On 2014-07-15 20:55, Tom Jones wrote:
I think you miss the point. The TPM 2.0 spec is written to be enabled in the
TEE.
What you say is limited to the TPM 1.2 spec.
Microsoft has been shipping TPM 2.0 in the ARM Windows RT for over a year.
This is correct.
But what is also means is that it is the TEE that is the new core.
The TPM spec will only be used by Microsoft and probably only a couple of years
more.
Anders
..tom
On Monday, July 14, 2014 8:43:11 PM UTC-7, Anders Rundgren wrote:
In spite of Microsoft, Intel and Nokia "betting the house" on TPMs (Trusted
Platform Modules), all their competitors in the mobile space including Google and Apple,
have rather settled on embedded TEE (Trusted Execution Environment) schemes like this:
http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937
<http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937>
http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf
<http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf>
How come the competition didn't buy into TPMs?
TPMs are based on a /"one-size-fits-all"/ API philosophy. Since /Intel relies on
external vendors/ supplying TPM-components this (IMHO fairly unwieldy) API must also be
standardized _making the process updating TPMs extremely slow and costly_. The constraints on
silicon that existed during the "Palladium" days are since long gone.
TEEs OTOH can be fitted at any time with /application-specific security
APIs/ which both can be standardized or entirely proprietary. In fact, even
third-parties can introduce new security APIs using GlobalPlatform's TEE.
/Converted into practice/: _My old Nexus 7 got hardware-protected keys
through an OTA update_ while my new Dell XPS-15 will be stuck with TPM 1.2
during the rest of its life!
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
