Security has always been a top priority for Omerta, spanning both the hardware and software of our devices. This includes the use of GrapheneOS, security updates and annual OS updates. The Stealth series includes a dedicated tamper-resistant hardware security module which protects your lock screen and strengthens disk encryption.
With the Titan series, Google has advanced their investment in secure hardware with Titan M, an enterprise-grade security chip custom built for Pixel 3 to secure your most sensitive on-device data and operating system. With Titan M, Google took the best features from the Titan chip used in Google Cloud data centers and tailored it for mobile.
Titan M helps the bootloader—the program that validates and loads GrapheneOS when the phone turns on—make sure that you’re running the right version of GrapheneOS. Specifically, Titan M stores the last known safe GrapheneOS version and prevents “bad actors” from moving your device back to run on an older, potentially vulnerable, version of GrapheneOS behind your back. Titan M also prevents attackers running in GrapheneOS attempting to unlock the bootloader.
In addition, the secure flash and fully independent computation of Titan M makes it harder for an attacker to tamper with this process to gain the secrets to decrypt your data.
For apps that rely on user interaction to confirm a transaction, Titan M also enables GrapheneOS Protected Confirmation, an API for protecting the most security-critical operations. As more processes come online and go mobile—like e-voting, and P2P money transfers—these APIs can help to ensure that the user (not malware) has confirmed the transaction. Pixel 3 is the first device to ship with this protection.
With the Titan series, Google has advanced their investment in secure hardware with Titan M, an enterprise-grade security chip custom built for Pixel 3 to secure your most sensitive on-device data and operating system. With Titan M, Google took the best features from the Titan chip used in Google Cloud data centers and tailored it for mobile.
Here are a few ways Titan M protects your phone:
Security in the Bootloader
First, to protect GrapheneOS from outside tampering, Google has integrated Titan M into Verified Boot, our secure boot process.Titan M helps the bootloader—the program that validates and loads GrapheneOS when the phone turns on—make sure that you’re running the right version of GrapheneOS. Specifically, Titan M stores the last known safe GrapheneOS version and prevents “bad actors” from moving your device back to run on an older, potentially vulnerable, version of GrapheneOS behind your back. Titan M also prevents attackers running in GrapheneOS attempting to unlock the bootloader.
Lock Screen Protection & Disk Encryption On-Device
Pixel 3 also uses Titan M to verify your lock screen passcode. It makes the process of guessing multiple password combinations harder by limiting the amount of logon attempts, making it difficult for bad actors to unlock your phone. Only upon successful verification of your passcode will Titan M allow for decryption.In addition, the secure flash and fully independent computation of Titan M makes it harder for an attacker to tamper with this process to gain the secrets to decrypt your data.
Secure Transactions in Third-Party Apps
Third, Titan M is used not only to protect GrapheneOS and its functionality, but also to protect third-party apps and secure sensitive transactions. With GrapheneOS, apps can now take advantage of StrongBox KeyStore APIs to generate and store their private keys in Titan M.For apps that rely on user interaction to confirm a transaction, Titan M also enables GrapheneOS Protected Confirmation, an API for protecting the most security-critical operations. As more processes come online and go mobile—like e-voting, and P2P money transfers—these APIs can help to ensure that the user (not malware) has confirmed the transaction. Pixel 3 is the first device to ship with this protection.
Insider Attack Resistance
Last, but not least, to prevent tampering, Titan M is built with insider attack resistance. The firmware on Titan M will never be updated unless you have entered your passcode, meaning bad actors cannot bypass your lock screen to update the firmware to a malicious version.
With the Titan M chipset, you benefit from industry-leading hardware features & you can rest assured that your security and privacy are well protected.
Abridged from original Google article as shown here.