| <html devsite> |
| <head> |
| <title>Hardware Security Best Practices</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2018 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <p id="hardware-security">This page contains recommendations to ensure |
| that the hardware present on Android devices contributes to raising the |
| overall security of the device instead of compromising the security of |
| the device. |
| </p> |
| |
| <h2 id="device-memory">Device memory</h2> |
| |
| <p>It is important to understand the potential security tradeoffs when |
| selecting memory for Android devices. For example, certain types of memory |
| may enable the execution of |
| <a href="https://en.wikipedia.org/wiki/Row_hammer" |
| class="external">Rowhammer</a> style attacks.</p> |
| |
| <ul> |
| <li>Android devices should use memory that contains mitigations against |
| Rowhammer style attacks. Device manufacturers should work closely with |
| their memory manufacturers for additional details.</li> |
| </ul> |
| |
| <h2 id="strongbox-keymaster">StrongBox Keymaster</h2> |
| |
| <p>It is important to securely store and handle cryptographic keys that are |
| available on the device. This is typically done on Android devices by |
| utilizing a hardware-backed Keymaster implemented in an isolated environment, |
| such as the Trusted Execution Environment (TEE). It is further recommended to |
| also support a |
| <a href="https://developer.android.com/preview/features/security#hardware-security-module" |
| class="external">StrongBox Keymaster</a>, which is implemented in |
| tamper-resistant hardware.</p> |
| |
| <ul> |
| <li>Ensure that the StrongBox Keymaster is running in an environment that |
| has a discrete CPU, secure storage, a high quality true random number |
| generator, tamper resistant packaging, and side channel resistance to meet |
| the requirements to qualify as a StrongBox Keymaster. See the Android 9 |
| CDD, section 9.11.2 for more information on the requirements.</li> |
| </ul> |
| </body> |
| </html> |