diff --git a/img/zdm_3/android_fde_vs_fbe.svg b/img/zdm_3/android_fde_vs_fbe.svg new file mode 100644 index 0000000..688a4a9 --- /dev/null +++ b/img/zdm_3/android_fde_vs_fbe.svg @@ -0,0 +1,184 @@ + + + + + + + + + + + + + + + + + + + + + + Full-Disk Encryption (FDE) + + + Android 5.0 - 9.0 • Legacy Method + + + + + + + + Entire Userdata Partition + + + + + + + + + + + + 🔑 Single Key + + + (user password protected) + + + + + + + + + How It Works: + + + • Single key encrypts entire disk + + + • User password unlocks everything + + + • All-or-nothing access model + + + + + ❌ Limitations: + + + • No access before user unlock + + + • Alarms don't work after reboot + + + • Can't receive calls before unlock + + + • Accessibility services unavailable + + + • No Direct Boot support + + + + + + 🚫 NOT ALLOWED on Android 10+ devices + + + + + + File-Based Encryption (FBE) + + + Android 7.0+ • Modern Standard + + + + + + + File 1 + + + + + + + File 2 + + + + + + + File 3 + + + + + + + File 4 + + + + + + + + + + + + How It Works: + + + • Different keys for different files + + + • Independent unlock capability + + + • Granular access control + + + + + ✅ Advantages: + + + • Direct Boot support - boots to lock screen + + + • Alarms work after reboot + + + • Can receive calls before unlock + + + • Accessibility services available + + + • Better user experience + + + + + + ✓ REQUIRED for Android 10+ devices + + + + + + 💡 FBE enables essential features before user unlock while maintaining security - that's why it replaced FDE + + diff --git a/img/zdm_3/android_protected_confirmation.png b/img/zdm_3/android_protected_confirmation.png new file mode 100644 index 0000000..d73dc46 Binary files /dev/null and b/img/zdm_3/android_protected_confirmation.png differ diff --git a/img/zdm_3/android_rot_qualcomm.png b/img/zdm_3/android_rot_qualcomm.png new file mode 100644 index 0000000..eff5971 Binary files /dev/null and b/img/zdm_3/android_rot_qualcomm.png differ diff --git a/img/zdm_3/android_rot_xiaomi.png b/img/zdm_3/android_rot_xiaomi.png new file mode 100644 index 0000000..a2df576 Binary files /dev/null and b/img/zdm_3/android_rot_xiaomi.png differ diff --git a/img/zdm_3/android_storage_locations.svg b/img/zdm_3/android_storage_locations.svg new file mode 100644 index 0000000..9ce503a --- /dev/null +++ b/img/zdm_3/android_storage_locations.svg @@ -0,0 +1,151 @@ + + + + + + + + + + + + + + + + + + Android Storage Locations + + + + + + + Device Boot + User Unlock + + + + + + + Device Encrypted (DE) + + + + + + + + + + + + + + ⏱️ AVAILABLE + + + After device boots + + + + + 🛡️ Protection: + + + + • Hardware secret + + + • TEE software verification + + + • Verified Boot check + + + + + + Use Cases: + + + Alarm clock, accessibility services, + + + phone calls, system services + + + + + + + + Credential Encrypted (CE) + + + + + + + + + + + + + + 🔐 AVAILABLE + + + After user unlocks device + + + + + 🛡️ Protection: + + + + • All DE protections + + + + • User credential required + + + • Hardware brute-force protection + + + + + + Use Cases: + + + Personal data, messages, photos, + + + most app data + + + + + + + + + + + Enhanced + + + Security + + + + + + 💡 Most apps should use CE storage for user data to maximize security + + diff --git a/img/zdm_3/android_trusted_boot_flow.png b/img/zdm_3/android_trusted_boot_flow.png new file mode 100644 index 0000000..0290ad4 Binary files /dev/null and b/img/zdm_3/android_trusted_boot_flow.png differ diff --git a/img/zdm_3/android_trusty_overview.png b/img/zdm_3/android_trusty_overview.png new file mode 100644 index 0000000..695f2d3 Binary files /dev/null and b/img/zdm_3/android_trusty_overview.png differ diff --git a/img/zdm_3/android_virtualization_framework.png b/img/zdm_3/android_virtualization_framework.png new file mode 100644 index 0000000..12491b1 Binary files /dev/null and b/img/zdm_3/android_virtualization_framework.png differ diff --git a/img/zdm_3/arm_tee.avif b/img/zdm_3/arm_tee.avif new file mode 100644 index 0000000..2d3cbea Binary files /dev/null and b/img/zdm_3/arm_tee.avif differ diff --git a/img/zdm_3/boot_orange.png b/img/zdm_3/boot_orange.png new file mode 100644 index 0000000..ea3dd83 Binary files /dev/null and b/img/zdm_3/boot_orange.png differ diff --git a/img/zdm_3/boot_red1.png b/img/zdm_3/boot_red1.png new file mode 100644 index 0000000..720ac8d Binary files /dev/null and b/img/zdm_3/boot_red1.png differ diff --git a/img/zdm_3/boot_yellow1.png b/img/zdm_3/boot_yellow1.png new file mode 100644 index 0000000..2789b56 Binary files /dev/null and b/img/zdm_3/boot_yellow1.png differ diff --git a/img/zdm_3/dm-verity-hash-table.png b/img/zdm_3/dm-verity-hash-table.png new file mode 100644 index 0000000..b8871de Binary files /dev/null and b/img/zdm_3/dm-verity-hash-table.png differ diff --git a/img/zdm_3/titan_m2_arch.png b/img/zdm_3/titan_m2_arch.png new file mode 100644 index 0000000..da541f2 Binary files /dev/null and b/img/zdm_3/titan_m2_arch.png differ diff --git a/pages/zdm_3/2-android.md b/pages/zdm_3/2-android.md new file mode 100644 index 0000000..a0b28ec --- /dev/null +++ b/pages/zdm_3/2-android.md @@ -0,0 +1,771 @@ +--- +theme: /slides/slidev-template/theme +layout: cover +background: /intro.png +class: text-center +--- + +# 👋 Zarhus Developers Meetup #3 🎉 + +## Hardware-Backed Security in Android + +
+ +
+ +--- + +# Agenda + +* Trusted Execution Environment (TEE) +* Verified Boot and Root of Trust +* Encryption +* Virtualization + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +# Trusted Execution Environment (TEE) + +--- +layout: two-cols-header +--- + +# TEE + +::left:: + +
+
+
+ +::right:: + +
+ +- Typically implemented as TrustZone on ARM processors +- Hardware-enforced isolated environment +- Provides trusted execution environment for confidential operations +- REE (Android OS) is considered unstrusted +- Small TEE OS separated from the main OS +- Trusted Apps provide critical security services + +
+ + + +--- + +# Trusty + +- Trusty - open-source implementation of secure Operating System providing TEE +for Android (Pixel devices) +- Other vendors typically have their own secure OSes provided as binary blobs +- Goal: provide reliable and free TEE alternative for hardware vendors + - Improve transparency, reduce fragmentation of the ecosystem, simplify + trusted apps development +- Uses Google TEE API - **not compliant** to the Global Platform TEE API + +
+ + + +--- +layout: two-cols-header +--- + +# TEE usage in Android + +::right:: + +
+ +::left:: + +- Lock screen passcode verification + - unless a more secure environment is present (like Titan M on Pixel) +- Biometrics + - fingerprint template matching and Face Unlock +- KeyStore + - key protection and management +- Protected Confirmation + - hardware-protected Trusted UI for high-assurance transactions +- DRM + - apps can manage DRM-protected content + + + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +# Android Verified Boot (AVB) + +--- + +# Boot process + +
+ +- BL1 - Primary Boot Loader (PBL), BootROM, provides RoT +- BL2 - Secondary Boot Loader (SBL) (e.g. TF-A) + - sets up Secure and Non-Secure Worlds, defines memory isolation boundaries +- BL31 - Secure Monitor (e.g. implementation from TF-A) +- BL32 - Secure Payload / TEE OS (e.g. OP-TEE, Trusty, QSEE Qualcomm, TEEGRIS Samsung) +- BL33 - Non-Secure Firmware / OS Bootloader (e.g. U-Boot, Little Kernel, EDK2) + + + +--- + +# RoT Requirements + +Verified Boot is a feature that guarantees the integrity of the device +software. If device implementations support the feature, they: + +- [C-1-1] MUST declare the platform feature flag android.software.verified_boot. +- [C-1-2] MUST perform verification on every boot sequence. +- [C-1-3] MUST start verification from an immutable hardware key that is the +root of trust and go all the way up to the system partition. +- Full list of requirements for Device Integrity + - https://source.android.com/docs/compatibility/16/android-16-cdd#910_device_integrity +- Android Compatibility program + - https://source.android.com/docs/compatibility/overview +- Compatibility Test Suite - some requirements covered as tests + - https://source.android.com/docs/compatibility/cts + + + +--- + +# RoT example + +Xiaomi + +
+ +- BootROM uses public key stored in FUSE space inside of the main SoC +- The `Level I Bootloader` will run after successful verification + + + +--- + +# RoT example + +Qualcomm + +
+ +
+ +- `PBL` is in BootROM and verifies images that it loads +- The `XBL_SEC` image acts as a RoT for all TrustZone images (Qualcomm TEE in particular) +- The `XBL` image acts as a RoT for all non-TrustZone images (OS loader, OS kernel), etc. +- The Root CA certificate \[...\] is either stored in QTI’s QFPROM eFuses or in the hardware ROM code + + + +--- + +# RoT example + +Google Pixel - Titan M + +
+ +- RoT provided by an external security chip (Google Titan M / M2) + + + +--- + +# Verified Boot + +- Main goal + - to ensure all executed code comes from a trusted source + - establishes a full chain of trust, starting from a hardware-protected RoT + - each stage verifies the integrity of the next stage before handing over + execution +- In addition: checks for the correct version of Android with rollback + - it helps to prevent a possible exploit from becoming persistent + - by ensuring devices only update to newer Android versions +- In addition: communicate verification state the user + + + +--- + +# dm-verity + +- Device Mapper (DM) is a Linux kernel component for managing logical volumes + - allows mapping physical block devices, to create virtual block devices +- In short: it is used to verify the integrity of system/data partitions + +
+ +
+ + + +--- + +# User-settable root of trust + +- Optional feature designed in the Verified Boot flow +- Implemented on Google Pixel devices +- Key stored in virtual partition: `avb_custom_key` +- Allows for custom OS deployments + - Signed by key trusted by end-user +- Used by the [Graphene OS during installation](https://grapheneos.org/install/web#replacing-grapheneos-with-the-stock-os) + + + +--- + +# Verified Boot states + +Possible boot states: +- no issues - boot normally with no information to the user +- YELLOW: Warning screen for LOCKED devices with custom root of trust set +- ORANGE: Warning screen for UNLOCKED devices +- RED (eio): Warning screen for dm-verity corruption +- RED (no os found): No valid OS found + +Communicated to the OS via +[bootconfig](https://source.android.com/docs/core/architecture/bootloader/implementing-bootconfig) + + + +--- +layout: two-cols-header +--- + +# LOCKED devices with custom root of trust + +::left:: + +
+ +::right:: + +- YELLOW screen on every boot +- Continues booting automatically after 10s +- User can pause it to compare OS fingerprint + + + +--- +layout: two-cols-header +--- + +# UNLOCKED devices + +::left:: + +
+ +::right:: + +- ORANGE screen +- Continues booting automatically after 10s +- Bootloader is unlocked - software integrity is not guaranteed + + + +--- +layout: two-cols-header +--- + +# dm-verity corruption + +::left:: + +
+ +::right:: + +- RED screen +- dm-verity verification failed +- Powers off automatically after 30s +- User can bypass this and continue + + + +--- + +# Generic Bootloader (GBL) + +- UEFI app (dynamic allocations use UEFI) +- Supports x86 / arm64 / riscv64 architectures +- Available as a part of AOSP (fully opensourced) +- Standardized, updatable bootloader to streamline the Android boot process +- Aims to replace fragmented landscape of vendor-specific bootloaders +- GBL contains: + - core Android boot logic + - Fastboot + - Vendor extensions + - UEFI protocol handlers + - Android Specific UEFI Protocol definitions +- **Strongly recommended** for arm64 since Android 16, may become mandatory in the +future + + + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +# Encryption + +--- +layout: two-cols-header +--- + +# Encryption + +All user data on Android device is encrypted using symmetric encryption keys + +::left:: + +
+
+ +```mermaid +sequenceDiagram + participant App as Application + participant Encryption as Encryption Layer + participant Disk as Disk Storage + + App->>+Encryption: write(userData) + Note over Encryption: Automatically encrypts
with symmetric key + Encryption->>+Disk: write(encryptedData) + Disk-->>-Encryption: success + Encryption-->>-App: success + + Note over App,Disk: 🔒 Data encrypted before committing to disk +``` + +
+
+ +::right:: + +
+
+ +```mermaid +sequenceDiagram + participant App as Application + participant Encryption as Encryption Layer + participant Disk as Disk Storage + + App->>+Encryption: read() + Encryption->>+Disk: read() + Disk-->>-Encryption: encryptedData + Note over Encryption: Automatically decrypts
with symmetric key + Encryption-->>-App: userData (decrypted) + + Note over App,Disk: 🔒 Data decrypted before returning to app +``` + +
+
+ + + +--- + +# Encryption + +
+ + + +--- + +# Storage locations + +Apps can use two kinds of storage locations with FBE + +
+ + + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +# Hardware-backed Keystore + +--- + +# Hardware-backed Keystore + +
+
+ +```mermaid +graph TB + subgraph "Boot Verification" + VB[Verified Boot
Checks OS authenticity] + end + + subgraph "TEE" + KM[KeyMint TA
Stores & manages keys
Keys never leave TEE] + GK[Gatekeeper TA
Verifies user credentials] + end + + subgraph "Software Layer" + FS[File System Layer
Ext4 / F2FS] + end + + subgraph "Storage" + DE[Device Encrypted
Available after boot] + CE[Credential Encrypted
Available after unlock] + end + + VB -->|OS Verified ✓| KM + KM -->|DE keys ready| FS + GK -->|Credentials verified ✓| KM + KM -->|CE keys ready| FS + FS -->|Request crypto ops| KM + KM -->|Encrypt/Decrypt| FS + FS -->|Access| DE + FS -->|Access| CE + + style VB fill:#E74C3C,stroke:#C0392B,stroke-width:2px,color:#fff + style KM fill:#9B59B6,stroke:#7D3C98,stroke-width:2px,color:#fff + style GK fill:#8E44AD,stroke:#6C3483,stroke-width:2px,color:#fff + style FS fill:#3498DB,stroke:#2874A6,stroke-width:2px,color:#fff + style DE fill:#52BE80,stroke:#27AE60,stroke-width:2px,color:#fff + style CE fill:#F39C12,stroke:#E67E22,stroke-width:2px,color:#fff +``` + +
+
+ + + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +# Android Virtualization Framework (AVF) + +--- + +# Android Virtualization Framework (AVF) + +Offers standardized APIs for executing sandboxed workflows + +
+ +- pKVM hypervisor (modified Linux KVM) +- Microdroid - minimal Android-based OS to easily create pVM based on existing + app +- Allows creation of Protected VM (pVMs) +- Client VM attestation using DICE + + + +--- +layout: cover +background: /intro.png +class: text-center +theme: ../slidev-template/theme +--- + +## Q&A + +
+ +