• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2025 The Android Open Source Project
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# This module accesses properties regarding the Trusty VM that runs apps
16# used to provide security for the system, such as Keymint or Gatekeeper.
17
18module: "android.sysprop.trusty.security_vm"
19owner: Platform
20
21# The default Context Identifier to connect to Trusty over vsock.
22prop {
23    api_name: "vm_cid"
24    prop_name: "trusty.security_vm.vm_cid"
25    type: Integer
26    scope: Internal
27    access: Readonly
28}
29
30# Signals when a nonsecure VM is ready.
31#
32# This is used to launch dependent HALs.
33#
34# Trusty security VMs come in two flavors: non-secure and secure.
35#
36# 1. Non-secure VMs run on emulated environments like Cuttlefish, which lack
37#    pVM firmware and TEE support. Consequently, KeyMint's root-of-trust data
38#    is passed into the VM from the host's HAL, and an RPMB proxy provides
39#    secure storage.
40# 2. Secure VMs run on physical devices. Here, pVM firmware handles the
41#    transfer of root-of-trust data via DeviceTree, and a TEE provides secure
42#    storage.
43prop {
44    api_name: "nonsecure_vm_ready"
45    prop_name: "trusty.security_vm.nonsecure_vm_ready"
46    type: Boolean
47    scope: Internal
48    access: Readonly
49}
50
51# The Trusty Security VM is enabled.
52prop {
53    api_name: "enabled"
54    prop_name: "trusty.security_vm.enabled"
55    type: Boolean
56    scope: Public
57    access: Readonly
58}
59
60# KeyMint is enabled in the Trusty Security VM.
61prop {
62    api_name: "keymint_enabled"
63    prop_name: "trusty.security_vm.keymint.enabled"
64    type: Boolean
65    scope: Public
66    access: Readonly
67}
68