• impure9435@kbin.run
    link
    fedilink
    arrow-up
    9
    ·
    6 months ago

    It doesn’t intentionally disable biometrics. Disabling biometrics is just a logical consequence of wiping the encryption keys from RAM. Your data is encrypted with your password as the key (not exactly, it first goes through a key derivation function, but the PIN/password is the entry point for the KDF). Your biometric information can’t decrypt your data, as your data is not encrypted with your biometric information as the key. When using biometrics, the encryption key is kept in RAM, and the biometric data is only validated by the OS. No actual decryption occurs here. The data on your phone is only being decrypted during the first unlock after a reboot. That’s why security states are grouped into BFU (before first unlock) and AFU (after first unlock).

    • CaptKoala@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      Thank you for your in depth explanation, hope your comments help many others on top of myself.