Abstract: Systems, methods, and software can be used to select a boot loader. In some aspects, a primary boot loader on an electronic device invokes a boot selector stored on a permanent memory storage on the electronic device. The boot selector selects a secondary boot loader stored on the electronic device. The selected secondary boot loader is executed to boot the electronic device.

Abstract: Systems and methods for maintaining encryption keys are disclosed. An encrypted master key is determined by encrypting a master key based on an initial user password and discarding the master key. The encrypted master key is stored. A request for the master key including a present user password is received and verified based on comparison to the initial user password. Based on failure of verifying the present user password, a failed attempt counter that is maintained within a secure container is created. User password based access to the master key is locked out based on the failed attempt counter exceeding a defined value.

Abstract: Systems, methods, and software can be used to write system software on an electronic device. In some aspects, an instruction to write system software on an electronic device is received from a booting device that is different than the electronic device. In response to the instruction, a boot loader on the electronic device is invoked. A password is received from the booting device. Whether the received password matches a high level operating system (HLOS) password stored on the electronic device is determined. If the received password matches the HLOS password, the system software is written on the electronic device. If the received password does not match the HLOS password, the writing of the system software is halted.

Abstract: The security of a personal image in an apparently trusted UI is improved through the use of a fingerprint sensor hardwired to a Trusted Execution Environment. The personal image may be a complete or partial representation of a fingerprint sensed by the fingerprint sensor enhanced through emphasis of features of the fingerprint. Alternatively, the personal image may be an object whose movement within the UI is controlled responsive to data received from the fingerprint sensor.

Abstract: Systems and methods for maintaining encryption keys are disclosed. An encrypted master key is determined by encrypting a master key based on an initial user password and discarding the master key. The encrypted master key is stored. A request for the master key including a present user password is received and verified based on comparison to the initial user password. Based on failure of verifying the present user password, a failed attempt counter that is maintained within a secure container is created. User password based access to the master key is locked out based on the failed attempt counter exceeding a defined value.

Abstract: Systems, methods, and software can be used to select a boot loader. In some aspects, a primary boot loader on an electronic device invokes a boot selector stored on a permanent memory storage on the electronic device. The boot selector selects a secondary boot loader stored on the electronic device. The selected secondary boot loader is executed to boot the electronic device.

Abstract: Systems, methods, and software can be used to write system software on an electronic device. In some aspects, an instruction to write system software on an electronic device is received from a booting device that is different than the electronic device. In response to the instruction, a boot loader on the electronic device is invoked. A password is received from the booting device. Whether the received password matches a high level operating system (HLOS) password stored on the electronic device is determined. If the received password matches the HLOS password, the system software is written on the electronic device. If the received password does not match the HLOS password, the writing of the system software is halted.

Abstract: Systems, methods, and software can be used to provide security assurance information. In some aspects, a certificate request for a client process on a mobile device is received. A security assurance character for the client process is determined. Whether to grant the certificate request is determined based on the determined security assurance character. In response to determining to grant the certificate request, a certificate is generated.

Abstract: The security of a personal image in an apparently trusted UI is improved through the use of a fingerprint sensor hardwired to a Trusted Execution Environment. The personal image may be a complete or partial representation of a fingerprint sensed by the fingerprint sensor enhanced through emphasis of features of the fingerprint. Alternatively, the personal image may be an object whose movement within the UI is controlled responsive to data received from the fingerprint sensor.

Abstract: Systems, methods, and software can be used to provide security assurance information. In some aspects, a certificate request for a client process on a mobile device is received. A security assurance character for the client process is determined. Whether to grant the certificate request is determined based on the determined security assurance character. In response to determining to grant the certificate request, a certificate is generated.