In spite of Microsoft, Intel and Nokia "betting the house" on TPMs (Trusted Platform Modules), all their competitors in the mobile space including Google and Apple, have rather settled on embedded TEE (Trusted Execution Environment) schemes like this:
http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937 http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf How come the competition didn't buy into TPMs? TPMs are based on a *"one-size-fits-all"* API philosophy. Since *Intel relies on external vendors* supplying TPM-components this (IMHO fairly unwieldy) API must also be standardized *making the process updating TPMs extremely slow and costly*. The constraints on silicon that existed during the "Palladium" days are since long gone. TEEs OTOH can be fitted at any time with *application-specific security APIs* which both can be standardized or entirely proprietary. In fact, even third-parties can introduce new security APIs using GlobalPlatform's TEE. *Converted into practice*: *My old Nexus 7 got hardware-protected keys through an OTA update* while my new Dell XPS-15 will be stuck with TPM 1.2 during the rest of its life! -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
