back to article Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3's security chip

People in the Googleplex need to talk to each other more: the Chocolate Factory has launched a third product with “Titan” in its name, and it's only related to one of the other two bits of kit. The latest Titan to be welcomed by a waiting world is Titan M; a custom chip that adds extra security features to Mountain View's …

  1. Anonymous Coward
    Anonymous Coward

    One Secure Boot to bring them all

    and in the darkness bind them.

    1. The Man Who Fell To Earth Silver badge
      WTF?

      Re: One Secure Boot to bring them all

      So does this mean there can never be a LineageOS for this phone?

      1. leexgx

        Re: One Secure Boot to bring them all

        more than likely you lose the secure enclave when you root/bootloader unlock the phone (official bootloader unlock) so no hardware security (no NFC payments or hardware backed screen lock)

  2. Giovani Tapini
    Mushroom

    And in other news

    Google admitted today that there had been a Titan-ic blunder when they discovered the keys to Titan missile launch codes while pen-testing mobile products.

    An anonymous, but senior source said "We take the security of the planet very seriously. I will be er, launching, an investigation into how project code names are generated as soon as possible"

    1. Robert Helpmann??
      Joke

      Re: And in other news

      Google admitted today that there had been a Titan-ic blunder when they discovered the keys to Titan missile launch codes...

      Upon re-inspection, the team found that the codes were actually to an unannounced project called Titan AE.

  3. nagyeger

    No lineage?

    Given the last paragraph, does this mean we can or can't install something like lineageOS on

    a phone containing one of these chips?

    1. Dave 126 Silver badge

      Re: No lineage?

      Why bother? I'm not sure the Pixel hardware appeals to the Lineage OS crowd. Pixels main selling points are the camera software and co-processor to accelerate it, plus some extra Googley launcher. No SD card, no headphone socket. The screen is on Pixel 3 is superb*, but practically no better than the latest Samsungs - which are a more common target for alternative Android versions.

      *In lab tests, the Note 9 had the best display crown, then the latest iPhone XS, now the latest Pixel. All panels made by Samsung (though Apple use their own display driver silicon)

      1. WonkoTheSane
        Headmaster

        Re: No lineage?

        "The screen is on Pixel 3 is superb*, but practically no better than the latest Samsungs"

        The IFixit guys tore a Pixel 3XL down to find that the screen IS from Samsung.

        They also say that the standard Pixel 3 uses an LG display.

        1. A.P. Veening Silver badge

          LG Display

          Life is Good ;)

          1. Dave 126 Silver badge

            Re: LG Display

            LG's OLED televisions are excellent, but their OLED phone panels have had issues. Samsung's phone panels are excellent, but they're a bit naughty for badging their quantum dot LED televisions 'QLED'.

        2. Dave 126 Silver badge

          Re: No lineage?

          Yeah, I meant the Samsung phones. Each new phone released recently with a Samsung panel, be it Samsung, Apple or Pixel phone, has a slightly better screen - according to DisplayMate - than the last. One would expect the next Samsung flagship to regain the crown and the cycle repeat.

          However, the differences aren't that big, and one may be a tad brighter and one may have ever so slightly better colour accuracy.

          Apple use their own 10bit colour display adapter on the iPhobe XS that consumes enough power that even when displaying a black image the OLED panel's efficiency advantage over LED is lost.

    2. Christian Berger

      Re: No lineage?

      "Given the last paragraph, does this mean we can or can't install something like lineageOS on"

      The main reason for all the "security features" in the smartphone world is to secure busines models.

      If "lineageOS" threatens a busines model in any way (which it likely does) there is a motive to prevent it from booting.

  4. IJD

    Nobody's pointed out yet that it's an integrated circuit, so Titan IC... ;-)

  5. Anonymous Coward
    Anonymous Coward

    Android already has secure boot trust chain

    where the each step of the boot verifies the next step, and any change to anything on the system partition changes the root signature. How is this any different? (except it's done in hardware?)

    https://source.android.com/security/verifiedboot/dm-verity

    "The dm-verity feature lets you look at a block device, the underlying storage layer of the file system, and determine if it matches its expected configuration. It does this using a cryptographic hash tree. For every block (typically 4k), there is a SHA256 hash.

    Because the hash values are stored in a tree of pages, only the top-level "root" hash must be trusted to verify the rest of the tree. The ability to modify any of the blocks would be equivalent to breaking the cryptographic hash."

  6. Gene Cash Silver badge

    > Titan M stops the code from trying to unlock the bootloader

    So no unlocking the bootloader to root the phone? That'd be worse than Apple.

  7. JohnFen

    This convinces me

    If it's true (as it sounds like it is) that this prevents the owners of these phones from replacing the ROM or performing other system-level tinkering, then I am now convinced that Google is entirely uninterested in addressing any smartphone market except for the "stupid but rich" demographic.

    ...I actually consider that a good thing.

  8. Voland's right hand Silver badge

    I beg to differ

    also records the last known “safe Android version,” and blocks attackers from trying to downgrade a device to an older and less secure version.

    Google opinion of last safe may not equate to mine and I may want to downgrade to deal with regressions or them outright crippling the device deliberately so it is no longer usable. An example here would be they way they broke the original Nexus 7 upgrading from Android 4.x to 5. They broke a perfectly viable (by those days standards) device and refused to admit to it for half a year.

    The few survivors of that upgrade had to "assemble" a viable bootloader + OS load from the older images floating online. I remember spending half an afternoon extracting images pulling the bootloader out of them and flashing different combinations.

    No thanks.

  9. Anonymous Coward
    Anonymous Coward

    It's only called Titan....

    ......since "brown cravat" was too obvious

  10. asciilifeform

    This chip is already in certain 2017 consumer devices

    Appears to be the same chip as found in certain 2017 Chromebooks (e.g. Asus C101PA). Some reversing work re the "H1" (aka "Cr50") device is described on my WWW: http://www.loper-os.org/?p=2433 .

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like