Merge "CDD: Add a BLE RPA timeout condition to only be enforced while the device is actively advertising."
diff --git a/7_hardware-compatibility/7_9_virtual-reality.md b/7_hardware-compatibility/7_9_virtual-reality.md
index ccc9a75..f555d48 100644
--- a/7_hardware-compatibility/7_9_virtual-reality.md
+++ b/7_hardware-compatibility/7_9_virtual-reality.md
@@ -36,12 +36,12 @@
     [`GL_EXT_multisampled_render_to_texture2`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_multisampled_render_to_texture2.txt),
     [`GL_OVR_multiview`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview.txt),
     [`GL_OVR_multiview2`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview2.txt),
-    [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
     [`GL_EXT_protected_textures`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_protected_textures.txt),
     and expose the extensions in the list of available GL extensions.
 *   [C-SR] Are STRONGLY RECOMMENDED to implement
     [`GL_EXT_external_buffer`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_external_buffer.txt),
     [`GL_EXT_EGL_image_array`](https://www.khronos.org/registry/OpenGL/extensions/EXT/EXT_EGL_image_array.txt),
+    [`GL_OVR_multiview_multisampled_render_to_texture`](https://www.khronos.org/registry/OpenGL/extensions/OVR/OVR_multiview_multisampled_render_to_texture.txt),
     and expose the extensions in the list of available GL extensions.
 *   [C-SR] Are STRONGLY RECOMMENDED to support Vulkan 1.1.
 *   [C-SR] Are STRONGLY RECOMMENDED to implement
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index cbf4de5..0d89202 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -31,9 +31,13 @@
 *   [C-0-2] MUST enable the data storage encryption by default at the time
 the user has completed the out-of-box setup experience.
 *   [C-0-3] MUST meet the above data storage encryption
-requirement via implementing [File Based Encryption](
-https://source.android.com/security/encryption/file-based.html) (FBE) and
-[Metadata Encryption](https://source.android.com/security/encryption/metadata).
+requirement by implementing one of the following two encryption methods:
+
+    *   [File Based Encryption](https://source.android.com/security/encryption/file-based.html)
+        (FBE) and
+        [Metadata Encryption](https://source.android.com/security/encryption/metadata)
+        as described in section 9.9.3.1.
+    *   Per-User Block-Level Encryption as described in section 9.9.3.2.
 
 ### 9.9.3\. Encryption Methods
 
@@ -51,6 +55,12 @@
 resume on reboot implementation meeting the requirements in
 [section 9.9.4](#9_9_4_resume_on_reboot).
 *    [C-1-4] MUST use Verified Boot.
+
+### 9.9.3.1\. File Based Encryption with Metadata Encryption
+
+If device implementations use File Based Encryption with Metadata Encryption,
+they:
+
 *    [C-1-5] MUST encrypt file contents and filesystem metadata using
 AES-256-XTS or Adiantum.  AES-256-XTS refers to the Advanced Encryption Standard
 with a 256-bit cipher key length, operated in XTS mode; the full length of the
@@ -94,6 +104,29 @@
 File Based Encryption based on the Linux kernel "fscrypt" encryption feature,
 and of Metadata Encryption based on the Linux kernel "dm-default-key" feature.
 
+### 9.9.3.2\. Per-User Block-Level Encryption
+
+If device implementations use per-user block-level encryption, they:
+
+*    [C-1-1] MUST enable multi-user support as described in section 9.5.
+*    [C-1-2] MUST provide per-user partitions, either using raw partitions or
+logical volumes.
+*    [C-1-3] MUST use unique and distinct encryption keys per-user for
+encryption of the underlying block devices.
+*    [C-1-4] MUST use AES-256-XTS for block-level encryption of the user
+partitions.
+
+*   The keys protecting the per-user block-level encrypted devices:
+
+   *   [C-1-5] MUST be cryptographically bound to a hardware-backed Keystore.
+   This keystore MUST be bound to Verified Boot and the device's hardware
+   root of trust.
+   *   [C-1-6] MUST be bound to the corresponding user's lock screen
+   credentials.
+
+Per-user block-level encryption can be implemented using the Linux kernel
+“dm-crypt” feature over per-user partitions.
+
 ### 9.9.4\. Resume on Reboot
 
 Resume on Reboot allows unlocking the CE storage of all apps, including those