TPM & TEE – working together in harmony
Gil Bernabeu, Technical Director, GlobalPlatform
As the line between mobile devices and computers becomes increasingly blurred, security architectures from two previously separate worlds are also converging. GlobalPlatform’s secure components – the Secure Element (SE) and Trusted Execution Environment (TEE) – are becoming de facto in mobile devices and the Trusted Computing Group’s (TCG) Trusted Platform Module (TPM) is widely deployed across the computing ecosystem. GlobalPlatform’s Technical Director, Gil Bernabeu, is often asked whether the two technologies compete, if there is crossover and even if one will kill the other.
Here, Gil explains why it is not a question of competition, but one of fruitful collaboration between GlobalPlatform and TCG and the two technologies.
Q. Why are GlobalPlatform and TCG working together?
A. GlobalPlatform and TCG share a common philosophy. Every device must have a trust anchor at its core to build Chains of Trust and offer secure services. Based on this common approach, TCG and GlobalPlatform have standardized different secure services to support the deployment of use cases for different industries.
This shared viewpoint enables the organizations to come together to identify points of alignment and key areas of specialization. For example, TCG develops a range of important services specific to the PC industry which are not a focus for GlobalPlatform.
Q. What is the benefit of this collaboration?
A. I think I can use one example. The TEE’s ability to host and execute third party apps and services in its protected environment is key. Because of this, GlobalPlatform and TCG ensure that specific services defined by TCG can be loaded and managed inside a GlobalPlatform secure component, such as a TEE. We have published different documents to explain how this can be achieved. This offers a solution to device makers seeking to encrypt the hard disc – a popular service in the TPM community – allowing them to load and anchor this encryption service within a TEE.
Q. What might this convergence look like in the future?
A. Well, multiple markets are now connecting things and the demand for more security is growing. The market for both technologies looks bright and multiple routes for collaboration are in front of us. For example, the IoT world needs connectivity via 3/4/5G. Because SE technology is embedded in SIMs and eSIMs I expect the TPM use case to be delivered using a GlobalPlatform SE. Additionally, “always connected” PCs may want to authenticate to a network using a SE with a SIM function, perform a NFC transaction with a banking application or a strong authentication with FIDO. All using the same SE.
As a result, device manufacturers, alongside many other stakeholders, stand to benefit from the combined efforts of GlobalPlatform and TCG.
Learn more about TEE and SE technologies, or learn more about GlobalPlatform’s work.