Documents for Public Review

GlobalPlatform technical documentation

A minor version release of the GPD Internal Core API, with the following additions and bug fixes applied and showing all non-trivial changes since v1.2.1:

New features introduced:

  • Storage types TEE_STORAGE_PERSO and TEE_STORAGE_PROTECTED
  • Support for ed448 and x448 algorithms
  • Support for SHA3 including SHAKE128 and SHAKE256
  • Updated TEE_CreatePersistentObject in section 5.7.2 to support transition from a transient object to a persistent object
  • Section 6 adds the extracting state signifying digest extraction
  • Section 6.3.3 adds TEE_DigestExtract for use with XOF

Existing functionality clarified:

  • Genericized the Peripheral and Event APIs where the text specifically mentioned a TUI session
  • Resolved inconsistency in the input data buffer annotation between TEE_WriteObjectData and TEE_CreatePersistentObject
  • Section 5.9.4 corrects the offset parameter type in TEE_SeekObjectData

Text clarifications throughout in the use of illegal values reserved for testing:

  • Addition of TEE_ALG_HKDF to support key derivation operations
  • Addition of gpd.ta.doesNotCloseHandleOnCorruptObject property to define corrupted object behavior and clarified throughout
  • TEE_ERROR_OLD_VERSION renamed to TEE_ERROR_UNSUPPORTED_VERSION
  • Clarification on behavior when calling TEE_GetObjectBufferAttribute with a NULL buffer
  • Define ‘Simple Symmetric Key Types’
  • keySize parameter behavior clarification in TEE_GenerateKey
  • Table 6-4 updated to associate the algorithm, object type and mode of operation

This document is the Secure Media Path Protection Profile module for the TEE Protection Profile. Section 6 contains Security Functional Requirements expressed in non-Common Criteria language, and Section 7 contains SFRs in CC language. These contents will be re-organized after the public review.

This is the first complete draft of the Trusted User Interface module for the TEE Protection Profile, the goal of which is to provide assurance to the end-user that the display and input peripherals are owned by a specific TA at time of entry or display of sensitive data. This module is consistent with the Biometric System PP-module that already went through Public review.

Receive the latest news including technology releases from GlobalPlatform

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE