Feeds

EU approves push to get the unknown security in ARM chips into use

Chipmaker must promise to let others join the TEE party

Gartner critical capabilities for enterprise endpoint backup

The European Commission has approved the creation of a new secure-element company backed by ARM, Gemalto and Giesecke & Devrient, just as long as ARM promises to keep its hardware open.

The new company will develop and sell products running software from G&D and Gemalto on the TrustZone element embedded in ARM chips, complete with management software, but the EU required promises from ARM that it wouldn't unfairly lock out competitive offerings.

"ARM will provide the necessary hardware information to competitors at the same conditions as to the joint venture to enable them to develop alternative TEE [Trusted Execution Environment] solutions. Moreover, ARM will not design its IP in a way that would degrade the performance of alternative TEE solutions."

That restriction lasts eight years, after which all bets are off.

ARM will own 40 of cent of the new venture, which builds on the growing need for better security on smartphones and other mobile devices, with Gemalto and G&D splitting the remaining 60 per cent between them. However, as the two software companies currently have different business models for their code (Gemalto licenses while G&D gives it away, making money on the servers) the model to be adopted by the new venture is a still work in progress.

TrustZone is built into ARM's chip designs, which are licensed out to processor manufacturers which have put the technology into around 90 per cent of mobile phones, though very few have the software to take advantage of it. Neither can that software easily be downloaded, as downloaded software can't be trusted, but the facility can easily be utilised in new handsets where the software can be securely preloaded.

Such apps run with the TrustZone, isolating them from the operating system and malware which could be lurking there. The process is not as secure as putting the secure element in the SIM, according to the SIM manufacturers at least, but it’s a good deal more secure than the phone's architecture.

But despite the ubiquity of TrustZone, and its ability to secure the OS, verify downloads, authenticate users and prevent man-in-the-middle attacks, almost no one is using it, which is what's promoting this new collaboration. The three companies will promote a single trusted execution environment making it much easier for banks, and other people interested in secure tokens, to create applications, and competing with the operator-owned secure element in the SIM.

NFC Times has more details, and points out that GlobalPlatform has been busy creating a standard API for communicating with an embedded secure element which could be important as phones with Intel chips inside use that company's Secure Element instead.

So soon we won't have to trust our mobile phone OS at all, we'll just have to trust the Secure Element supplier instead, which is (probably) good news for all concerned. ®

Boost IT visibility and business value

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks
New plug not compatible with official Type-C, according to fresh rumors
The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
And yes it does need a fat HDD (or SSD, it's cool with either)
FEAST YOUR EYES: Samsung's Galaxy Alpha has an 'entirely new appearance'
Wow, it looks like nothing else on the market, for sure
YES YES YES! Apple patents mousy, pressure-sensing iVibrator
Fanbois prepare to experience the great Cupertin-O
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
Apple analyst: fruity firm set to shift 75 million iPhones
We'll have some of whatever he's having please
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.