Replying to Avatar semisol

I looked at the Tropic Square datasheet and it would not be able to offer the StrongBox keystore protection level, throttling, or support for insider attack protection. So basically not usable for this purpose.

It would be possible to do it with what I’m working on, along with some custom eSE applet-like functionality (sandboxed).
Avatar
semisol 6mo ago

Was just writing my reply when you sent yours.

With this, there would have to be a closed and immutable boot code of the secure element, otherwise the rest could be mostly open, allowing stronger firmware verification.

Insider attack protection would be implemented as system-controlled flag that decides whether data transfer is allowed across applet upgrades. This could require the owner to authenticate, so it would fulfill that requirement.

Requiring the KeyStore applet be signed by a trusted party + issuing an attestation certificate to it would also tick that box.

Reply to this note

Please Login to reply.

Discussion

No replies yet.