• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..25-May-2024-

fuzz/H25-May-2024-224174

include/H25-May-2024-10724

.clang-formatH A D25-May-2024255 1110

Android.bpH A D25-May-20243.1 KiB124108

NotSoSecureInput.cppH A D25-May-20247.6 KiB208147

READMEH A D25-May-20241.1 KiB2016

TrustyApp.cppH A D25-May-20244.6 KiB168125

TrustyApp.hH A D25-May-20244.6 KiB155102

TrustyConfirmationUI.cppH A D25-May-202420.4 KiB512356

TrustyConfirmationUI.hH A D25-May-20243.4 KiB9755

android.hardware.confirmationui-service.trusty.rcH A D25-May-2024235 65

android.hardware.confirmationui-service.trusty.xmlH A D25-May-2024287 1110

fuzzer.cppH A D25-May-20241.1 KiB3212

service.cppH A D25-May-20241.3 KiB3916

README

1## Secure UI Architecture
2
3To implement confirmationui a secure UI architecture is required. This entails a way
4to display the confirmation dialog driven by a reduced trusted computing base, typically
5a trusted execution environment (TEE), without having to rely on Linux and the Android
6system for integrity and authenticity of input events. This implementation provides
7neither. But it provides most of the functionlity required to run a full Android Protected
8Confirmation feature when integrated into a secure UI architecture.
9
10## Secure input (NotSoSecureInput)
11
12This implementation does not provide any security guaranties.
13The input method (NotSoSecureInput) runs a cryptographic protocols that is
14sufficiently secure IFF the end point is implemented on a trustworthy
15secure input device. But since the endpoint is currently in the HAL
16service itself this implementation is not secure.
17
18NOTE that a secure input device end point needs a good source of entropy
19for generating nonces. The current implementation (NotSoSecureInput.cpp#generateNonce)
20uses a constant nonce.