Content deleted Content added
→Hardware support: Added info Tags: Mobile edit Mobile web edit Advanced mobile edit |
|||
Line 18:
Service providers, [[mobile network operator]]s (MNO), operating system developers, [[Mobile Application Development|application developers]], device manufacturers, platform providers, and silicon vendors are the main stakeholders contributing to the standardization efforts around the TEE.
To prevent the simulation of hardware with user-controlled software, a so-called "hardware root of trust" is used. This is a [[Trusted_computing#Endorsement_key|set of private keys that are embedded directly into the chip during manufacturing]]; one-time programmable memory such as [[eFuse]]s is usually used on mobile devices. These cannot be changed, even after the device resets, and whose public counterparts reside in a manufacturer database, together with a non-secret hash of a public key belonging to the trusted party (usually a chip vendor) which is used to sign trusted firmware alongside the circuits doing cryptographic operations and controlling access.
The hardware is designed in a way which prevents all software not signed by the trusted party's key from accessing the privileged features. The public key of the vendor is provided at runtime and hashed; this hash is then compared to the one embedded in the chip. If the hash matches, the public key is used to verify a [[digital signature]] of trusted vendor-controlled firmware (such as a chain of bootloaders on Android devices or 'architectural enclaves' in SGX). The trusted firmware is then used to implement remote attestation.<ref>{{Cite web|url=https://www.researchgate.net/publication/342833256|title=Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX}}</ref>
| |||