Google Git
Sign in
android / device / google / cuttlefish / refs/heads/android14-d1-s7-release / . / host / commands / secure_env
tree: 06005c3acb7f2c383d6dddbfb46171664363da3a [path history] [tgz]
  1. doc/
  2. rust/
  3. Android.bp
  4. composite_serialization.cpp
  5. composite_serialization.h
  6. confui_sign_server.cpp
  7. confui_sign_server.h
  8. device_tpm.cpp
  9. device_tpm.h
  10. encrypted_serializable.cpp
  11. encrypted_serializable.h
  12. encrypted_serializable_test.cpp
  13. fragile_tpm_storage.cpp
  14. fragile_tpm_storage.h
  15. gatekeeper_responder.cpp
  16. gatekeeper_responder.h
  17. gatekeeper_storage.h
  18. hmac_serializable.cpp
  19. hmac_serializable.h
  20. in_process_tpm.cpp
  21. in_process_tpm.h
  22. insecure_fallback_storage.cpp
  23. insecure_fallback_storage.h
  24. json_serializable.cpp
  25. json_serializable.h
  26. keymaster_responder.cpp
  27. keymaster_responder.h
  28. OWNERS
  29. primary_key_builder.cpp
  30. primary_key_builder.h
  31. proxy_keymaster_context.h
  32. README.md
  33. secure_env_linux_main.cpp
  34. secure_env_windows_lib.cpp
  35. secure_env_windows_lib.h
  36. secure_env_windows_main.cpp
  37. soft_gatekeeper.h
  38. test_tpm.cpp
  39. test_tpm.h
  40. tpm.h
  41. tpm_attestation_record.cpp
  42. tpm_attestation_record.h
  43. tpm_auth.cpp
  44. tpm_auth.h
  45. tpm_commands.cpp
  46. tpm_commands.h
  47. tpm_encrypt_decrypt.cpp
  48. tpm_encrypt_decrypt.h
  49. tpm_ffi.cpp
  50. tpm_ffi.h
  51. tpm_gatekeeper.cpp
  52. tpm_gatekeeper.h
  53. tpm_hmac.cpp
  54. tpm_hmac.h
  55. tpm_key_blob_maker.cpp
  56. tpm_key_blob_maker.h
  57. tpm_keymaster_context.cpp
  58. tpm_keymaster_context.h
  59. tpm_keymaster_enforcement.cpp
  60. tpm_keymaster_enforcement.h
  61. tpm_random_source.cpp
  62. tpm_random_source.h
  63. tpm_remote_provisioning_context.cpp
  64. tpm_remote_provisioning_context.h
  65. tpm_resource_manager.cpp
  66. tpm_resource_manager.h
  67. tpm_serialize.cpp
  68. tpm_serialize.h
host/commands/secure_env/README.md

Host process substituting for a TEE (Trusted Execution Environment). Used to run backing implementations of Android HALs that normally delegate to a TEE environment, specifically ConfirmationUI, Gatekeeper, and Keymint.

Gatekeeper and Keymint communicate with secure_env through virtio-console channels connected to FIFO files on the host. The display part of ConfirmationUI is runs in the webRTC host process, which delegates signing operations only to secure_env.

Before entering the kernel, the u-boot bootloader writes some information about the device image files into the keymint channel to prepare it with the authenticated version number of the operating system.

linkage