keymaster is a newly instroduced key management hardware abstraction layer(hal) component. It defines all apis that must be supported by the OEM.the arm trustzone (TZ) keymaster application includes the following:1.generation of keys - this involves generating a public key and a private key for cryptography.2.signing and verification - this allows signing of given data with a key stored and accessible by TZ software as well as verifying signed data with a key that is also only accessible by TZ software.Types of keymaster HAL are as follows:- Software-based keymaster - uses the openssl software implementation.jelly bean comes with a default softkeymaster module that does all key operations in software only.- Hardware-based keymaster - uses TZ application apis(keymaster application).hardware keymastersupport essentially ensures that the key stored is not accessible in HLOS.Regardless of key type(RSA/EC),the keyblob generated is encrypted by a key accessible by TZ software only and stored in the file system(FS) on the HLOS end.Commonly Hardware-based keymaster is used and enable by default.keystore..so is loaded during boot up. This lib may not open source to OEM. we cancheck property "sys.keymaster.loaded" value to know whether it is loaded success or not.property "sys.keymaster.loaded" is set to true after keystore..so is loaded success. bydefault, it is false.Hardware keymaster 1.0 implementaton on android marshmallow key master is an access control-based key service with access to trusted hardware-bound crypto.It is implemented as a trustzone-based trusted appllication(TA).keymaster cannot be compromised by any kernel or userland bug.all keys generated are bound to the device cryptographically.keymaster support on android marshmallow requires the following modules:keymaster TAgatekeeper..sokeystore..sogatekeeper is a trusted source to verify the authenticated state of the device.gatekeeper does the following:- provides apis to enroll and verify a password- returns a signed auth token with a timestamp to unlock keystore/keymaster- provides rollback protection on passwordsthe gatekeeper architecture includes the following:- gatekeeper daemon- gatekeeper HAL API- hardware gatekeeper

更多相关文章

  1. 代码中设置drawableleft
  2. android 3.0 隐藏 系统标题栏
  3. Android开发中activity切换动画的实现
  4. Android(安卓)学习 笔记_05. 文件下载
  5. Android中直播视频技术探究之—摄像头Camera视频源数据采集解析
  6. 技术博客汇总
  7. android 2.3 wifi (一)
  8. AndRoid Notification的清空和修改
  9. Android中的Chronometer

随机推荐

  1. Android低版本sdk的getSupportedPreviewF
  2. [置顶] [Android开发]android 跨进程通信
  3. android 相对布局RelativeLayout
  4. android 报错java.io.IOException: Permi
  5. Android的消息处理机制(Looper,Handler,Mess
  6. android SQLite常用数据类型
  7. android 一个Apk启动另一个Apk
  8. Android透明度的设置(transparent transl
  9. Android(安卓)Activity 和 ViewGroup中事
  10. Android(安卓)XMPP 例子(Openfire+asmack