Titan M mitigates Meltdown attacks on Pixel 3, supports 2FA with side buttons

At last week's 10/9 event, the company cited security as one of the three tentpole experiences it offers customers. Google has achieved this with its range of custom Titan security chips. After detailing the benefits of the Titan M on the Pixel 3 this morning, Google today released an in-depth technical analysis of the chip.

The second-generation, low-power security model is designed and manufactured by Google. At the supply chain level, the company has invested in a personalized provisioning process to ensure "transparency and control from the earliest stages of silicon".

This transparency means that Google knows "what's in it, how it's done, how it works, and who can make changes to it." To go further, the Titan M firmware source code will soon be available publicly.

Although Google holds the root keys necessary to sign the Titan M firmware, it will be possible to reproduce binary versions based on the public source for purposes of binary transparency.

As the chip is physically isolated from the rest of the phone, it will be immune to channel attacks like Specter and Meltdown, which devastated the tech sector earlier this year.

The processor, caches, memory and persistent storage of Titan M are not shared with the rest of the phone system. Therefore, such secondary channel attacks, which rely on subtle and unplanned interactions between the internal circuits of the same component, are almost impossible.

Google has also provided a high-level diagram of the ARM Cortex-M3 microprocessor. For comparison, the full Titan chip found in Google's data centers is to the left of the cover image, next to the Titan M of Pixel 3.

Google notes that it has a basis for future "high assurance" functionality that it plans to develop, such as medical device control, P2P payments, and two-factor authentication. . The latter is authorized by Titan M with direct electrical connections to the side buttons of Pixel 3, which third-party applications can access for U2F authentication.

Check out 9to5Google on YouTube for more information: