Both TZ and TPMs have firmware. It's loaded and verified in different ways, but assuming correct implementations I think that's a distinction without a difference.
Because the TPM is a separate processor, TPMs are likely somewhat less vulnerable to side-channel attacks, particularly timing analysis. But only somewhat, because the communications bus (usually USB) has fairly consistent latency. TPMs are more likely to include internal capacitors to buffer power consumption to mitigate power analysis, too, though I don't expect many of them actually do. With respect to hardware-level attacks, the relative strengths depend on (a) whether the TZ code runs in TCRAM (tightly-coupled RAM; basically on-SoC SRAM rather than external DRAM) and (b) whether the TPM is protected against physical penetration. TZ code running out of DRAM is the weakest against hardware attacks, since the attacker just has to monitor the DRAM address bus (which isn't actually easy at multi-GHz clock rates, but possible). TZ code running out of TCRAM is basically equivalent, I think, to a TPM that doesn't have physical penetration countermeasures, which is the case for many TPMs since hardware attack aren't generally part of the TPM threat model. In either case, an attacker can potentially peel the top of the chip, dig down to find where the persistent secrets are located and read them out with a scanning electron microscope. I'm told some modern TPMs have adopted the sort of passive hardware countermeasures that are common in smart card chips. These primarily consist of cladding layers around the chip that make physical penetration difficult without damaging the silicon and therefore its secrets. It can still be done, but it's harder. Cladding also makes physical measurement-based side channel attacks harder. The same could be done with TZ. It would require wrapping physical penetration countermeasures around the SoC. I doubt that anyone does this. On Thu, Mar 5, 2015 at 4:08 PM Blibbet <[email protected]> wrote: > > "Hardware-backed" means "in ARM TrustZone" on all existing devices. Since > > TrustZone isn't separate hardware but a secure mode of the main CPU [...] > > I recall an Intel engineer talking at a UEFI security event, saying that > TZ is firmware-based software-based, whereas TPM is hardware-based and > more secure than TZ. (From UEFI security POV, not Android-centric). > > If anyone has a pointer to the official TZ docs that clarify how they > implement their code, and how secure it is compared to TPM, I'd > appreciate it. > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to android-security-discuss@ > googlegroups.com. > Visit this group at http://groups.google.com/ > group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
