Hi Tobie, all
Specifically, I think it's confusing where the following elements fall:
-
vTPMs; do these fall under the same category of TPMs? I would assume not, because that definition explicitly mentiones "hardware components". What about vTPMs that are middleware layers on top of hardware TPMs?
-
Hardware components that provide TEE functionality: Do these fall under "secure elements"? They are (at minimum) used for very similar functionality as TPMs, and protect data. But they're not explicitly mentioned, and they could
also just fall under "Microprocessors with security-related functionalities". My intuition is that these should fall into the same category as TPMs, because they're also tamper-resistant microprocessors that protect data and keys. Not just general security
components.
-
Hardware hypervisors: do these fall under hypervisors or under "Microprocessors with security-related functionalities"?
In my opinion, the most confusing part is the category of "secure elements", because this seems to be an afterthought in the larger category of "smartcards", even though it explicitly mentions TPMs, which are very unlike smartcards. Smartcards are tamper-resistant
devices while TPMs are tamper-resistant components of larger devices.
Merlijn Sebrechts, PhD
Senior researcher
IDLab, Ghent University, in collaboration with imec
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> on behalf of Tobie Langel via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Sent: Monday, 24 March 2025 13:59
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Tobie Langel <tobie@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Draft Technical Descriptions
Hi all,
I do want to remind people that the window for input is closing quickly and I'm not seeing any uptake on providing comments or proposed changes. Does this mean people are globally satisfied with the proposed definitions?
If not, please consider providing some input quickly and if you're struggling on how to do this, please let me know asap.
Thanks,
--tobie
Hi all,
Quick Follow-up on providing input to the technical description of important and critical product categories.
Looking forward to your input.
Thanks,
--tobie
Thanks for sharing, Steffen.
We'll be addressing this during Monday's SIG meeting.
Thoughts welcome,
--tobie
Hi all,
as you might have seen already, the Draft Technical Descriptions have been published on the EC website.
Time until April 10th for comments.
The Expert Group CRA of the will then be in charge, together with the Commission, to improve the definitions based on the comments received.
Best Regards,
Steffen Zimmermann
Industrial Security @ VDMA
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://accounts.eclipse.org
|