CDD: Recommend metadata encryption - Tighten the security. Bug: 73662717 Test: Compiled and inspected HTML Change-Id: Ib2be403ef2db8525c9ad579a289eca79132696e9

commit: 3b187190e9f785855490162a7860671595248185 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Fri Jun 15 14:33:57 2018 -0700
committer: Sachiyo Sugimoto <sachiyo@google.com> Mon Jul 09 21:15:59 2018 +0000
tree: f7e1f79438f5b0601e90faaafb5866a30c18f607
parent: 952553fa6d8f727dbafc1cf6ad25a5d4592f7c10 [diff]
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 8a14713..e72355b 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md

@@ -68,6 +68,9 @@
 
    *    [C-1-11] MUST use the mandatorily supported ciphers, key lengths and
    modes by default.
+*    [C-SR] Are STRONGLY RECOMMENDED to encrypt file system metadata, such as
+file sizes, ownership, modes, and Extended attributes (xattrs), with a key
+cryptographically bound to the device's hardware root of trust.
 
 *    SHOULD make preloaded essential apps (e.g. Alarm, Phone, Messenger)
 Direct Boot aware.
commit	3b187190e9f785855490162a7860671595248185	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Fri Jun 15 14:33:57 2018 -0700
committer	Sachiyo Sugimoto <sachiyo@google.com>	Mon Jul 09 21:15:59 2018 +0000
tree	f7e1f79438f5b0601e90faaafb5866a30c18f607
parent	952553fa6d8f727dbafc1cf6ad25a5d4592f7c10 [diff]