There are two valuable features of Windows, bitlocker and virtual smart card, that depend on the Tpm. That and recent hiring in the tpm team leads me to conclude the tpm will be with us for a very long time.
-----Original Message----- From: "Anders Rundgren" <[email protected]> Sent: 7/18/2014 11:47 AM To: "Tom Jones" <[email protected]>; "[email protected]" <[email protected]> Subject: Re: [android-security-discuss] Re: The TPM is dead, long live theTEE! On 2014-07-15 20:55, Tom Jones wrote: > I think you miss the point. The TPM 2.0 spec is written to be enabled in the > TEE. > What you say is limited to the TPM 1.2 spec. > Microsoft has been shipping TPM 2.0 in the ARM Windows RT for over a year. This is correct. But what is also means is that it is the TEE that is the new core. The TPM spec will only be used by Microsoft and probably only a couple of years more. Anders > ..tom > > On Monday, July 14, 2014 8:43:11 PM UTC-7, Anders Rundgren wrote: > > In spite of Microsoft, Intel and Nokia "betting the house" on TPMs > (Trusted Platform Modules), all their competitors in the mobile space > including Google and Apple, have rather settled on embedded TEE (Trusted > Execution Environment) schemes like this: > > > http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937 > > <http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937> > http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf > <http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf> > > How come the competition didn't buy into TPMs? > > TPMs are based on a /"one-size-fits-all"/ API philosophy. Since /Intel > relies on external vendors/ supplying TPM-components this (IMHO fairly > unwieldy) API must also be standardized _making the process updating TPMs > extremely slow and costly_. The constraints on silicon that existed during > the "Palladium" days are since long gone. > > TEEs OTOH can be fitted at any time with /application-specific security > APIs/ which both can be standardized or entirely proprietary. In fact, even > third-parties can introduce new security APIs using GlobalPlatform's TEE. > > /Converted into practice/: _My old Nexus 7 got hardware-protected keys > through an OTA update_ while my new Dell XPS-15 will be stuck with TPM 1.2 > during the rest of its life! > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to > [email protected] > <mailto:[email protected]>. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
