I am new to Trusty TEE OS. Is there any way to find out if an Android Device uses such an OS without rooting the device ?
AFAIK there, DRM (Digital Rights Management) is the most widely used application of Trusty OS. Some examples for DRM frameworks are Widevine/PlayReady/ClearKey.
Does it mean that if any of these frameworks are present in the Android device, it is safe to assume that there is an underlying Trusty TEE OS in use ?
Thanks
If it is an android 8+ device, TEE is a mandatory requirement for OEMs to obtain Google Mobile Services (GMS) licensing for devices that have Google apps pre-installed.
In Settings > Security > Advanced > Encryption & credentials > (CREDENTIAL STORAGE) Storage type > Hardware-backed
If it says hardware backed then TEE is present.
Programmatically, you can use isInsideSecureHardware() which returns true if the key resides inside TEE or SE.
If you want to explicitly verify if it's SE, use setIsStrongBoxBacked on the keyGenParameterSpecBuilder, key generation will fail with a StrongBoxUnavailableException if StrongBox is not supported.
Qualcomm Snapdragon and Samsung Exynos SoCs contain integrated TEE and they throw StrongBox unavailable exception but returns true for isInsideSecureHardware. Google's Titan M chip and Samsung Knox chip are discrete TEEs (called strongbox) that contains SE inside.
Q & A