07-18-2021, 06:40 AM
There is none builtin, however, it should be possible to add it to the screen lock. If you are using LUKs drive encryption, there are two main things that have to be wiped:
1. LUKS header - contains the encrypted key for the storage in encrypted form (the key you use is used to decrypt it)
2. the decryption key in RAM
The second is easy to make happen - have it power off the phone.
The first is hard on any storage that has built in wear leveling as flash storage often does. If it doesn't, just wiping the first few sectors of the partition is enough. Otherwise, one has to overwrite the whole storage or hope there is a feature in the storage to do a fast wipe. I am not sure whether the EMMC storage of the pine phone has built in wear leveling or not. Some microSD cards do and some don't. For those without, just writing a good MB or so of random data several times to the beginning of the encrypted partition should destroy the keys sufficiently.
1. LUKS header - contains the encrypted key for the storage in encrypted form (the key you use is used to decrypt it)
2. the decryption key in RAM
The second is easy to make happen - have it power off the phone.
The first is hard on any storage that has built in wear leveling as flash storage often does. If it doesn't, just wiping the first few sectors of the partition is enough. Otherwise, one has to overwrite the whole storage or hope there is a feature in the storage to do a fast wipe. I am not sure whether the EMMC storage of the pine phone has built in wear leveling or not. Some microSD cards do and some don't. For those without, just writing a good MB or so of random data several times to the beginning of the encrypted partition should destroy the keys sufficiently.