Conversation

Daniel Micay

@DanielMicay

·

Oct 10, 2018

Titan security chip functionality: https://twitter.com/redpig/status/1049773399420129280… It provides an alternate hardware keystore (instead of TrustZone) and replaces the Android Verified Boot (AVB) state https://android.googlesource.com/platform/external/libese/+/master/apps/boot/… and Weaver (https://android.googlesource.com/platform/external/libese/+/master/apps/weaver/…) applets for the Pixel 2 security chip.

Quote Tweet

Will Drewry

@redpig

·

Oct 9, 2018

Replying to @ThomasBertani

Yup - implements AVB state storage, Weaver HAL, and the new Keymaster Strongbox HAL which is accessed with new flags to Keystore. Strongbox impl have a separate batch key for atteststion too (for differentiation from the TEE impl), also Protected Confirmation test-of-presence

1

6

10

Daniel Micay

@DanielMicay

Weaver was the main use case for the Pixel 2 security chip: hardware-enforced exponentially growing delays for key derivation. It holds random tokens in escrow needed to derive per-profile encryption keys and only provides them when given correct credential-derived auth tokens.

3:30 AM · Oct 10, 2018·Twitter Web Client

2

Likes

Daniel Micay

@DanielMicay

·

Oct 10, 2018

Replying to

@DanielMicay

They could also extend it to provided hardware supported enforcement of the configurable limit on attempts before wiping data, although that wasn't part of the initial implementation for the Pixel 2 security chip. The limit still isn't offered as an option in the stock UI though.