I need the list of Android phones that support secure element and StrongBox in Android 9. Where or how can I find that?
I tried the code below with Samsung Galaxy S9 and also with AVD Google Pixle XL API 28
KeyPairGenerator kpg = null;
kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("keystore1", KeyProperties.PURPOSE_SIGN)
.setCertificateSerialNumber(BigInteger.valueOf(1L))
.setCertificateSubject(new X500Principal("CN=MyCompany"))
.setIsStrongBoxBacked(true) /* Enable StrongBox */
.setInvalidatedByBiometricEnrollment(true)
.build());
KeyPair kp = kpg.generateKeyPair();
KeyFactory factory = KeyFactory.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
KeyInfo keyInfo = factory.getKeySpec(kp.getPrivate(), KeyInfo.class);
keyInfo.isInsideSecureHardware();
It throws the exception below:
android.security.keystore.StrongBoxUnavailableException: Failed to generate key pair
Currently very few devices support StrongBox, and unfortunately the information you can find online is scarce at best.
While you are right, that according to Android devices running Android 9.0 should support Strongbox, Strongbox is a separate hardware component, and I would assume only devices launching with Android 9.0 have the chance of having the hardware.
There is the GrapheneOS/AttestationSamples repository, which collects security information about multiple devices.
Taking a look, only Google's Pixel 3 devices support strongbox. You can see the Strongbox attestation certificates in the folders.