CDD: Recommend metadata encryption
- Tighten the security.
Bug: 73662717
Test: Compiled and inspected HTML
Change-Id: Ib2be403ef2db8525c9ad579a289eca79132696e9
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 8a14713..e72355b 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -68,6 +68,9 @@
* [C-1-11] MUST use the mandatorily supported ciphers, key lengths and
modes by default.
+* [C-SR] Are STRONGLY RECOMMENDED to encrypt file system metadata, such as
+file sizes, ownership, modes, and Extended attributes (xattrs), with a key
+cryptographically bound to the device's hardware root of trust.
* SHOULD make preloaded essential apps (e.g. Alarm, Phone, Messenger)
Direct Boot aware.