Trusty Trusted Execution Environment (TEE)
Trusty is a secure Android OS having the same processor that Android uses but is isolated from the rest of the system in terms of hardware and software. The isolation feature of this OS prevents malicious apps from getting installed and hence increases the security strength.
The Trusty repositories can be downloaded and installed from Android Open Source Project (AOSP)
Encryption
It is the process of encoding all user data on an Android device using symmetric encryption keys. The encryption maintained in Android are of two types File Based Encryption and Full Stack Based Encryption.
File Based Encryption: -
In this type of encryption, different types of files can be encrypted with different keys and unlocked independently. Android 7.0 and higher versions supports this encryption. It also supports Direct Boot which allows the devices to boot directly to the lock screen.
MetaData Encryption: -
When File Based Encryption is used, information such as file data, design layout, permissions are not encrypted. These information are called filesystem metadata.
It was introduced in Android 9.0, metadata encryption encrypts file based encryption information as well as metadata information.
In Metadata Encryption, a single key is present at boot time which encrypts metadata information. The key is protected by KeyMaster which is again protected by verified boottime.
Enabling Adiantum: -
Adiantum is an encryption mechanism in Android OS that is used on those Android devices whose CPU lacks AES instructions.
Due to lack of AES instructions, providing Adiantum encryption on those devices provides lesser overhead.
Study Material
Quiz