Google promised to open source Citadel, the firmware for the Pixel’s Titan M security chip, 2 years ago. Doing some light RE, it’s likely the code is a branch of Chromium EC project. Has modules for AVB, privkey storage/crypto, OEM un/locking. Confused why they haven’t yet?
Conversation
IANAL; but could there be other parties involved that forbid exposing the source? I know in the jailbreak scene certain binaries would never be opensourced due to licensing issues, so maybe something similar happened here?
1
Then why promise to open source? Iirc they again said they were “working on” getting it open sourced after a serious flaw in the crypto implementation was reported early this year. Nothing yet tho 🤷🏻♀️
2
1
Could have been a misunderstanding from people who didn't realize opentitan.org is a distinct project that will at most be the basis for a future iteration of it. I don't really think it was a misunderstanding though. Pixel 2 security chip applet sources are in AOSP...
2
2
Where? The only thing I’ve seen is the source for the services that communicate to citald via vndbinder. Then requests to the applets are sent via spi driver in the Linux kernel. The sources for the applets running on the chip itself wouldn’t be in AOSP?
1
I'm talking about the earlier generation Pixel 2 security chip before the Titan M. android.googlesource.com/platform/exter are the sources for Weaver which is all they ended up providing in production on that generation. android.googlesource.com/platform/exter didn't actually end up being used in production.
Pixel 2 security chip was a standard NXP Java smart card. Pixel 3 moved to a custom security chip which also provides the Weaver functionality, a production version of the verified boot / lock state enforcement and all the other functionality. Can see Pixel 2 applets were open.
1
I think the intention was that other OEMs would take the open source applets and deploy them via a comparable off-the-shelf security chip. Pixel 3 replaced it and greatly expanded the functionality and it's odd they haven't followed through with publishing it like these applets.
1
Show replies
Right. But we have analogous source for Weaver, Keymaster, and OEMLock for Pixels with Titan M in AOSP already. You linked the code that constructs and send requests to the secure applets. What I’m interested in is the firmware code that fulfills the requests
1
The code in the card directories that I linked are the applets that run on the security chip. I don't think it's published anywhere for the Titan M but you can look at the Pixel 2 implementation of Weaver and the verified boot / lock state enforcement applet which wasn't shipped.
2
1
Show replies