The mobile platform is instructive because it comes with much stronger trust requirements than the PC. The radio frequency component is subject to substantial regulation: it is not acceptable to allow arbitrary software to change its operating parameters. Airtime is chargeable, and so must be unambiguously linked to the subscriber’s identity. Moreover, the platform is subject to a much more complex pattern of ownership. The market has developed in such a way that end users are often given subsidized phones, either in a hire purchase agreement, or within some other contractual arrangement: the operator retains an interest, then, in the selection of network and services. Finally, mobile phones are far more subject to casual theft than full-sized computers,
and a key to preventing this is seen as having the phone retain a fixed, unchangeable (and hence, blacklistable) identity reported to the network. These platforms, then, have more interested stakeholders than PC platforms, and need to broker multiple trust relationships. From the perspective of the end user, they also wish to run arbitrary applications, in much the same way as a PC platform owner does. In order to allow such patterns of trusted use, the designers of mobile phone platforms are in many ways ahead of the PC platform designs. There are widely adopted products in the market already (such as ARM TrustZone (Alves and Felton, 2004) ) which provide trusted execution environments, whereby the RF and network stack can be strongly partitioned away from user space, and boot known good configurations. There are also specifications for a mobile trusted module (MTM), which draws upon the TPM described above. Using the pre-existing trusted execution environments, it may optionally be implemented entirely in software — though an MTM chip may also emerge.