tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/trusty/confirmationui
History
Greg Kaiser 3e02a60412 trusty: Remove redundant check 
This repeats a check in the lines immediately before it.

Test: TreeHugger
Change-Id: I47ac9f359018b87bc283657eddb75ad3d175244e
2021-02-21 10:31:40 -08:00
..
fuzz [LSC] Add LOCAL_LICENSE_KINDS to system/core 2021-02-19 12:59:05 -08:00
include First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
.clang-format First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
Android.bp [LSC] Add LOCAL_LICENSE_KINDS to system/core 2021-02-19 12:59:05 -08:00
android.hardware.confirmationui@1.0-service.trusty.rc trusty: ConfirmationUI HAL<->TA IPC using shared memory 2021-02-17 11:10:14 -08:00
android.hardware.confirmationui@1.0-service.trusty.xml First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
NotSoSecureInput.cpp Update language to comply with Android's inclusive language guidance 2020-07-31 16:36:06 -06:00
README First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
service.cpp First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
TrustyApp.cpp trusty: Remove redundant check 2021-02-21 10:31:40 -08:00
TrustyApp.h trusty: ConfirmationUI HAL<->TA IPC using shared memory 2021-02-17 11:10:14 -08:00
TrustyConfirmationUI.cpp trusty: ConfirmationUI HAL<->TA IPC using shared memory 2021-02-17 11:10:14 -08:00
TrustyConfirmationUI.h First working version of the confirmationui HAL service 2020-01-17 16:34:48 -08:00
TrustyIpc.h trusty: ConfirmationUI HAL<->TA IPC using shared memory 2021-02-17 11:10:14 -08:00

README 

## Secure UI Architecture

To implement confirmationui a secure UI architecture is required. This entails a way
to display the confirmation dialog driven by a reduced trusted computing base, typically
a trusted execution environment (TEE), without having to rely on Linux and the Android
system for integrity and authenticity of input events. This implementation provides
neither. But it provides most of the functionlity required to run a full Android Protected
Confirmation feature when integrated into a secure UI architecture.

## Secure input (NotSoSecureInput)

This implementation does not provide any security guaranties.
The input method (NotSoSecureInput) runs a cryptographic protocols that is
sufficiently secure IFF the end point is implemented on a trustworthy
secure input device. But since the endpoint is currently in the HAL
service itself this implementation is not secure.

NOTE that a secure input device end point needs a good source of entropy
for generating nonces. The current implementation (NotSoSecureInput.cpp#generateNonce)
uses a constant nonce.