New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 754865 link

Starred by 1 user
Status: Archived
Owner:
tengs@chromium.org
Last visit > 30 days ago
Closed: Aug 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug

Blocking:
issue 724708



Sign in to add a comment

EasyUnlock v2: Clear cryptohome keys if login flow is disabled

Project Member Reported by tengs@chromium.org, Aug 11 2017 
For security, we need to clear the cryptohome keys for EasyUnlock if the user disables the login flow.
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f3a82a702e443ed80e1fd38168f68c95b22506d

commit 3f3a82a702e443ed80e1fd38168f68c95b22506d
Author: Tim Song <tengs@chromium.org>
Date: Thu Aug 17 23:56:28 2017

[EasyUnlock] Clear cryptohome keys after user disables the login flow.

After disabling the login flow in chrome://settings, the cryptohome keys for
EasyUnlock will be cleared, so only the password can be used to decrypt the user
data.

BUG= 754865 

Change-Id: Ia68fbcf39e849ae6352994a8f459136ad7de19de
Reviewed-on: https://chromium-review.googlesource.com/612046
Commit-Queue: Tim Song <tengs@chromium.org>
Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495389}
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/chromeos/login/easy_unlock/easy_unlock_refresh_keys_operation.cc
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/chromeos/login/easy_unlock/easy_unlock_refresh_keys_operation.h
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/chromeos/login/session/user_session_manager.cc
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service.cc
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service.h
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service_regular.cc
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service_regular.h
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service_signin_chromeos.cc
[modify] https://crrev.com/3f3a82a702e443ed80e1fd38168f68c95b22506d/chrome/browser/signin/easy_unlock_service_signin_chromeos.h

Comment 2 by tengs@chromium.org, Aug 18 2017

Labels: Merge-Request-61

Comment 3 by keta...@chromium.org, Aug 18 2017

Labels: -Merge-Request-61 Merge-Approved-61
Approving merge to M61 Chrome OS.
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 18 2017

Labels: -merge-approved-61 merge-merged-3163
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123

commit c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123
Author: Tim Song <tengs@chromium.org>
Date: Fri Aug 18 20:27:48 2017

[EasyUnlock] Clear cryptohome keys after user disables the login flow.

After disabling the login flow in chrome://settings, the cryptohome keys for
EasyUnlock will be cleared, so only the password can be used to decrypt the user
data.

BUG= 754865 
TBR=tengs@chromium.org

(cherry picked from commit 3f3a82a702e443ed80e1fd38168f68c95b22506d)

Change-Id: Ia68fbcf39e849ae6352994a8f459136ad7de19de
Reviewed-on: https://chromium-review.googlesource.com/612046
Commit-Queue: Tim Song <tengs@chromium.org>
Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#495389}
Reviewed-on: https://chromium-review.googlesource.com/621868
Reviewed-by: Tim Song <tengs@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#681}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/chromeos/login/easy_unlock/easy_unlock_refresh_keys_operation.cc
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/chromeos/login/easy_unlock/easy_unlock_refresh_keys_operation.h
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/chromeos/login/session/user_session_manager.cc
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service.cc
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service.h
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service_regular.cc
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service_regular.h
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service_signin_chromeos.cc
[modify] https://crrev.com/c4a3f5b5e62ac05042d31842c2bf9a0dd9de3123/chrome/browser/signin/easy_unlock_service_signin_chromeos.h

Comment 5 by tengs@chromium.org, Aug 18 2017

Status: Fixed (was: Assigned)

Comment 6 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment