en/security/best-practices/hardware.html - platform/docs/source.android.com - Git at Google

 <html devsite>
   <head>
     <title>Hardware Security Best Practices</title>
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
   <!--
       Copyright 2018 The Android Open Source Project

       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

           //www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
   -->

 <p id="hardware-security">This page contains recommendations to ensure
     that the hardware present on Android devices contributes to raising the
     overall security of the device instead of compromising the security of
     the device.
 </p>

 <h2 id="device-memory">Device memory</h2>

 <p>It is important to understand the potential security tradeoffs when
   selecting memory for Android devices. For example, certain types of memory
   may enable the execution of
   <a href="https://en.wikipedia.org/wiki/Row_hammer"
      class="external">Rowhammer</a> style attacks.</p>

 <ul>
   <li>Android devices should use memory that contains mitigations against
     Rowhammer style attacks. Device manufacturers should work closely with
     their memory manufacturers for additional details.</li>
 </ul>

 <h2 id="strongbox-keymaster">StrongBox Keymaster</h2>

 <p>It is important to securely store and handle cryptographic keys that are
   available on the device. This is typically done on Android devices by
   utilizing a hardware-backed Keymaster implemented in an isolated environment,
   such as the Trusted Execution Environment (TEE). It is further recommended to
   also support a
   <a href="https://developer.android.com/preview/features/security#hardware-security-module"
      class="external">StrongBox Keymaster</a>, which is implemented in
   tamper-resistant hardware.</p>

 <ul>
   <li>Ensure that the StrongBox Keymaster is running in an environment that
     has a discrete CPU, secure storage, a high quality true random number
     generator, tamper resistant packaging, and side channel resistance to meet
     the requirements to qualify as a StrongBox Keymaster. See the Android 9
     CDD, section 9.11.2 for more information on the requirements.</li>
 </ul>
   </body>
 </html>
	<html devsite>
	<head>
	<title>Hardware Security Best Practices</title>
	<meta name="project_path" value="/_project.yaml" />
	<meta name="book_path" value="/_book.yaml" />
	</head>
	<body>
	<!--
	Copyright 2018 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	//www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<p id="hardware-security">This page contains recommendations to ensure
	that the hardware present on Android devices contributes to raising the
	overall security of the device instead of compromising the security of
	the device.
	</p>

	<h2 id="device-memory">Device memory</h2>

	<p>It is important to understand the potential security tradeoffs when
	selecting memory for Android devices. For example, certain types of memory
	may enable the execution of
	<a href="https://en.wikipedia.org/wiki/Row_hammer"
	class="external">Rowhammer</a> style attacks.</p>

	<ul>
	<li>Android devices should use memory that contains mitigations against
	Rowhammer style attacks. Device manufacturers should work closely with
	their memory manufacturers for additional details.</li>
	</ul>

	<h2 id="strongbox-keymaster">StrongBox Keymaster</h2>

	<p>It is important to securely store and handle cryptographic keys that are
	available on the device. This is typically done on Android devices by
	utilizing a hardware-backed Keymaster implemented in an isolated environment,
	such as the Trusted Execution Environment (TEE). It is further recommended to
	also support a
	<a href="https://developer.android.com/preview/features/security#hardware-security-module"
	class="external">StrongBox Keymaster</a>, which is implemented in
	tamper-resistant hardware.</p>

	<ul>
	<li>Ensure that the StrongBox Keymaster is running in an environment that
	has a discrete CPU, secure storage, a high quality true random number
	generator, tamper resistant packaging, and side channel resistance to meet
	the requirements to qualify as a StrongBox Keymaster. See the Android 9
	CDD, section 9.11.2 for more information on the requirements.</li>
	</ul>
	</body>
	</html>