Resources / Technical articles / GlobalPlatform release the OTrP standard for TEE Management

GlobalPlatform release the OTrP standard for TEE Management

GlobalPlatform has now released a new Trusted Management Framework (TMF) profile for TEEs: the TMF-OTrP profile.

This specification was donated to GlobalPlatform by a consortium, and makes use of X509 and JSON to support OTA management.

While these protocols may make life easier for the servers performing remote management, they aren’t ideal for the TEE goal to be a small secure environment and to be compatible with “Play Store” provisioning. The OTrP protocol inherits the model of Trusted Service Manager (TSM), which is complex and requires an extra third party.

For these reasons, while welcoming GlobalPlatform’s addition of the OTrP profile to the growing set of TMF specs enabling Trusted Applications management in the field, Trustonic will currently continue to focus on the initial GlobalPlatform TMF profile (known as the ASN.1 Profile) and released in 2018, which provides the same management control isolation and does support a simplified OTA model through the download of TAs from Apple and Google’s Apps stores.

The new specification document (“TEE Management Framework: Open Trust Protocol (OTrP) Profile”) can be found here on the GlobalPlatform website.