Google promised to open source Citadel, the firmware for the Pixel’s Titan M security chip, 2 years ago. Doing some light RE, it’s likely the code is a branch of Chromium EC project. Has modules for AVB, privkey storage/crypto, OEM un/locking. Confused why they haven’t yet?
Conversation
IANAL; but could there be other parties involved that forbid exposing the source? I know in the jailbreak scene certain binaries would never be opensourced due to licensing issues, so maybe something similar happened here?
1
Then why promise to open source? Iirc they again said they were “working on” getting it open sourced after a serious flaw in the crypto implementation was reported early this year. Nothing yet tho 🤷🏻♀️
2
1
Could have been a misunderstanding from people who didn't realize opentitan.org is a distinct project that will at most be the basis for a future iteration of it. I don't really think it was a misunderstanding though. Pixel 2 security chip applet sources are in AOSP...
2
2
Where? The only thing I’ve seen is the source for the services that communicate to citald via vndbinder. Then requests to the applets are sent via spi driver in the Linux kernel. The sources for the applets running on the chip itself wouldn’t be in AOSP?
1
I'm talking about the earlier generation Pixel 2 security chip before the Titan M. android.googlesource.com/platform/exter are the sources for Weaver which is all they ended up providing in production on that generation. android.googlesource.com/platform/exter didn't actually end up being used in production.
2
Right. But we have analogous source for Weaver, Keymaster, and OEMLock for Pixels with Titan M in AOSP already. You linked the code that constructs and send requests to the secure applets. What I’m interested in is the firmware code that fulfills the requests
1
The code in the card directories that I linked are the applets that run on the security chip. I don't think it's published anywhere for the Titan M but you can look at the Pixel 2 implementation of Weaver and the verified boot / lock state enforcement applet which wasn't shipped.
The verified boot / lock state applet wasn't finished for the Pixel 2 and they shipped an implementation with enforcement solely done via the SoC using the RPMB. Weaver and insider attack protection (to enhance Weaver) were the only features actually shipped for the Pixel 2.
1
1
I don't think works on it anymore so other than seeing if knows the right person to ask about this, I don't really know who to contact about it. Unfortunately, our communication with the AOSP/Android and Pixel people faded away due to struggles on our end...
1
1
Show replies
I see now. I didn’t know it was implemented this way for Pixel 2. Interesting