On Aug 20, 2022, at 8:23 PM, Laurence Lundblade <lgl@xxxxxxxxxxxxxxxxx> wrote:
To go on a bit further, there are many attestation architecture possible here for various use cases. Maybe even one phone has more than one implementation of attestation. The TEE is likely the lead attester in many. For example, in a content protection application it may collect measurements from the video playback subsystem and from Android and report to the video distribution server. Or go for further to have nesting and have a HW root of trust (like a TPM, but more capable) and have it attest to the TEE and then the TEE attests to other parts. Samsung Knox TIMA is an implementation of this that includes taking *and* evaluating them on the device. Simple Android applications may want to include attestation that is either shallow (just the app) or deep (down to HW root of trust) so their associated servers know it’s really the authentication application. Qualcomm’s product here does some of that. When the secure element is included, it will probably produce its own signed stand-alone attestation. That attestation can be included as a nested token in a TEE-based attestation of the TEE and other parts of the device. This cryptographically binds that particular secure element attestation to the rest of the parts of the phone, perhaps for top-bottom (user interface to secured key material) attestation of a financial transaction. LL |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
