The Qualcomm Snapdragon 855’s Secure Processing Unit receives EAL4+ certification

-

When Qualcomm announced the Snapdragon 845 back in December of 2017, the company touted the SoC’s new Secure Processing Unit (SPU). The SPU is an on-die secure element to protect biometric profiles, payment information, and SIM data. Qualcomm’s latest flagship SoC, the Snapdragon 855, also has the SPU, but over 6 months later Qualcomm is announcing that the SPU has received EAL4+ certification. That means every device equipped with Qualcomm’s latest chipset, even currently available smartphones like the ASUS ZenFone 6, the OnePlus 7 Pro, the U.S. Samsung Galaxy S10, and the Xiaomi Mi 9, will be capable of new functionality even though they lack discrete security modules.

The Common Criteria and Evaluation Assurance Level

The Common Criteria for Information Technology Security Evaluation, commonly abbreviated as CC, provides the standards for evaluating the security of products. CC’s Evaluation Assurance Level (EAL) is a certification that products can receive to provide a meaningful assurance that those products meet a minimum level of security. A higher EAL means a product has received a higher level of scrutiny and is suitable for more secure transactions. Although the EAL goes up to 7, level 4 is “the highest level at which it is likely to be economically feasible to retrofit to an existing product line,” and it’s also the level that most smart cards and embedded secure elements are certified for. Qualcomm says that, by achieving EAL4+ security certification, the Snapdragon 855 is “the first mobile SoC…to attain smart card levels of security assurance.” The SPU was evaluated by an independent authority: Germany’s Federal Office for Information Security (in German, the Bundesamt für Sicherheit in der Informationstechnik, or BSI).

EAL4+ Certification and the Snapdragon 855

There are two reasons why the Secure Processing Unit achieving EAL4+ certification is important: reduced Bill of Materials for OEMs and the opportunity for new functionality in the future. In the former case, OEMs purchasing the Snapdragon 855 can save money by not having to integrate a separate secure element, such as in the case of Google with the Pixel 3’s Titan M. Since the SPU is now EAL4+ certified, OEMs can rest assured that the SoC is secure enough to be used for sensitive transactions such as storing digital driver’s licenses in Android R. Furthermore, since the SPU is on-die, that means it’s manufactured with the same TSMC’s 7nm process technology, providing the SPU a small power efficiency advantage over other discrete security modules.

With EAL4+ certification, the Snapdragon 855’s SPU can be used for additional secure transactions down the road. Currently, the SPU is involved in hardware-backed key attestation for the Android StrongBox Keymaster and Gatekeeper subsystem. Introduced in Android 9 Pie, the StrongBox Keymaster implementation allows for secure transactions such as authenticating the administration of Insulin through an Insulin pump. At Mobile World Congress Shanghai, Qualcomm will demonstrate an integrated SIM (iSIM) in conjunction with digital security company Gemalto. The iSIM will be integrated into the Qualcomm Snapdragon 855 SoC, and it can handle switching between multiple virtual SIM profiles.

In the future, we may see use cases such as “offline payment[s], trusted platform module (TPM) functions, transit, electronic ID, and crypto wallets.” Storing cryptocurrency wallets is a feature we’ve seen on the Samsung Galaxy S10 and HTC’s blockchain phones, but that capability will be possible for more devices thanks to the SPU’s EAL4+ certification. Electronic ID support is something that Google is actively working on for the next version of Android, and the Qualcomm Snapdragon 855’s SPU should meet the requirements of this API to securely store electronic IDs.

A sample image of a digital driver’s license accessed through the LA Wallet app. Source: Envoc

I asked Qualcomm about support for the IdentityCredential API, specifically whether the SPU will enable support for the “direct access” mode that will allow users to pull up electronic IDs without fully booting up Android, and received the following statement from a Qualcomm spokesperson:

“We do not currently support this API on SPU in Snapdragon 855, but are looking into supporting it in the future.”

Thus, today’s announcement is just a preview of what’s to come. EAL4+ certification is just assurance that the hardware is secure against a number of potential attacks and vulnerabilities. What OEMs, Google, and developers do with this assurance is up to them. Hopefully, we’ll see this secure hardware get taken advantage of for new use cases that we haven’t yet seen on the market. There are many medical and financial services that could benefit, but it’ll take time for these sectors to get on board.

The post The Qualcomm Snapdragon 855’s Secure Processing Unit receives EAL4+ certification appeared first on xda-developers.



Comments

Post a Comment

Popular posts from this blog

Honor 20 Pro is Now Available in 14 Countries

-
Image
The Honor 20 was off to a really rocky start with the controversial U.S.A. ban on HUAWEI. While the future of the phone was initially unclear, the planned launch of the phone is now in full swing. As this phone’s complicated launch slowly starts to be available around the world, here are all the places where you can get an Honor 20 Pro.   Country Availability Date Selling Channel Russia 2019/8/2 DNS . MTS, GB 2019/8/1 Amazon.uk , CPW , o2, H3G France 2019/8/22 Amazon, Boulanger, Cdiscount, Darty, FREE, Fnac. Orange, SFR. Offline [HONOR Shop Paris & Lyon] German 2019/7/21 MSD, 1&1 mobile, Amazon , Mediamarket/ phonehouse Netherlands 2019/7/31 bol.com , Belsimpel Czechia 2019/8/15 Alza Finland 2019/8/13 ELsia DNa Poland 2019/8/8 RTV EURO AGD , X-Kom Malaysia 2019/8/15 HiHonor , Shopee . Offline [all HONOR stores in Malaysia] Saudi Arabia 2019/7/31 Pre-sell 2019/8/6 First day sale HiHonor Egypt 2019/7/29 Pre-sell
Read more

Behind Dynamic System Updates in Android Q: How Google is using Project Treble to improve future Android releases

-
Image
Alongside the release of Android 8.0 Oreo, Google unveiled Project Treble : a major rearchitecting in the way the Android OS framework and the vendor HALs and Linux kernel communicate. Treble is a major initiative designed to reduce Android platform version and security patch fragmentation , and all Android-branded devices launching with Android Pie are required to support Project Treble. OEMs and vendors test Treble compatibility by booting a Generic System Image (GSI)—a pure stock build of Android from AOSP—and passing the Vendor Test Suite (VTS) and Compatibility Test Suite-on-Generic System Image (CTS-on-GSI). The GSI has proven useful in not only allowing software engineers working for OEMs test Treble compatibility, but it has also opened the door for a large custom ROM community on XDA. For the Android Q release, Google wants to make GSIs useful for another group: app developers. Since the first stable release and source code drop of any given Android platform release usual
Read more

OnePlus 8T goes on sale in the US

-
Image
The OnePlus 8T announced last week is now available for purchase in the US through OnePlus' online store with two color options - Lunar Silver and Aquamarine Green. It's priced at $749 and comes with 12GB RAM and 256GB storage. There's also an 8T+ 5G for T-Mobile priced the same, which comes with an IP68 rating while sharing the rest of the specs with the regular 8T. The OnePlus 8T is built around a 6.55" FullHD+ 120Hz Always-on AMOLED display that has a fingerprint reader underneath for biometric authentication. It's powered by the Snapdragon 865 SoC and runs Android 11-based OxygenOS 11...
Read more