There are some critical details in the user guidance that can make the difference between secure and insecure.
“EAL5/6+” certified SEs mean nothing if they do not follow the proper use guidelines, or they do not integrate the SE in a secure way.
If you are wondering which HWWs: all of them.
Too many HWWs claim “EAL6+ certified secure element” when they do not comply with the requirements for the secure usage of the chip.
Without complying with the user guidance (which requires NDA), the Common Criteria certification of the SE can’t be considered valid and the used setup may not be secure at all.
View quoted note →