Conversation

I blogged a lot of words → 0pointer.net/blog/authentic

178

Replying to

and

There's a nice description of how disk encryption works on modern Android devices at grapheneos.org/faq#encryption. Not intended to cover the verified boot system used to fully verify all firmware and OS images with downgrade protection support for all of it but mentions it in passing.

grapheneos.org

GrapheneOS Frequently Asked Questions

Answers to frequently asked questions about GrapheneOS.

9:29 AM · Sep 23, 2021Twitter Web App

Replying to

and

TPM compare very poorly to the modern secure elements heavily used by Pixels and Apple devices. API is very flawed and lacks a lot of capabilities. Common approach of wiping data on firmware upgrade instead of a proper insider attack resistance API like AOSP is also quite awful.

Replying to

and

Secure elements aren't just heavily used by the OS but also by lots of apps via the hardware keystore APIs available to every sandboxed app. developer.android.com/training/artic is the stripped down newer version of this for secure elements as opposed to the traditional TEE (TrustZone) one.

developer.android.com

Android keystore system | Android Developers

Show replies