Google Git
Sign in
android / device / google / cuttlefish / refs/heads/android14-qpr2-s2-release / . / host / commands / secure_env
tree: ff458a11f365a2f962c2ddefaeb202fa75268799 [path history] [tgz]
  1. doc/
  2. oemlock/
  3. rust/
  4. storage/
  5. Android.bp
  6. composite_serialization.cpp
  7. composite_serialization.h
  8. confui_sign_server.cpp
  9. confui_sign_server.h
  10. device_tpm.cpp
  11. device_tpm.h
  12. encrypted_serializable.cpp
  13. encrypted_serializable.h
  14. encrypted_serializable_test.cpp
  15. gatekeeper_responder.cpp
  16. gatekeeper_responder.h
  17. gatekeeper_storage.h
  18. hmac_serializable.cpp
  19. hmac_serializable.h
  20. in_process_tpm.cpp
  21. in_process_tpm.h
  22. json_serializable.cpp
  23. json_serializable.h
  24. keymaster_responder.cpp
  25. keymaster_responder.h
  26. OWNERS
  27. primary_key_builder.cpp
  28. primary_key_builder.h
  29. proxy_keymaster_context.h
  30. README.md
  31. secure_env_not_windows_main.cpp
  32. secure_env_windows_lib.cpp
  33. secure_env_windows_lib.h
  34. secure_env_windows_main.cpp
  35. soft_gatekeeper.h
  36. suspend_resume_handler.cpp
  37. suspend_resume_handler.h
  38. test_tpm.cpp
  39. test_tpm.h
  40. tpm.h
  41. tpm_attestation_record.cpp
  42. tpm_attestation_record.h
  43. tpm_auth.cpp
  44. tpm_auth.h
  45. tpm_commands.cpp
  46. tpm_commands.h
  47. tpm_encrypt_decrypt.cpp
  48. tpm_encrypt_decrypt.h
  49. tpm_ffi.cpp
  50. tpm_ffi.h
  51. tpm_gatekeeper.cpp
  52. tpm_gatekeeper.h
  53. tpm_hmac.cpp
  54. tpm_hmac.h
  55. tpm_key_blob_maker.cpp
  56. tpm_key_blob_maker.h
  57. tpm_keymaster_context.cpp
  58. tpm_keymaster_context.h
  59. tpm_keymaster_enforcement.cpp
  60. tpm_keymaster_enforcement.h
  61. tpm_random_source.cpp
  62. tpm_random_source.h
  63. tpm_remote_provisioning_context.cpp
  64. tpm_remote_provisioning_context.h
  65. tpm_resource_manager.cpp
  66. tpm_resource_manager.h
  67. tpm_serialize.cpp
  68. tpm_serialize.h
  69. worker_thread_loop_body.cpp
  70. worker_thread_loop_body.h
host/commands/secure_env/README.md

Host process substituting for a TEE (Trusted Execution Environment). Used to run backing implementations of Android HALs that normally delegate to a TEE environment, specifically ConfirmationUI, Gatekeeper, and Keymint.

Gatekeeper and Keymint communicate with secure_env through virtio-console channels connected to FIFO files on the host. The display part of ConfirmationUI is runs in the webRTC host process, which delegates signing operations only to secure_env.

Before entering the kernel, the u-boot bootloader writes some information about the device image files into the keymint channel to prepare it with the authenticated version number of the operating system.

linkage