Can anyone explain why eSIM was the stopgap solution and we didn't go straight from physical SIM to iSIM? What special requirements does a SIM card have that it was easier to put it on a seperate chip? Now that we've moved to iSIM, does this remove the artificial limitation on the number of SIMs a phone can support? Can I buy a phone in 2030 and load it up with 50 different PAYG SIM cards?
SIMs are smartcards - separate systems storing cryptographic material and performing trusted operations. A TPM that can be plugged and unplugged, basically, using the same standards as a chip-and-pin credit card.
Equivalent keystores haven't been available built in to cell phones until the last few years.
TrustZone and Secure Element have been available for quite some time now. I think this problem is more because carriers/users don't want to give up control to software companies than it's about lacking hardware.
What apple calls Secure Element is a separate chip that essentially is an eSIM with NFC interface (or in other words, smart card MCU with larger memory and more IO). Apple's implementation of what TrustZone is supposed to solve is called Secure Enclave and also involves separate CPU core (inside the application SoC) that is isolated from the application cores by how the hierarchy of various buses on the chip is structured.
I assume that there are two reasons why it is done this way instead of software/weird-CPU-state solutions (like TrustZone): this construction is easier to reason about and at least in the Secure Element case easier to certify to the requirements of card issuers (as it is essentially standard off-the-shelf secure MCU).
I agree that a separate secure chip is a superior option to TrustZone. However, if TrustZone is good enough for authorising bank transfers, it's also good enough for me.
Security chips have also had their vulnerabilities over the years, through power injection attacks or similar, that allow cloning just like bypassing the security of TrustZone would. The attack may be harder to pull off, but nothing is unhackable.
TrustZone is iffy security-wise, and built-in SEs have only been available for iPhones and the highest-end quarter or so of Android phones until recently.
TrustZone is a technology building block, not a complete implementation. You couldn't simply run a SIM on TrustZone, but you probably can use it to implement an eSIM execution environment, which seems to be what Qualcomm is actually doing here.
With the continued development of specex attacks, having those features in a separate domain reduces the attack surface some, compared to sharing a core with attacker controlled code.
As I understand, the SIM is designed by special trusted companies, with special security requirements. It's easier to meet those requirements when the SIM is a separate chip that the company making them have full control over.
When you integrate it in the SoC, some of those requirements (tamper protection) will apply to the whole SoC, and you have to integrate the SIM module on the SoC without the company designing it, or the company manufacturing it, having the ability to compromise its security.
I'm guessing it has just taken time hash out the procedure for integrating the iSIM.
You don't need the tamper protections to apply to the whole SoC, you just need the trusted element (TPM, SE, whatever you call it) to be physically isolated from the rest of the system and include tamper protections.
Well the first eSIM devices where smartwatches(Gear S2) and they used the lower powered SOC and the core design was from previously used smartphone SOC. Physical SIM cards where hard to package into a smartwatch, hence the introduction of eSIM. Also smartwatches have much lower profit margin, hence the reason they use older process node and no one wanted spend money on integrating it into SOC when they can use an older smartphone SOC design.
My guess is that the French SIM companies put all kind of artificial limitations on esim so they could keep their marketshare and continue earning money on licensing and patents
It's not only french companies producing them and the entities who are involved in pushing SIM replacements aren't as interested in mundane things such as marketshare, money etc. as you might think.
We are discussing two completely different issues :)
If you ever worked in telecom, you know for the fact that the SIM companies have sabotaged and vetoed every attempt to get a sane eSIM or SIM-free standard.
And nothing against the French :) , it just happens that the two largest and most agreesive companies in this area have French connections (Thales and Gemalto)
>If you ever worked in telecom, you know for the fact that the SIM companies have sabotaged and vetoed every attempt to get a sane eSIM or SIM-free standard.
Care to link me to any credible/juicy article where I can actually read on this?
No denial from my side there, but regarding the other point: what else do those two have in common with each other ?
Sometimes things really are what they look like.
