1Host process substituting for a TEE (Trusted Execution Environment). Used to 2run backing implementations of Android HALs that normally delegate to a TEE 3environment, specifically ConfirmationUI, Gatekeeper, and Keymint. 4 5Gatekeeper and Keymint communicate with `secure_env` through virtio-console 6channels connected to FIFO files on the host. The display part of 7ConfirmationUI is runs in the `webRTC` host process, which delegates signing 8operations only to `secure_env`. 9 10Before entering the kernel, the u-boot bootloader writes some information 11about the device image files into the keymint channel to prepare it with 12the authenticated version number of the operating system. 13 14[](https://cs.android.com/android/platform/superproject/+/master:device/google/cuttlefish/host/commands/secure_env/doc/linkage.svg) 15
){kind=link}