1# AuthMgr 2 3The AuthMgr protocol authenticates and authorizes clients before they can 4access trusted HALs, AIDL-defined services in trusted execution environments. 5Version 1 was designed to allow applications running in a protected virtual 6machine (pVM) to access services running in a TEE in ARM TrustZone. An 7implementation of `IAuthMgrAuthorization` is referred to as an AuthMgr Backend. 8An implementation of a client of the AuthMgr Backend is referred to as an 9AuthMgr Frontend. 10 11 12## Additional Requirements by Android Version 13 14The comments on `IAuthMgrAuthorization` describe the requirements for implementing 15an AuthMgr Backend (implementor of the interface) itself. There are some additional 16requirements that are specific to Android release versions. 17 18### Android 16 19- If implementing `IAuthMgrAuthorization` in Android 16 only one AuthMgr Backend is 20supported and dynamic service discovery is not supported. The AuthMgr Backend 21service must be exposed on secure partition ID 0x8001 over VSOCK port 1. 22 23- AuthMgr Front Ends must implement the "android.16" profile as described in the 24[Android Profile for DICE](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#versions)