barriers to data access.
(This is why GrapheneOS has a setting that lets you auto reboot after a set amount of time without unlocking the device.)
In the bfu columns it says bfu: yes bf: no. And in the other columns it says ffs: yes bf: no. So they can’t access the full file system from bfu, they can only access… bfu? What does that mean? They can clone the encrypted storage? ‘Unlock’ the system partition?
Before First Unlock, After First Unlock: when you first reboot your device, storage is completely encrypted with no background processes unless you enter your password for the first time.
“BFU” exploits are processes that work before first unlock, and can access the full contents of the phone’s storage, communications, account data, etc…
After first unlock refers to the phone after that stage (even if you lock your phone afterwards, it’s AFU. Restart is needed for complete security).
FFS presumably stands for “Full File System [access]”.
BF is Brute Force (cracking the security password without fear of being locked out/data wiped).
I wasn’t asking about the acronyms…
In the afu columns they specify that their tool can get full file system access. But in the bfu columns they only specify if they can or cannot access bfu. They can’t access the full contents of the phone as in that case those would also read ffs: yes. So that means there’s a hack they can do on bfu that doesn’t allow access to the file system but is still useful enough to advertise.
Ah, good catch. In the BFU state the device is fully encrypted, so maybe that indicates that they can’t access encrypted data inside the device without brute forcing the decryption key (which may not be possible). In comparison, AFU should have lower barriers to data access.
(This is why GrapheneOS has a setting that lets you auto reboot after a set amount of time without unlocking the device.)