W3C home > Mailing lists > Public > public-webpayments@w3.org > July 2014

The TPM is dead, long live the TEE!

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 13 Jul 2014 06:33:26 +0200
Message-ID: <53C20C16.7070602@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>
Related to http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/Overview.html:


Somewhat unfortunate for Microsoft and Intel who "bet the house" on TPMs (Trusted Platform Modules), all their competitors in the mobile space including Google and Apple, have rather settled on embedded TEE (Trusted Execution Environment) schemes enabling systems like this:

http://www.nasdaq.com/article/samsung-mobilesecurity-platform-to-be-part-of-next-android-20140625-00937

iOS:
http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf

How come the competition didn't buy into the TPM?

TPMs are based on a "one-size-fits-all" security API philosophy. Since Intel relies on external vendors supplying TPM-components this (IMHO fairly unwieldy) API must also be standardized which makes the process updating TPMs extremely slow and costly.

TEEs OTOH can be fitted at any time with application-specific security APIs which both can be standardized or entirely proprietary. In fact, even third-parties can create new security APIs using GlobalPlatform's TEE!

How about security? Since there is (generally) very little consensus on these matters, I should probably not dive too deep into this :-)

Anders
Received on Sunday, 13 July 2014 04:33:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:32 UTC