You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jianglk.darker
7ee447c011
|
4 months ago | |
|---|---|---|
| .. | ||
| fuzz | 4 months ago | |
| include | 4 months ago | |
| .clang-format | 4 months ago | |
| Android.bp | 4 months ago | |
| NotSoSecureInput.cpp | 4 months ago | |
| README | 4 months ago | |
| TrustyApp.cpp | 4 months ago | |
| TrustyApp.h | 4 months ago | |
| TrustyConfirmationUI.cpp | 4 months ago | |
| TrustyConfirmationUI.h | 4 months ago | |
| android.hardware.confirmationui@1.0-service.trusty.rc | 4 months ago | |
| android.hardware.confirmationui@1.0-service.trusty.xml | 4 months ago | |
| service.cpp | 4 months ago | |
README
## Secure UI Architecture To implement confirmationui a secure UI architecture is required. This entails a way to display the confirmation dialog driven by a reduced trusted computing base, typically a trusted execution environment (TEE), without having to rely on Linux and the Android system for integrity and authenticity of input events. This implementation provides neither. But it provides most of the functionlity required to run a full Android Protected Confirmation feature when integrated into a secure UI architecture. ## Secure input (NotSoSecureInput) This implementation does not provide any security guaranties. The input method (NotSoSecureInput) runs a cryptographic protocols that is sufficiently secure IFF the end point is implemented on a trustworthy secure input device. But since the endpoint is currently in the HAL service itself this implementation is not secure. NOTE that a secure input device end point needs a good source of entropy for generating nonces. The current implementation (NotSoSecureInput.cpp#generateNonce) uses a constant nonce.