7

Some PCs come with a TPM. One of the nifty capabilities of TPMs is the ability to perform remote attestation. Remote attestation allows your computer to tell a third computer what software your computer is currently running -- and this statement is signed by the TPM hardware, so malicious software cannot lie or subvert the mechanism.

Are there any tablets that support remote attestation? (Or are there any smartphones that support it? Is remote attestation even supported on any ARM or Atom chipset?)

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 1
    Your best bet is to hope for an Mobile Trusted Module (MTM). It's much more flexible and uses a more detailed use case targeted at mobile platforms. It's not available though `:)` – recluze Nov 22 '12 at 01:50

3 Answers3

9

When a TPM provides a remote attestation, several components are involved:

  1. the TPM as a tamper-resistant device containing a root of trust;
  2. the TPM as a device to measure the software running on the main processor and produce an attestation;
  3. software to connect to the TPM and retrieve the attestation and transmit it (this software is merely relaying a signed attestation provided by the TPM, so it need not be trusted).

The third point is “easy” insofar as such software already exists, and could be ported to tablets if there was a use for it.

The first point is a blocker in the mobile device ecosystem, because phones and tablets tend towards having very few chips; an extra TPM chip is seen a as significant cost increase. While TCG has defined specifications for a MTM (a lightweight TPM for mobile devices), I don't think an MTM found in any smartphone for the general public. Microsoft is pushing for TPM in tablets, so MTM or TPM in mobile devices may become more widespread (e.g. the new Windows Phone 8 has a TPM).

Point 2 does not actually require a TPM as a physical device, but a system component providing a TPM-like interface and running outside the reach of the normal operating system. For example, the OS (e.g. Windows RT or Android) could run in a virtual machine, with the hypervisor providing a (virtual) TPM. There are two immediate hurdles with this approach:

  • The Cortex-A15 is the first ARM core providing virtualization extensions. Devices with A-15-based processors are barely coming out now.
  • While the hypervisor can store the root of trust outside the reach of the main operating system at runtime, it needs a place to store this root of trust — that can't be the main flash memory where the OS could overwrite it.

The first hurdle can be solved with TrustZone, which provides a kind of specialized hypervisor with just two OS partitions and is present on all ARM-based processors used in smartphones and tablets (and it's difficult as a user to know what if anything it's used for). The second hurdle requires more support in the processor, but there are processors deployed in existing devices (e.g. the Motorola Droid) that provide at least a small amount of non-volatile memory in the form of fuses (physical write-once) that are only readable by the “trusted world” side of TrustZone and not by the main operating system. A TPM interface can be built on top of that, and TCG is working on it. This may well be the “firmware-based TPM” in the ARM-based Surface (which does not have a discrete TPM chip).

So, to summarize: there are pretty much no tablets with actual TPMs. But there are tablets with something that can implement the same security requirements (with a slightly lower level of confidence). You can't yet buy any tablet and expect to have remote attestation working on it, nor can you implement it yourself because you won't get access to the root of trust, but with the current hype around BYOD, more and more products should be coming out.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
2

This is more feedback than an answer. My apologies if I'm in the wrong area here.

There are several security baseline management tools out there for tablets, just fire up ye'ole Googlez. On the whole sand-boxing the devices seems to be the predominate approach, sadly. If you're interested in MS devices (masochism maybe?) this ( http://www.windowsecurity.com/articles/Windows-8-Tablets-Secure-enough-Enterprise.html ) is a pretty good article outlining Win8 and Surface security constructs and specifically addresses ARM.

On the topic of mobile security, however, you may find 'Guidelines on Hardware- Rooted Security in Mobile Devices (Draft)' ( http://csrc.nist.gov/publications/drafts/800-164/sp800_164_draft.pdf ) to be of interest. It's a fairly new draft that addresses just this class of problem.

Share and enjoy,

grauwulf
  • 955
  • 5
  • 10
  • Thank you, @grauwulf. The NIST publication had some useful information. Excerpt: "Current mobile devices lack the hardware-based roots of trust that are increasingly built into laptops and other types of hosts." Sounds like the answer to my question is: no, there don't seem to be any tablets that support remote attestation at the moment. Thank you (and welcome to the site!). – D.W. Nov 21 '12 at 18:50
1

Here is a list of tablet-like vPro (TPM, VT-d and TXT capable) devices available as of early 2013. Sometimes there are several model numbers which are slightly different in their hardware specifications, make sure you're buying a device with the correct vPro hardware and BIOS support for TXT. Call the OEM support number if you want to be sure.

user21097
  • 11
  • 1