Google Git
Sign in
fuchsia/fuchsia/HEAD/./src/security/lib
tree: bb9e46967096f77b281d8cb4e74fd516b4b2f94b
  1. fake-keymint/
  2. fcrypto/
  3. fuchsia-tcti/
  4. keysafe/
  5. kms-stateless/
  6. scrutiny/
  7. tee/
  8. tpm/
  9. BUILD.gn
  10. README.md
src/security/lib/README.md

Fuchsia Security: Libraries

Overview

This directory contains all libraries owned by the Fuchsia security team. Not all of these libraries are intended for general consumption please consult the security team before including them in a new project.

Library Descriptions

  • fcrypto: Harder-to-misuse C++ library providing cryptographic primitives wrapping boringssl routines intended to support zxcrypt.
  • fuchsia-tcti: The Fuchsia implementation of the TPM Command Transmission interface. This is consumed by our port of //third_party/tpm2-tss to enable the TCG TPM2 Software Stack (TSS2) to work on Fuchsia.
  • keysafe: Keysafe trusted application interface, which defines the list of supported commands and their parameters.
  • kms-stateless: A stateless (does not persist anything by itself) key management service built on top of the KeySafe TA. Currently supports hardware protected key derivation and rotations.
  • scrutiny: Scrutiny is a static analysis library for Fuchsia . It is a powerful framework that aims to allow you to inspect all aspects of a built product and build verifiers on top of it which can guarantee properties are maintained at build time. For instance we use this library today to validate that all protocol routes in the system are valid or to prevent unwanted files sneaking into bootfs. See ffx scrutiny for all the verifiers implemented on top of this library.
  • tee: Client API that allows Fuchsia to invoke an security service provided by a TA in TEE. The client API confirms to GlobalPlatform standard and currently handles TA session establishment, invoking a command, shared memory management etc.