"Hardware-backed" means "in ARM TrustZone" on all existing devices. Since TrustZone isn't separate hardware but a secure mode of the main CPU, key generation should be almost exactly as fast as a software key, since the only additional cost is the context switches in and out of secure mode. If KeyChain.isAlgorithmSupported returns true for an algorithm, that means that algorithm is supported in secure hardware (actually, TrustZone) on your device.
On Nexus 5, keystore.msm8974.so is the HAL module that talks to the Qualcomm trusted OS. On Tue, Mar 3, 2015 at 8:25 PM William Roberts <[email protected]> wrote: > Without rooting an image, is there a way to test if AKS is hardware > backed? KeyChain.isKeyAlgorithmSupported("RSA")) returns true, but others > suspect the generation times are too fast (1.2-1.7 seconds). > > On Kitkat Nexus 5, I see /system/lib/hw contains 2 keymaster > implementations: > > keystore.default.so > keystore.msm8974.so > > I initially was going to look at the memmap of keystored to see what was > loaded. Any comments, much appreciated. > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
