It's too bad the Android keystore doesn't support secp256k1 so it can't be used for Bitcoin wallets. A hardware wallet with dedicated display and input is much better but the keystore could at least protect the seed and require user presence for use. Curve25519 would be nice too.
Conversation
Replying to
I’m proposing direct support of secp256k1 in the TrustZone for future phones, but unlikely in v1. What else would you like to see at the TrustZone level under Android?
2
1
It's ironic to me that a phone claiming to be a "native blockchain phone" wouldn't support secp256k1 in a v1.
1
The wallet for Exodus is implemented in two parts, with one part being in the TrustZone, other UI. secp256k1 is of course implemented in the TrustZone part app, but it isn’t implemented as an API available for other blockchain apps. I’m puzzling through through an architecture.
1
1
I think it should be straightforward to add secp256k1 curve support to the keymaster implementation. A custom implementation would be better if it had a trusted display and input though, so a BIP39 passphrase could be entered without exposing it to the OS + secure confirmations.
1
1
Also recording the recovery seed phrase without exposing it to the OS and the same for performing recovery. A Trezor Model T provides all that but as a separate device which is much less convenient than it would be with the same kind of thing inside someone's personal phone.
Needing a secure element with a dedicated touchscreen for input / output is fairly demanding though. It could be on the back of a phone but it's not the kind of thing that would be in anything but a phone actually dedicated to this.
1