summaryrefslogtreecommitdiffstats
path: root/fastboot/usb_windows.cpp
diff options
context:
space:
mode:
authorDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2019-06-09 16:02:02 +0200
committerJoonas Kylmälä <joonas.kylmala@iki.fi>2020-06-25 07:57:45 -0400
commitc92720b38d68913f61f1419c8bf910a09aba9e1d (patch)
tree3e21340861a19bdd1c08c219b94a51949f2958f7 /fastboot/usb_windows.cpp
parent75afa19b3a854d09ee0f5c59862b33514d206cf4 (diff)
downloadsystem_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.tar.gz
system_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.tar.bz2
system_core-c92720b38d68913f61f1419c8bf910a09aba9e1d.zip
HACK: gatekeeperd: force software imeplementation
Without that hack, IGatekeeper::getService() will try to get a service implementing the Gatekeeper HAL. The HAL is supposed to talk to a component that resides in a Trusted Execution Environment (TEE) such as MobiCore. On many Android device, the Trusted Execution Environment is not free software, nor under the control of the user, so it cannot be trusted by the user, and in fact it's better, if possible, to make sure that it does not to run at all in that case. Because of that the proper fix would be either to implement a Gatekeeper HAL that would not depend on nonfree software that cannot be trusted. This could for instance be implemented by: * Using a simple software implementation. * Using the linux kernel keyring for that which can provide good resilience against userspace trying to get key material. See man 7 keyrings for more information on that. * Have a free software Trusted Execution Environment like Google's Trusty or other implementations. See the following documentation for more background information: https://source.android.com/security/authentication/gatekeeper Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> Rebased and adapted for Replicant 10 Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Diffstat (limited to 'fastboot/usb_windows.cpp')
0 files changed, 0 insertions, 0 deletions