1 <html devsite><head> 2 <title>Gatekeeper</title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 23 <h2 id="overview"></h2> 24 25 <p>Gatekeeper (TEE) /Gatekeeper HMAC Gatekeeper </p> 26 27 <p>Gatekeeper TEE <a href="/security/keystore/index.html"> Keystore</a>Gatekeeper Keystore </p> 28 29 <h2 id="architecture"></h2> 30 31 <p>Gatekeeper 3 </p> 32 33 <ul> 34 <li><strong>gatekeeperdGatekeeper </strong> 35 C++ Binder <code>GateKeeperService</code> Java 36 </li><li><strong>Gatekeeper (HAL)</strong> 37 <code>hardware/libhardware/include/hardware/gatekeeper.h</code> HAL 38 </li><li><strong>Gatekeeper (TEE)</strong> 39 <code>gatekeeperd</code> TEE TEE Gatekeeper 40 </li></ul> 41 42 <p> Gatekeeper</p> 43 44 <ul> 45 <li> Gatekeeper HAL <code>gatekeeper.h</code> (<code>hardware/libhardware/include/hardware/gatekeeper.h</code>) <a href="#hal_implementation">HAL </a> 46 </li><li> TEE Gatekeeper <code>system/gatekeeper/include/gatekeeper/gatekeeper.h</code> <a href="#trusty_and_other_implementations">Trusty </a> 47 </li></ul> 48 49 <p><code>LockSettingsService</code> Binder Android <code>gatekeeperd</code> <code>gatekeeperd</code> TEE (Gatekeeper)</p> 50 51 <img src="../images/gatekeeper-flow.png" alt="Gatekeeper " id="figure1"/> 52 <p class="img-caption"><strong> 1.</strong> GateKeeper </p> 53 54 <p><code>gatekeeperd</code> Android API HAL Keystore <a href="index.html"></a><code>gatekeeperd</code> </p> 55 56 <h2 id="hal_implementation">HAL </h2> 57 58 <p><code>gatekeeperd</code> HAL <code>gatekeeperd</code> TEE HAL Blob (AuthToken) AuthToken <a href="index.html"></a></p> 59 60 <p> <code>gatekeeper.h</code> <code>hardware/libhardware/include/hardware</code> <code>enroll</code> <code>verify</code> </p> 61 62 <p><code>enroll</code> Blob Blob <code>enroll</code> <code>system/gatekeeper/include/gatekeeper/password_handle.h</code> </p> 63 64 <p><code>verify</code> </p> 65 66 <p></p> 67 68 <h2 id="trusty_and_other_implementations">Trusty </h2> 69 70 <p><a href="/security/trusty/index.html">Trusty</a> Google TEE Trusty GateKeeper <strong> TEE </strong> GatekeeperTEE <strong></strong><strong></strong></p> 71 72 <p>Trusty IPC Keymaster Trusty GatekeeperGatekeeper Trusty Keystore AuthTokenTrusty Gatekeeper Keymaster </p> 73 74 <p>HMAC GateKeeper </p> 75 76 <p>Android C++ GateKeeper TEE TEE Gatekeeper</p> 77 <pre> 78 system/gatekeeper/include/gatekeeper/gatekeeper.h 79 </pre> 80 81 <p> TEE GateKeeper</p> 82 83 <ul> 84 <li> Gatekeeper HAL</li><li> AuthTokens AuthToken <a href="index.html"></a></li><li>TEE Gatekeeper Keymaster HMAC TEE IPC </li></ul> 85 86 <h2 id="user_sids"> SID</h2> 87 88 <p> ID SID TEE SID Android ID </p> 89 90 <p> PRNG SID SID Android </p> 91 92 <p> SID HMAC </p> 93 94 <p> SID <code>verify</code> AuthToken Keystore AuthToken Keystore <a href="index.html"></a> <code>enroll</code> SID</p> 95 96 <p> Android Root </p> 97 98 <h2 id="request_throttling"></h2> 99 100 <p>GateKeeper <code>gatekeeper.h</code> <code>hardware/libhardware/include/hardware</code> HAL GateKeeperGateKeeper </p> 101 102 <p>Gatekeeper <code>verify</code> MMC (eMMC) <code>enroll</code> </p> 103 104 <p> RPMB</p> 105 106 </body></html>
