I still find it so hard to believe, that there is “really nothing worse than open source TEE solution”?
Why not? Your arguments make zero sense to me. We are not talking about Sony.
Of course you can keep the tin foil hats on, and think all security in the phone is bad. But can’t we consumers make that choice ourselves? If I can see the TEE kernel code on say this new upcoming Jolla phone, I’d be able to make the decision by myself if its good or not, and make apps with proper attributions. You can still opt out.
You say you want a ‘secure store’. TEE is not that, it’s baked in hardware, you do not store anything in it. Mastercard, Sony, Google store keys in it.
You say you want European auditing. TEE (and TPM) are all governed by Americans, so good luck.
I went to each of the web sites of the bodies that govern the specifications. In each case, the funding and management of, even the ‘open foundations’ are not just sponsored but run by American companies. I’ve linked GlobalPlatform above and already talked about this.
I don’t think this is a discussion in good faith. I have actual experience with signing code and even advocate for it for distribution of Sailfish software. But the industry controlled TPM/TEE stuff is a backdoor and a lever in the wrong hands.
If the ‘lowest common denominator’ rules, then I wouldn’t be here in the first place. I’m going to ignore this thread until someone with actual knowledge responds with substantive contributions.
You’re right - not only you ain’t “getting it”, but actively DO refuse to comprehend the obvious logic behind:
It has been said - Sailfish and Jolla are not just an ordinary piece of hard and soft. They’re breath of fresh air, apart from all those mainstream pocket spy-tracking devices with a phone app on 'em installed.
But here you come expecting exactly that - a mainstream tech done by Google & Co on a system, where you’re ment to enjoy the lack of it!