No TPM on the iPhone, official!
Posted by Ken Y-N on August 6th, 2008 at 05:28pm
On the MyTriniPhone blog a person called “Pumpkin” from the iPhone development team was quoted as saying the following:
More FUD is spread by this undying rumor of “Palladium” (or TPM) being used fully on Appleās devices, making it impossible for you “to play online with legit buyers.” This is nothing but uninformed nonsense, and while there is the potential for some definition of trusted computing on iPhone and iPod Touch, Apple is not using it, and they have no way to remotely distinguish your pwned device from a legitimately activated one. This should have been obvious from our examples of running App Store applications next to our custom ones, but “obvious” is a very relative term.
When I previously mentioned the rumour of TPM on the iPhone I did say it was most unlikely to be true. However, picking apart the quote in detail I see first he denies that Palladium is used fully. I feel this confirms that they are using some aspects of the phone’s processor’s TrustZone. The rest of the quote confirms only that they do not do remote attestation, with the writer seeming to equate trusted computing with remote attestation.
The quote above came from the blog here.
2 Comments for No TPM on the iPhone, official!
1. tj | October 20th, 2009 at 12:28 am
Just an update since this is high on the Google index, for reference.
The 3GS with 3.1 doesn’t use TrustZone either, but the ipod touch 2G with the Cortex A8 is using it in some context. The ihpone dev team haven’t made any advances with it yet.
If you can’t execute instructions inside a logical partition and the partition management is transistor logic, there is no hacking going to be done unless you can get into the TrustZone.
LPAR schemes have never failed in the security industry. They require side channel attacks like DMA manipulation. IBM pioneered it and now other vendors are catching on to the usefulness of hardware enforced out of context instruction and memory handling.
Sorry for beating a dead horse, but this is one of the only direct reference to it on the net outside product literature from what I see. The iphone attacks where the results of memory corruption, and logical partition was in place to prevent escalation. I’ve done work with TI OMAP cores and PPC, most vendors don’t even attempt to use TrustZone.
2. tj | October 20th, 2009 at 9:55 am
There where a couple errors in my above comment. I was in a hurry, sorry.
The ipod touch 3G is the one with the newer Cortex A8 chip that has ARM TrustZone partially implemented. The others didn’t. iPhone Dev Team last I heard have made no progress.
Leave a Comment for No TPM on the iPhone, official!