The TPM is dead, long live the TEE!

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

The TPM is dead, long live the TEE!

Anders Rundgren-2
Somewhat unfortunate for Microsoft and Intel who have "bet the house" on TPMs (Trusted Platform Modules), all their competitors in the mobile space including Google and Apple, have rather settled on embedded TEE (Trusted Execution Environment) schemes enabling systems like this:

http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937

iOS:
http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf

How come the competition didn't buy into the TPM?

TPMs are based on a "one-size-fits-all" security API philosophy. Since Intel relies on external vendors supplying TPM-components this (IMHO fairly unwieldy) API must also be standardized which makes the process updating TPMs extremely slow and costly.

TEEs OTOH can be fitted at any time with application-specific security APIs which both can be standardized or entirely proprietary. In fact, even third-parties can crate new security APIs using GlobalPlatform's TEE!

How about security? Since there is (generally) very little consensus on these matters, I should probably not dive too deep into this :-)

Anders
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: The TPM is dead, long live the TEE!

Falcon Darkstar Momot
On 12/07/2014 05:33, Anders Rundgren wrote:

> Somewhat unfortunate for Microsoft and Intel who have "bet the house"
> on TPMs (Trusted Platform Modules), all their competitors in the
> mobile space including Google and Apple, have rather settled on
> embedded TEE (Trusted Execution Environment) schemes enabling systems
> like this:
>
> http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937
>
>
> iOS:
> http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf
>
> How come the competition didn't buy into the TPM?
>
> TPMs are based on a "one-size-fits-all" security API philosophy. Since
> Intel relies on external vendors supplying TPM-components this (IMHO
> fairly unwieldy) API must also be standardized which makes the process
> updating TPMs extremely slow and costly.
>
> TEEs OTOH can be fitted at any time with application-specific security
> APIs which both can be standardized or entirely proprietary. In fact,
> even third-parties can crate new security APIs using GlobalPlatform's
> TEE!
>
> How about security? Since there is (generally) very little consensus
> on these matters, I should probably not dive too deep into this :-)
>
> Anders

Perhaps for another interesting example of the mobile industry's
legendary security foresight you might try to find a transcript or notes
from a talk two gentlemen by the names of Josh Thomas and Nathan Keltner
gave at recon in montreal this year titled "here be dragons: a bedtime
tale for sleepless nights."  In it, they called out how terrible
inter-vendor coordination coupled with allowing several people to add
their own APIs to the trust zone code (in that particular case, a DRM
API) resulted in a trivial and complete read/write what where
vulnerability in the trust zone (as implemented by one particular
vendor), followed by code execution.

I really don't think "mobile didn't do this therefore it's {not
relevant,a bad idea}" is valid.  The TEE has a different set of
problems, but it certainly has them, and I think it's managed to
embarrass a lot more people than TPM has during its tenure.  Also, the
platforms are only converged on the surface (if that).

--Falcon K.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto