Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

List of Android smart phones that support Android StrongBox on API 28(Android Pie)

I need the list of Android phones that support secure element and StrongBox in Android 9. Where or how can I find that?

I tried the code below with Samsung Galaxy S9 and also with AVD Google Pixle XL API 28

KeyPairGenerator kpg = null;
kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("keystore1", KeyProperties.PURPOSE_SIGN)
                    .setCertificateSerialNumber(BigInteger.valueOf(1L))
                    .setCertificateSubject(new X500Principal("CN=MyCompany"))
                    .setIsStrongBoxBacked(true) /* Enable StrongBox */
                    .setInvalidatedByBiometricEnrollment(true)
                    .build());
            KeyPair kp = kpg.generateKeyPair();
            KeyFactory factory = KeyFactory.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
KeyInfo keyInfo = factory.getKeySpec(kp.getPrivate(), KeyInfo.class);
keyInfo.isInsideSecureHardware();

It throws the exception below:

android.security.keystore.StrongBoxUnavailableException: Failed to generate key pair

like image 725
mohammad pakivand Avatar asked Apr 14 '19 04:04

mohammad pakivand


People also ask

What is Android StrongBox?

StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module. It is an important security enhancement for Android devices and paved the way for us to consider features that were previously not possible.

Is Android 9 still secure?

Yes. But some apps wont get updates and your device will become slower time to time. But it is fine to use a device running Android 9.


1 Answers

Currently very few devices support StrongBox, and unfortunately the information you can find online is scarce at best.

While you are right, that according to Android devices running Android 9.0 should support Strongbox, Strongbox is a separate hardware component, and I would assume only devices launching with Android 9.0 have the chance of having the hardware.

There is the GrapheneOS/AttestationSamples repository, which collects security information about multiple devices.

Taking a look, only Google's Pixel 3 devices support strongbox. You can see the Strongbox attestation certificates in the folders.

like image 187
emilanov Avatar answered Oct 13 '22 07:10

emilanov