Google promised to open source Citadel, the firmware for the Pixel’s Titan M security chip, 2 years ago. Doing some light RE, it’s likely the code is a branch of Chromium EC project. Has modules for AVB, privkey storage/crypto, OEM un/locking. Confused why they haven’t yet?
Conversation
IANAL; but could there be other parties involved that forbid exposing the source? I know in the jailbreak scene certain binaries would never be opensourced due to licensing issues, so maybe something similar happened here?
1
Then why promise to open source? Iirc they again said they were “working on” getting it open sourced after a serious flaw in the crypto implementation was reported early this year. Nothing yet tho 🤷🏻♀️
2
1
Could have been a misunderstanding from people who didn't realize opentitan.org is a distinct project that will at most be the basis for a future iteration of it. I don't really think it was a misunderstanding though. Pixel 2 security chip applet sources are in AOSP...
2
2
I don't understand the delay and they haven't explained what's going on with it. BTW, I wouldn't describe the bug I think you're talking about as a serious flaw. It's clearly the VM aborting and returning a sentinel value. You can see that it's a standard hard-wired sentinel.
2
2
The post made it seem like a serious cryptographic flaw but what really happened is they used a set of options that wasn't properly supported and the VM aborted and returned an error which wasn't properly passed along. It's wrong and needed fixing but doubt that it's exploitable.
1
1
The post made it seem like it could be leaking data or something like that based on it being an invalid result but if you actually look closely, it's clear that it's not doing that. It's one of the common sentinel patterns programmers use like 0xdeadbeef (can't remember which).