What does the titan M do that a TPM doesn’t? Not a lot of docs available
Conversation
Replying to
It provides the implementation of the StrongBox keystore (i.e. an HSM). It probably also replaces the Pixel 2 security chip which was for these applets:
* android.googlesource.com/platform/exter
* android.googlesource.com/platform/exter
Weaver performs a form of key escrow where random tokens are stored there for each credential derived authentication token and only provided to the OS if it provides the correct authentication token. That's used to implement exponentially increasing throttling on key derivation.
1
Replying to
TrustZone supports arbitrary code so it doesn't really provide anything that can't be done with TrustZone, but it does many things that aren't possible with a TPM. The reason for moving away from TrustZone is that the implementation has massive attack surface and other issues.
1
Show replies
Is it already implemented in Pixel 2 or it is planned to be implemented?
1
It was one of the launch features and was even used in their marketing at a high level. I mentioned it when the Pixel 2 was launched and followed up with in-depth details based on the published source code and further research / testing once I got the actual hardware.
1
Show replies