Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3's security chip

Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor

People in the Googleplex need to talk to each other more: the Chocolate Factory has launched a third product with “Titan” in its name, and it's only related to one of the other two bits of kit.

The latest Titan to be welcomed by a waiting world is Titan M; a custom chip that adds extra security features to Mountain View's Pixel 3 smartphones. This should not be confused with the Titan Security Key, Google's two-factor authentication dongle, but it's related to Titan, a custom security chip used in Google's data centers. Hope that's clear.

When Google revealed the data centre Titan chip last year, the Chocolate Factory said its purpose was to provide a “hardware-verified boot and end-to-end authenticated root of trust” for its servers.

For the Titan M in the latest Pixel smartphones, Google explained on Wednesday, there's that same root of trust, ensuring the device starts up an operating system that hasn't been tampered with by malware or hackers, and is cryptographically signed off by Google. Thus the mobile version of Titan powers the Pixel 3's Verified Boot mechanism, helping the bootloader “make sure that you're running the right version of Android.”

The chip, which uses an Arm Cortex-M3 microprocessor core, also records the last known “safe Android version,” and blocks attackers from trying to downgrade a device to an older and less secure version.

iFixit Pixel 3 XL teardown (credit: iFixit)

Pixel 3 XL reveals innards festooned with glue and... Samsung?

READ MORE

If you do cop a malware infection, Titan M stops the code from trying to unlock the bootloader and alter low-level system stuff, according to Google.

Titan M also handles lock-screen passcode verification on Pixel 3 handsets, enforces login attempt limits, and only lets content be decrypted once the user's passcode is verified. It seems very similar to Apple's secure coprocessor in its iPhones. Arm also provides blueprints for installing roots of trust in system-on-chips.

The Titan M's “secure flash and fully independent computation” harden the phone against attackers seeking to forcibly decrypt data stored on the handheld, we're told. The chip is physically removed from the main processor cores, reducing the risk of data being siphoned off from side channels.

Third-party apps get better security for sensitive transactions by using the customized hardware, Google said: thanks to Android 9's StrongBox KeyStore APIs, Titan M can store users' private keys, and the Protected Confirmation API can “help to ensure that the user (not malware)” has confirmed a transaction.

Finally, the chip's own firmware is protected with the user's passcode – without a valid code, the firmware cannot be updated. That way, even if someone discovers a lock screen bypass (something even iPhones sometimes fall prey to), they can't then install malicious firmware on the Titan M, in theory. The firmware source code will also be made available publicly soon for people to inspect.

"While Google holds the root keys necessary to sign Titan M firmware, it will be possible to reproduce binary builds based on the public source for the purpose of binary transparency," Google insisted. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like