[tptacek]

The idea that it's safer to trust Truecrypt than the platform's enclave secret system because enclaves sometimes have vulnerabilities strikes me as pretty weird, since the big difference between Truecrypt and an enclave-based system is that Truecrypt doesn't have an enclave to begin with.

[tedunangst]

Doesn't seem that weird. The enclave has your secret in it, and comes attached to the storage it's protecting. Steal storage, extract key, done.

My software FDE does not keep my password in it. There is nothing to extract after stealing. I will happily stipulate though that this requires a solid password and key stretching.

[mindslight]

... if and only if it is off. Which is probably not a great assumption with a phone.

A DIY mitigation might be to convert a phone to having only an external battery on a long cable, which stays in your other pocket.

Philosophically I do agree with where you're coming from with contemporary devices insisting on baking in privileged keys. It's unfortunate that we're forced to choose between the two models.

[tedunangst]

Good point. Didn't really consider live or "cold boot" attacks.