My new blog -- Microsoft is collaborating with AMD, Intel, and Qualcomm to bring the Microsoft Pluton security processor to all future Windows PCs
Conversation
Snapdragon provides an on-die secure element these days too: Qualcomm SPU. Compared to the Titan M, I think it's missing a secure timer (for Weaver) and likely also support for insider attack protection (requiring owner account login to upgrade firmware without wiping first).
2
2
For Qualcomm devices, I'd guess that what they would be doing is making TPM firmware for the SPU, similar to how Qualcomm has firmware providing StrongBox and other APIs used by Android. I would be nice if they added those 2 missing features that the Titan M provides though.
1
1
Weaver is part of the disk encryption implementation. Each user profile uses a weaver slot. OS derives a token from the lock method, sends it to the security chip (Titan M on Pixels) and receives back a token needed for key encryption key derivation alongside lock method, etc.
1
That's where the secure timer fits into it: it provides exponentially increasing throttling for decryption attempts.
Owner profile also uses a separate API to authenticate with the security chip which needs to happen before it will accept a firmware upgrade without wiping first.
1
Most of what the Titan M provides is the StrongBox keymaster implementation which is an HSM implementation of Android's traditional keystore API. Qualcomm SPU has a full implementation of that too. Apps simply need to use supported algorithms and call setIsStrongBoxBacked(true).
1
StrongBox is essentially a better version of a YubiKey including basic U2F-style physical confirmation. Key attestation (main API used by attestation.app/about) is part of the keystore API. Rest of Titan M API is trivial: data storage for lock state, verified boot key, etc.
We're interested in making hardware for GrapheneOS in partnership with a company (to be determined). Not having Weaver and insider attack protection via the SPU would be a major regression. If a user profile has a weak PIN, Weaver is what protects it even with a compromised OS.
1
TPM 2 API seems to require a timer to implement a delay so perhaps there will be more incentive for Qualcomm to implement it. Maybe they already have it and just didn't implement Weaver, but it's such a simple API that it wouldn't really make much sense if it was supported.