Daniel Gartmann
Reputation: 13058
Does the Android Keystore make use of the Trusted Execution Environment (TEE) and Secure Element (SE) automatically if it is available?
Does the Android Keystore make use of the Trusted Execution Environment (TEE) and Secure Element (SE) automatically if it is available? Or are any further steps required?
Upvotes: 7
Views: 2924
Answers (1)
Dori
Reputation: 18423
Generally yes.
There is no requirement for the Keystore to be hardware backed on all device, but if it is hardware backed and if that is by a TEE (the common case) then it will be used whenever Keystore backed keys are used.
See the current CDD document for requirements around this. Section 9.11. Keys and Credentials
You may also find this answer interesting, as it talks about the keymaster & TEE implementations.
Upvotes: 5
Related Questions
- TEE/HSM support on Android operating system
- Android Keystore in kotlin
- Android Dev: Run custom code in the Trusted Execution Environment (TEE), extending the Keystore
- How to check whether Android phone supports TEE?
- How the Android Keystore system can be secure?
- Android Central Keystore
- Client Application and Trusted Application in Trusted Execution Environment (TEE)
- Using the Android hardware-backed KeyStore
- How is the Android keystore protected?
- Hardware backed keystorage in Android