TPM 2.0 Mobile Reference Architecture Specification
The Trusted Computing Group has published three Trusted Platform Module (TPM) 2.0 Mobile Specifications:
- TPM 2.0 Mobile Reference Architecture
- TPM 2.0 Mobile Common Profile
- TPM 2.0 Mobile Command Response Buffer Interface
The TPM 2.0 Mobile Reference Architecture Specification defines architecture for the implementation of a TPM 2.0 Library Specification-compliant TPM executing within a Protected Environment in mobile platforms. It includes examples of several implementation approaches.
The TPM 2.0 Mobile Common Profile Specification defines a profile of the TPM 2.0 Library Specification that is applicable to all mobile devices that claim conformance to the TPM 2.0 Mobile Reference Architecture and is optimized for ease-of-implementation in feature phones, basic phones, eBook readers, and other similar constrained mobile devices.
The Command Buffer Response (CRB) Interface is an interface between a TPM and software and is intended to work with a large number of implementation options. With the CRB Interface it is possible to write a driver that can interact with a TPM, whether implemented as a discrete component on a peripheral bus, or in an execution mode in a Protected Environment. The CRB Interface can be implemented on any TPM architecture, including PC client.
Further to the precursor Mobile Trusted Module (MTM) v1.0 Specification, enhancements defined in the TPM 2.0 Mobile Specifications include:
- A firmware TPM 2.0 Mobile architecture implementable in a system-on-a-chip isolated Protected Environment
- Revised definitions of the inherently trusted Roots of Trust
- Enhancements to the availability of TPM 2.0 Mobile to trusted applications
- Enhanced authorization for improved TPM 2.0 Mobile management
- Support for algorithm agility
- Secure Boot and Measured Boot
The intended mobile platforms for these specifications range from the most basic ebook readers, to basic phones and feature phones, up to smartphones and could also be supported on tablets and laptops.
The security services that the TPM 2.0 Mobile Specifications facilitate are aimed at consumers (end users), enterprises, mobile device manufacturers, mobile network operators, mobile service providers, the public sector, and others.
Standardized mobile endpoint security provides essential TPM security services for a wide range of mobile use cases and applications. It enables protection of private and sensitive assets, cross-platform security compatibility, and interoperability across mobile device types.