The deeper issue is that on Qualcomm's implementation, the Android FDE is not directly bound to a unique hardware-based key that only exists on the device and cannot be extracted by software. Instead, it's tied to a key that is accessible to the QSEE software and which could be leaked through future TrustZone vulnerabilities.
"Finding a TrustZone kernel vulnerability or a vulnerability in the KeyMaster trustlet, directly leads to the disclosure of the KeyMaster keys, thus enabling off-device attacks on Android FDE," the researcher concluded.
Furthermore, because Android manufacturers can digitally sign and flash TrustZone images to any device, they can comply with law enforcement requests to break Android full-disk encryption.
Sign up for CIO Asia eNewsletters.