keymaster is a newly instroduced key management hardware abstraction layer(hal) component. It defines all apis that must be supported by the OEM.the arm trustzone (TZ) keymaster application includes the following:1.generation of keys - this involves generating a public key and a private key for cryptography.2.signing and verification - this allows signing of given data with a key stored and accessible by TZ software as well as verifying signed data with a key that is also only accessible by TZ software.Types of keymaster HAL are as follows:- Software-based keymaster - uses the openssl software implementation.jelly bean comes with a default softkeymaster module that does all key operations in software only.- Hardware-based keymaster - uses TZ application apis(keymaster application).hardware keymastersupport essentially ensures that the key stored is not accessible in HLOS.Regardless of key type(RSA/EC),the keyblob generated is encrypted by a key accessible by TZ software only and stored in the file system(FS) on the HLOS end.Commonly Hardware-based keymaster is used and enable by default.keystore..so is loaded during boot up. This lib may not open source to OEM. we cancheck property "sys.keymaster.loaded" value to know whether it is loaded success or not.property "sys.keymaster.loaded" is set to true after keystore..so is loaded success. bydefault, it is false.Hardware keymaster 1.0 implementaton on android marshmallow key master is an access control-based key service with access to trusted hardware-bound crypto.It is implemented as a trustzone-based trusted appllication(TA).keymaster cannot be compromised by any kernel or userland bug.all keys generated are bound to the device cryptographically.keymaster support on android marshmallow requires the following modules:keymaster TAgatekeeper..sokeystore..sogatekeeper is a trusted source to verify the authenticated state of the device.gatekeeper does the following:- provides apis to enroll and verify a password- returns a signed auth token with a timestamp to unlock keystore/keymaster- provides rollback protection on passwordsthe gatekeeper architecture includes the following:- gatekeeper daemon- gatekeeper HAL API- hardware gatekeeper

更多相关文章

  1. 代码中设置drawableleft
  2. android 3.0 隐藏 系统标题栏
  3. Android开发中activity切换动画的实现
  4. Android(安卓)学习 笔记_05. 文件下载
  5. Android中直播视频技术探究之—摄像头Camera视频源数据采集解析
  6. 技术博客汇总
  7. android 2.3 wifi (一)
  8. AndRoid Notification的清空和修改
  9. Android中的Chronometer

随机推荐

  1. android窗口动画和过渡动画(activity和dia
  2. PX(像素)转换工具类
  3. Android控件之文本控件---TextView 两种
  4. 学习Android(安卓)Studio里的Gradle
  5. 设置自定义ProgressBar样式
  6. Android(安卓)布局单位转换
  7. Android开发必看知识,不看后悔
  8. 怎样将Android(安卓)源码导入到Android_s
  9. Android中的task作用和Activity启动模式
  10. Google 官方应用架构的最佳实践指南