CDD: Allow escrow keys to unlock CE storage.
- Much of the purpose of escrow keys is to allow storage
to be unlocked when a user forgets their LSKF, so we
must allow this in CDD.
Bug: 111561428
Test: Documentation change.
Change-Id: I0de44228e35728713405a8d84ec3b8e6f8a9ecbf
diff --git a/9_security-model/9_9_full-disk-encryption.md b/9_security-model/9_9_full-disk-encryption.md
index 8a14713..7d378d2 100644
--- a/9_security-model/9_9_full-disk-encryption.md
+++ b/9_security-model/9_9_full-disk-encryption.md
@@ -49,7 +49,7 @@
(eg. passcode, pin, pattern or fingerprint) and the `ACTION_USER_UNLOCKED`
message is broadcasted.
* [C-1-3] MUST NOT offer any method to unlock the CE protected storage
-without the user-supplied credentials.
+without either the user-supplied credentials or a registered escrow key.
* [C-1-4] MUST support Verified Boot and ensure that DE keys are
cryptographically bound to the device's hardware root of trust.
* [C-1-5] MUST support encrypting file contents using AES with a key length
