I have been searching much about android secure architecture and i know that the new android devices use a hardware backed keyStore in TrustZone (TEE) to store the keys on it. The question is where this secure hardware storage is located, and what do they call this secure hardware?
Asked
Active
Viewed 269 times
1 Answers
1
There is no single answer to that, since it depends on the use case and the hardware capabilities where the TEE is running. OP-TEE for example use both regular flash as well as RPMB for secure storage (in both cases everything is encrypted and integrity protected since the data in transfer are handled in non-secure world also).
Since flash is both in theory and in practice replaceable and modifiable, that is not a good place to store keys that should be bound to the device (again, depends on use case). In that case it is better to use RPMB which is tamper-proof and uses a uniquely derived shared key between the TEE and the RPMB to authenticate all messages.
I believe this is a pretty common way of dealing with secure storage in TrustZone solutions. But, I have also heard about TEE's having access to TEE dedicated flash etc.
Joakim Bech
- 166
- 1
- 4