When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also enabled tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module. It is an important security enhancement for Android devices and paved the way for us to consider features that were previously not possible.
StrongBox and tamper-resistant hardware are becoming important requirements for emerging user features, including:
- Digital keys (car, home, office)
- Mobile Driver’s License (mDL), National ID, ePassports
- eMoney solutions (for example, Wallet)
All these features need to run on tamper-resistant hardware to protect the integrity of the application executables and a user’s data, keys, wallet, and more. Most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE). We believe this SE offers the best path for introducing these new consumer use cases in Android.
In order to accelerate adoption of these new Android use cases, we are announcing the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets. Today, we are launching the General Availability (GA) version of StrongBox for SE. This applet is qualified and ready for use by our OEM partners. It is currently available from Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales.
It is important to note that these features are not just for phones and tablets. StrongBox is also applicable to WearOS, Android Auto Embedded, and Android TV.
Using Android Ready SE in a device requires the OEM to:
- Pick the appropriate, validated hardware part from their SE vendor
- Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
- Work with Google to provision Attestation Keys/Certificates in the SE factory
- Use the GA version of the StrongBox for the SE applet, adapted to your SE
- Integrate HAL code
- Enable an SE upgrade mechanism
- Run CTS/VTS tests for StrongBox to verify that the integration is done correctly
We are working with our ecosystem to prioritize and deliver the following Applets in conjunction with corresponding Android feature releases:
- Mobile driver’s license and Identity Credentials
- Digital car keys
We already have several Android OEMs adopting Android Ready SE for their devices. We look forward to working with our OEM partners to bring these next generation features for our users.
Please visit our Android Security and Privacy developer site for more info.