android13

History

liiir1985 7f62dcda9f initial		2024-06-22 20:45:49 +08:00
..
fuzz	initial	2024-06-22 20:45:49 +08:00
include	initial	2024-06-22 20:45:49 +08:00
.clang-format	initial	2024-06-22 20:45:49 +08:00
Android.bp	initial	2024-06-22 20:45:49 +08:00
NotSoSecureInput.cpp	initial	2024-06-22 20:45:49 +08:00
README	initial	2024-06-22 20:45:49 +08:00
TrustyApp.cpp	initial	2024-06-22 20:45:49 +08:00
TrustyApp.h	initial	2024-06-22 20:45:49 +08:00
TrustyConfirmationUI.cpp	initial	2024-06-22 20:45:49 +08:00
TrustyConfirmationUI.h	initial	2024-06-22 20:45:49 +08:00
android.hardware.confirmationui@1.0-service.trusty.rc	initial	2024-06-22 20:45:49 +08:00
android.hardware.confirmationui@1.0-service.trusty.xml	initial	2024-06-22 20:45:49 +08:00
service.cpp	initial	2024-06-22 20:45:49 +08:00

README

## Secure UI Architecture

To implement confirmationui a secure UI architecture is required. This entails a way
to display the confirmation dialog driven by a reduced trusted computing base, typically
a trusted execution environment (TEE), without having to rely on Linux and the Android
system for integrity and authenticity of input events. This implementation provides
neither. But it provides most of the functionlity required to run a full Android Protected
Confirmation feature when integrated into a secure UI architecture.

## Secure input (NotSoSecureInput)

This implementation does not provide any security guaranties.
The input method (NotSoSecureInput) runs a cryptographic protocols that is
sufficiently secure IFF the end point is implemented on a trustworthy
secure input device. But since the endpoint is currently in the HAL
service itself this implementation is not secure.

NOTE that a secure input device end point needs a good source of entropy
for generating nonces. The current implementation (NotSoSecureInput.cpp#generateNonce)
uses a constant nonce.