The most recent R-7 ReticleOS release has the following high level security features:
- Secure Boot, root of trust integrity check of all important images using digital signature verification
- Full Disk Encryption (Persistent data storage encryption - off by default)
- Hardware based crypto services (Key Generation, Hashing, Encryption, etc.)
The R-7 uses the Qualcomm 805 chipset, which includes the APQ8084 CPU, 3 GB of DDR RAM and 64 GB of eMMC Flash (persistent) storage. It currently (as of Dec. 2016) runs Android KitKat (v 4.4.4). ODG builds the OS from scratch, based on code released to us by Qualcomm.
Qualcomm went thru a FIPS-140-2 Level 1 certification that would apply to this codebase running on the 805; see these documents for further details:
- Cryptographic module in Snapdragon 805 is FIPS 140-2 certified
- Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
- QTI Cryptographic Module on Crypto 5 Core
The user may load certificates for use by Applications and for VPN authentication:
There are optional features that can be enabled in the platform:
- SELinux/SEAndroid - https://en.wikipedia.org/wiki/Security-Enhanced_Linux
- DM-Verity - https://source.android.com/security/verifiedboot/dm-verity.html
If your solution requires any of these types of features, contact us.