Docs: Adding caution about description, replacing L refs
Bug: 17657556
Change-Id: I6241fabeb4a50ffa7e7c19969ce6e9b89583510c
diff --git a/src/devices/tech/encryption/index.jd b/src/devices/tech/encryption/index.jd
index e3038d4..1a88d77 100644
--- a/src/devices/tech/encryption/index.jd
+++ b/src/devices/tech/encryption/index.jd
@@ -32,7 +32,7 @@
automatically encrypted before committing it to disk and all reads
automatically decrypt data before returning it to the calling process.</p>
-<h2 id=what_we’ve_added_for_android_l>What we’ve added for Android L</h2>
+<h2 id=what_we’ve_added_for_android_l>What we’ve added for Android 5.0</h2>
<ul>
<li>Created fast encryption, which only encrypts used blocks on the data partition
@@ -44,6 +44,10 @@
href="#storing_the_encrypted_key">Storing the encrypted key</a> for more details.
</ul>
+<p class="caution"><strong>Caution:</strong> Devices upgraded to Android 5.0 and then
+encrypted may be returned to an unencrypted state by factory data reset. New Android 5.0
+devices encrypted at first boot cannot be returned to an unencrypted state.</p>
+
<h2 id=how_android_encryption_works>How Android encryption works</h2>
<p>Android disk encryption is based on <code>dm-crypt</code>, which is a kernel feature that works at the block device layer. Because of
@@ -58,7 +62,7 @@
<p class="note"><strong>Note:</strong> OEMs can use 128-bit or higher to encrypt the master key.</p>
-<p>In the L release, there are four kinds of encryption states: </p>
+<p>In the Android 5.0 release, there are four kinds of encryption states: </p>
<ul>
<li>default
@@ -115,7 +119,7 @@
<li>Boot an encrypted device:
<ul>
<li>Starting an encrypted device with no password: Booting an encrypted device that
-has no set password (relevant for devices running Android L and later).
+has no set password (relevant for devices running Android 5.0 and later).
<li> Starting an encrypted device with a password: Booting an encrypted device that
has a set password.
</ul>
@@ -125,7 +129,7 @@
<h3 id=encrypt_a_new_device_with_forceencrypt>Encrypt a new device with <code>/forceencrypt</code></h3>
-<p>This is the normal first boot for an Android L device. </p>
+<p>This is the normal first boot for an Android 5.0 device. </p>
<ol>
<li><strong>Detect unencrypted filesystem with <code>/forceencrypt</code> flag</strong>
@@ -156,10 +160,13 @@
<li><strong>When <code>/data</code> is encrypted, take down the framework</strong>
-<p><code>vold</code> sets <code>vold.decrypt</code> to <code>trigger_default_encryption</code> which starts the <code>defaultcrypto</code> service. (This starts the flow below for mounting a default encrypted
-userdata.) <code>trigger_default_encryption</code> checks the encryption type to see if <code>/data</code> is encrypted with or without a password. Because Android L devices are
-encrypted on first boot, there should be no password set; therefore we decrypt
-and mount <code>/data</code>.</p>
+<p><code>vold</code> sets <code>vold.decrypt</code> to
+<code>trigger_default_encryption</code> which starts the
+<code>defaultcrypto</code> service. (This starts the flow below for mounting a
+default encrypted userdata.) <code>trigger_default_encryption</code> checks the
+encryption type to see if <code>/data</code> is encrypted with or without a
+password. Because Android 5.0 devices are encrypted on first boot, there should
+be no password set; therefore we decrypt and mount <code>/data</code>.</p>
<li><strong>Mount <code>/data</code></strong>
@@ -231,7 +238,7 @@
<h3 id=starting_an_encrypted_device_with_default_encryption>Starting an encrypted device with default encryption</h3>
<p>This is what happens when you boot up an encrypted device with no password.
-Because Android L devices are encrypted on first boot, there should be no set
+Because Android 5.0 devices are encrypted on first boot, there should be no set
password and therefore this is the <em>default encryption</em> state.</p>
<ol>
