What is Samsung
Knox?
Samsung Knox is a comprehensive set of security features for personal and enterprise use pre-installed in most of Samsung's smartphones, tablets, and wearable.
Samsung Knox provides a list of security features—both hardware and software—that allow business and personal content to securely coexist on the same handset, and allows other developers to communicate with these features throughout its SDKs. Some of these features coexist with already existing security enhancements provided by Android.
Softwares
Samsung Knox Container
Named the "Knox Workspace" app container—allows a user to press an icon that switches immediately between Personal and Work mode with no reboot required. Samsung has claimed that this feature will be fully compatible with Android and Google, and will provide full separation of work and personal data on mobile devices and "addresses all major security gaps in Android". Tripping the e-fuse will cause the container to remain inaccessible. The feature is similar, but not connected with, "Android for Work".
_________________________
Samsung Defex
Starting from Android Oreo, Samsung has patched the kernel to prevent root access being granted to apps even after rooting was successful. This is to prevent unauthorised apps from changing the system and deter rooting.
_________________________
Samsung Real-time Kernel Protection (RKP):-
Samsung has implemented a feature that tracks kernel changes in real time and prevents the phone from booting as well as displaying a warning message about using "Unsecured" Samsung devices. This feature is analogous to Android dm-verity/AVB and requires a signed bootloader.
_________________________
Android SE
Although Android phones are already protected by "SE for Android" feature, Samsung Knox provides periodic checks for patches that protects the system from malicious code or exploits.
_________________________
Secure Boot
Before booting in the main Kernel, Samsung runs a "pre-boot" environment where it checks for the signature match of all elements of the OS. Should an unauthorised change be detected, the e-fuse will be tripped and the system's status will change from "Official" to "Custom".
_________________________
Other Features
Connected with Samsung Knox are other features that facilitate enterprise use such as Samsung KMS (SKMS) for eSE NFC services, Mobile device management (MDM), Knox Certificate Management (CEP), Single Sign-On (SSO), One Time Password (OTP) and Virtual Private Network (VPN).
_________________________
Hardware
Knox includes built-in hardware security features: ARM TrustZone (a technology similar to TPM) and a bootloader ROM. Knox Verified Boot monitors and protects during the booting process in addition to Knox security built at a hardware level (introduced in Knox 3.3).
_________________________
e-fuse
Samsung Knox devices also use an e-fuse to indicate whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-fuse will be set if the device is booted with a non-Samsung signed bootloader, kernel, kernel initialization script or data, with a message displaying "Set warranty bit: ". Rooting the device or flashing a non-Samsung Android release will, therefore, set the e-fuse. Once the e-fuse is set, a device can no longer create a Knox Workspace container, or access the data previously stored in an existing Knox Workspace. This information may be used by Samsung to deny warranty service, in the United States, to devices that have been modified in this manner. This is the case even though, in the United States, voiding of consumer warranties in this manner may be prohibited by the Magnuson–Moss Warranty Act of 1975, at least in cases where the phone's problem is not directly caused by rooting. In addition to voiding the warranty, tripping the e-fuse will also prevent some Samsung specific apps from running such as "Samsung Pay", "Samsung Health" and "Samsung Browser"'s Secret mode. For some older versions of Knox, it may be possible to clear the e-fuse by flashing a custom firmware.
_________________________
Samsung DeX
Since Knox 3.3 the options to manage Samsung DeXwere added to allow or restrict access using the Knox platform for added control and security.
_________________________
Samsung Knox TIMA
Named TrustZone-based Integrity Measurement Architecture (TIMA), the feature allows storage of keys in the container for certificate signing using the TrustZone hardware platform.
From Wikipedia
