freenode

Query

Channels

All channels

#grapheneos

Specific Channels

#access-news #ananumut #ansible-lockdown #aomedia #aospalliance #archlinux-cn #archlinux-cn-offtopic #asl-br #athallin #ays #blockcity #blohsh #bluespec #btpd #bugzilla #cafe-racer #calyxos #carbslinux #celery #ckmp #columbus-elixir #coronavirus-updates #crux #crux-devel #danctnix-porting #darcs #datrs #dav1d #debian-malaysia #devuan-br #domogik #egyptgeeks #ember-csi #etm #exahype #fedora-coreos #fedora-riscv #firefox #firefox.de #foot-terminal #fosdem19newerlangs #fuchsia #ganesha #genode #geokrety #gitlab #glpxrp #gnl #go-nuts #gobolinux #godotengine-devel #grapheneos #graylog #gyore-net.one #hackerspace-krk #haiku #hammerspoon #hpy #html5 #idk-development-kit #illumos #indico #indieweb #indieweb-dev #indieweb-wordpress #ipfs-events #itext #janitor #jenkins #kaniyam #keyboardio #kirc #kisslinux #kitesafe.de #linuxgurukulam #lkv373a #maemo-leste #mew #microformats #monero-pools #mozilla-uk #nentra #node.js #nogalliance #nomad-browser #obarun #octoprint #oggcamp2020 #oi-dev #omnios #opencog #openindiana #openlp #openmrs #opennebula #openocd #openscad #optimization_engine #osdev #ostc #otto #ozgurkon #ozgurkon-tartisma #palemoon #pipewire #popeyes #pulseaudio #py4web #quantumznc #realm.one #reflex-frp #riscv #ritmo-latinos #rocket #rocstreaming #ros #rust-embedded #salt #salt-image-builder #saltstack-formulas #scs.community #seamonkey #secdim #selenium #serenityos #sinsajo #sivntestrun #smartos #smoke #srain #stripe #surgesynth #svt #tamilirc #tangerine-testnet #tc39 #tc39-delegates #tc39-editor-group #tr-linux #trainsplorer #twisted-dev #ubuntu-indonesia #ubuntu_unity #whatwg #xentaoslinux #zapps-wizards #zeronet #zettelkasten #zool-corp

When

All Time

Recently

Specific Range

Between

and

Who

Exclude Bots

Using

Natural Language

Exact Match (Slower)

• #grapheneos
• 18:57
  Guest989
  How has the project addressed the closed source nature of the titan M chip microcode in the pixels? Is there any way to verify the integrity or ensure nothing malicious (ie google) is occurring that we don't want on that front? I'll fully admit I don't understand that deep into things, it was juts something I've seen thrown around and unsure if FUD
• 19:00
  strcat[m]
  Guest989: the Titan M is not in control of the device

• #grapheneos
• 07:11
  strcat
  due to Titan M, Pixel 3 / 3a did get secure element improvements, although newer generations probably have better physical anti-tampering

• #grapheneos
• 22:15
  MrJack
  lock screen and encryption, and some consider it to be a backdoor.  According to what i've read from you elsewhere, pixels have switched to using titan m, so this is aspect is no longer an issue then if I understand correctly?  Any good sources to reference for these things?

• #grapheneos
• 00:01
  duck[m]
  how does the security of arm trustzone compare to titan m
• 00:02
  TheJollyRoger
  duck[m]: the Titan M is a different chip entirely, it's physically separated and it's specifically designed to isolate against things like timing attacks or side-channels.
• 00:03
  TheJollyRoger
  The Titan M was designed for mobile phones specifically.

• #grapheneos
• 12:32
  somenerd[m]
  since Titan M already provides protection

• #grapheneos
• 01:45
  TheJollyRoger
  So even if your pin code is short (provided it's not easily guessable), the secret contained in the Titan M security chip should be able to bolster the length of a short pin.
• 01:46
  TheJollyRoger
  The Titan M contains its own timer that doesn't respond to the host clock, so it can enforce this timeout.

• #grapheneos
• 22:00
  TheJollyRoger
  Last I had heard, Google put up a $1 million bet: if you can get a full chain remote code execution exploit with persistence on the Titan M and produce a working proof of concept, the money's yours.

• #grapheneos
• 17:01
  came2complain[m]
  that's the plan. I intend to copy the hw ingredients of the pixel 3a 1 to 1 - but I am sure I can't use the Titan M so I wonder if it can be replaced with a tpm from STM
• 17:09
  came2complain[m]
  I assume the Titan-M can't be purchased from google to be used in non-google products?
• 17:57
  strcat[m]
  if you take the Titan M from one Pixel and swap it with another you bricked it if the batch keys are different

• #grapheneos
• 19:14
  jonmonty[m]
  <strcat[m] "even if it was supported, it doe"> Is that partially because it's lacks the Titan M chip?

• #grapheneos
• 22:11
  anupritaisno1[m]
  The only way to wipe it would be to probably send a wipe request to the titan m while the system is running

• #grapheneos
• 07:48
  jalb
  Hello, can anyone confirm if this breaks the Titan M security?: ninjalab.io/a-side-journey-to-titan
• 07:49
  take_a_deep_brea
  <jalb "Hello, can anyone confirm if thi"> titan secure keys are not closely related to titan m chip
• 07:55
  heri[m]
  <take_a_deep_brea "jalb: i am no expert. but the t"> Titan M is explicitly hardened against such side-channel attacks as the one linked
• 07:59
  Ramp23
  So the article on titan m is lies ?
• 08:00
  somenerd[m]
  > So the article on titan m is lies ?
• 08:00
  somenerd[m]
  > titan secure keys are not closely related to titan m chip
• 08:00
  somenerd[m]
  take_a_deep_breath said that the article wasn't about Titan M
• 08:03
  take_a_deep_brea
  its not a lie. and has got nothing to do with the Titan M housed in a pixel
• 08:08
  strcat[m]
  nothing to do with the Titan M

• #grapheneos
• 00:30
  FuchsiaOS_when
  > highly doubt the malicious firmware would get very far with the Titan M chip and verified boot
• 00:30
  FuchsiaOS_when
  Titan M doesn't detect fake hardware components
• 01:32
  jonmonty[m]
  tytydestroi my bad I completely missed the fact that you asked specifically about hardware security. They both have the titan M chip so
• 05:25
  CanadaisCold1
  I think the Google Titan M security chips are unique to google,
• 05:25
  CanadaisCold1
  But perhaps an open source variant of Titan M, secure boot etc can be coded using signature matching/validation and verification.
• 05:28
  strcat
  CanadaisCold1: the Titan M is far from the only secure element, we have no specific dependency on the Titan M
• 05:32
  anonhat[m]
  I'm getting together some capital to hopefully develop a decent phone with an Open Titan based security chip. It's still an early project, but I'll likely come back here with updates once something materializes.
• 05:33
  strcat
  a secure element that's comparable to the Titan M and provides Weaver, StrongBox and the other features

• #grapheneos
• 15:20
  strcat[m]
  factory reset wipes Titan M data and the data partition, not that atm
• 15:21
  jandroid[m]
  <strcat[m] "factory reset wipes Titan M data"> thank you!

• #grapheneos
• 11:59
  jftn[m]
  * Ironically, the Google Pixels. They have superiour hardware security (full verified boot, strong hardware-backed encryption, Titan M and much more). Also, regular and fast firmware patches.
• 11:59
  jftn[m]
  * Ironically, the Google Pixels. They have superiour hardware security (full verified boot, strong hardware-backed encryption, Titan M and much more). Also, regular and fast firmware patches.

• #grapheneos
• 08:11
  tryingraphene
  so does the titan m chip operate the same as regards lockscreen password guesses, etc with other profiles as it does with rebooting phone?
• 08:16
  tryingraphene
  oh yes i see that is what i was wondering is if fingerprint data was housed in titan m as well
• 08:19
  tryingraphene
  i see- so that was a big question i had too with the hardware titan m chip- do i need to have a super long complicated password randlomly generated like i used to with older phones or with titan m is a random 20 char fine?
• 08:20
  strcat[m]
  tryingraphene: the Titan M Weaver implementation quickly throttles to 1 attempt per day at decryption
• 08:20
  tryingraphene
  i read the titan m will ramp up timeouts for guesses but in my recent tests of guessing patterns wrong 30 times in a row with a newly created profile it was still at 30 seconds per guess
• 08:25
  strcat[m]
  that's for the Pixel 2 security chip at least, probably similar for Titan M
• 08:27
  tryingraphene
  because the way i understand it you can't even really bypass the titan m even taking the phone apart
• 08:29
  tryingraphene
  that is what i really like too is that it can't be easily offloaded to say a gpu array and bruteforced because it has to go through the titan m
• 08:29
  strcat[m]
  tryingraphene: even without the Titan M, there's hardware-bound key derivation
• 08:30
  strcat[m]
  Weaver (Titan M on Pixels) for the exponential throttling via secure element is an extra thing on top of that
• 08:46
  tryingraphene
  yeah i figure a 20 character randomly generated password that i memorize is totally cool since the titan m chip is present. for my threat model at least

• #grapheneos
• 01:00
  strcat[m]
  valldrac: StrongBox is a proper secure element (Titan M on Pixels, Qualcomm SPU on most other devices that have support for it) and has internal secure storage

• #grapheneos
• 14:22
  ayaen_t[m]
  secondly that would require some sort of partnering with qualcomm (entirely my guess good chances i am wrong here ) but they still dont support the proper development of a strongbox like the titan M implemented by google

• #grapheneos
• 13:33
  graphiteos[m]
  yeah I already know the things on the homepage. I was looking for documentation from google about the titan M chip what functions it has, supported crypto algorithms how it implements Android KeyStore or Android TEE
• 13:38
  graphiteos[m]
  also is ther epublic reasoning from google why they include the titan M instead of using the Quallcom TEE includes in the Snapdragon 730G for example ( I know that ARM TrustZone is a different design from a dedicated copressesor Im interested in first party sources)
• 13:53
  somenerd[m]
  to the Titan M
• 16:16
  strcat[m]
  graphiteos: TEE is not a secure element, and it's not comparable to one, you should do more research first - the comparison is between the Qualcomm SPU and the Titan M, the Titan M has lower attack surface and additional features like a secure timer for Weaver
• 16:29
  strcat
  graphiteos[m]: Pixels aren't the only phone with a secure element, and again the comparison for that is between SPU and Titan M
• 16:29
  strcat
  Titan M has secure timer and lower attack surface

• #grapheneos
• 00:41
  yzrhjocizuwkjlqo
  What is the difference between an secondary security chip like T2, Secure Enclave, Titan M etc, than the one that is in Snapdragon processors which is also separated from the main processor?
• 01:13
  yzrhjocizuwkjlqo
  Makes sense. Is snapdragons secure enclave as good as Titan M?
• 01:22
  strcat
  no the SPU is not competitive with the Titan M

• #grapheneos
• 17:50
  Adam1776A
  I think Pixel 4a has the Titan M security chip
• 17:51
  steppingonyou[m]
  more precisely do any new pixels use titan m equivalent?
• 17:55
  steppingonyou[m]
  i was curious about the titan m chip specifically i wasnt aware all pixels > 3 were using it

• #grapheneos
• 18:25
  arpysco[m]
  <naribia "which security capabilities spec"> Look up the titan m chip
• 18:26
  naribia
  is the titan m chip the thing that holds the keys for checking os image signatures?

• #grapheneos
• 20:10
  strcat[m]
  on a Pixel 3 and later, the Titan M secure element implements Weaver
• 20:19
  strcat[m]
  which could not be said about it before the Pixel 2 (which introduced an NXP security chip for this, later replaced by the Titan M in the Pixel 3 which provides much more than this feature)

• #grapheneos
• 21:10
  TheJollyRoger
  yzrhjocizuwkjlqo: you're close. If I recall right there are other secret parts of information that the Titan uses (I'm not sure of all of them) for key derivation but you're correct that the Titan is capable of bolstering the strength of a short pin. With respect to phones without a security chip, it tends to vary depending on the phone's CPU and the OEM's attentiveness to security.
• 21:14
  yzrhjocizuwkjlqo
  <TheJollyRoger "yzrhjocizuwkjlqocf: you're close"> Titan M is close to Apples Secure Enclave, right? How can Cellebrite then brute force an iPhones standard 6 pin in a couple of hours/days if the secure chip should stop that? I'm talking about Apples security chip here, as that's the only info we got about adversaries with lots of money trying to get into phones.
• 21:15
  TheJollyRoger
  The Titan M is very different than Apple's Secure Enclave Processor; if I recall right what they were doing to brute force the SEP was they were spoofing the time. The Titan M contains its own timer, for this reason.

• #grapheneos
• 10:10
  anupritaisno1[m]
  mistazaki: try Titan M attestation
• 10:12
  mistazaki[m]
  <anupritaisno1[m] "mistazaki: try Titan M attestati"> How?
• 10:45
  Dylanger[m]
  Because it's an EVT, you might even have a dev version of Titan M potentially

• #grapheneos
• 20:32
  TheJollyRoger
  ultracard[m]: oh yeah. You asked about the Titan security chip a bit back, did you? I've got a bit of a moment now to discuss it.

• #grapheneos
• 17:01
  strcat[m]
  or just use a random PIN (8 digit or so) without biometric unlock if you want to rely on the Titan M for security instead of your passphrase

• #grapheneos
• 14:37
  lolly
  But could government and police parties have backdoors into the titan M chip?
• 15:34
  anupritaisno1[m]
  lolly when you press wipe the decryption key is wiped from the titan M
• 17:02
  strcat[m]
  anupritaisno1: the decryption key isn't on the Titan M, it's not stored anywhere
• 17:03
  strcat[m]
  without one, you depend on the hardware-based security features, such as if you have a 6 digit PIN, you're depending on the Titan M throttling
• 20:46
  strcat[m]
  if someone uses a 6 digit PIN, then they depend on the security of the Titan M

• #grapheneos
• 17:12
  anupritaisno1[m]
  Titan M
• 17:13
  Remu[m]
  Just curious, so I assume any Pixel with Titan M will support it when they will get Auditor support?

• #grapheneos
• 19:41
  strcat[m]
  there is a far superior security chip built into the phone (Titan M) along with a secure element on the SoC (SPU)

• #grapheneos
• 17:09
  incognitopeople
  features. We're also working together with Incognito and theirs developers and we want to find a way to integrate a Cold wallet for incognito chain with titan-M chip. As we know, company like Omerta used and sell smartphone with you OS. We would like to do similar but before that, we would like to make a partnership and work together with you to

• #grapheneos
• 21:41
  alex-resist_
  It said "Wiping Titan M" and then "Can't send spi message: Try again" about 25 times. In the end it still said "Data wipe complete"

• #grapheneos
• 09:33
  Dylanger[m]
  Does the 4a have the Titan M?
• 11:42
  strcat[m]
  Dylanger: it's not a general purpose SoC, it's a secure element like the Titan M
• 11:59
  Dylanger[m]
  <strcat[m] "> works differently"> I know that these 2 things are totally seperate, the shell I was dropped into was some sort of UART terminal, the cable itself added resistance to D- line, muxing me to the Titan M, I only mentioned adb was disabled because I was able to take his _totally untouced Pixel 3, and interact with the (debatable) most IC of the device_
• 12:00
  Dylanger[m]
  * I know that these 2 things are totally seperate, the shell I was dropped into was some sort of UART terminal, the cable itself added resistance to D- line, muxing me to the Titan M, I only mentioned adb was disabled because I was able to take his _totally untouced Pixel 3, and interact with the (debatable) most important/private IC in the device_
• 12:01
  strcat[m]
  you can't "interact" with the Titan M using it
• 12:02
  strcat[m]
  and you also seem confused about what the Titan M provides
• 21:44
  Dylanger[m]
  Has anyone done any side channel fun with Titan M?

• #grapheneos
• 13:41
  Resynth[m]
  Graphene works fine with Titan M
• 13:41
  Resynth[m]
  I still think Titan M is shit, but it exists on GrapheneOS
• 13:42
  Resynth[m]
  androidauthority.com/titan-m-security-chip-915888
• 15:00
  strcat[m]
  the Titan M has dedicated hardware entropy generation + CSPRNG, so that's what's used internally for the StrongBox keystore
• 15:00
  strcat[m]
  Titan M random number generation is just for StrongBox

• #grapheneos
• 21:29
  blacklight447[m]
  <anupritaisno1[m] "It is very hard to brute force e"> As long as they do not beat the titan M right?
• 22:43
  anupritaisno1[m]
  BTW did your titan m throw some weird errors?

• #grapheneos
• 04:13
  strcat[m]
  the Titan M is the main place that a custom AVB key is stored along with vbmeta rollback indices
• 17:14
  jpds
  esmspwdcesmrcbtt: Yes, through the use of Titan M

• #grapheneos
• 11:19
  renlord
  when you say titan m is broken, what sort of symptoms are we looking at?
• 18:54
  engulf[m]
  Titan M is open source but its near to impossible to verify that its running the code
• 18:56
  JTL
  > 11:54 <engulf[m]> Titan M is open source but its near to impossible to verify that its running the code
• 19:10
  strcat[m]
  BalooRJ: so for example the Titan M just provides specific features, it doesn't have any control beyond implementing the APIs it is supposed to implement

• #grapheneos
• 18:58
  strcat[m]
  with Titan M
• 19:06
  strcat[m]
  this seems like an Android 11 Titan M bug
• 19:09
  strcat[m]
  seems Titan M is not getting time synced to it properly
• 19:09
  strcat[m]
  seems like a Titan M bug

• #grapheneos
• 17:55
  res4[m]
  <louipc "need tshirts and stickers and al"> Or package actual jazz with every install of GrapheneOS. Randomly generated with encryption keys stored in the Titan M chip, so no one but you will get to listen to your sweet, sweet personal privacy-jazz.

• #grapheneos
• 17:07
  anupritaisno1[m]
  Google might tie it with the titan M
• 17:08
  strcat[m]
  Titan M doesn't have an API for that stuff just the regular keystore API
• 18:11
  anupritaisno1[m]
  [strcat](matrix.to/#/@strcat:matrix.org): then should this password be backed on titan m or no?

• #grapheneos
• 14:38
  strcat[m]
  on a Pixel the Titan M provides the API for this

• #grapheneos
• 10:32
  cn3m[m]
  it takes 650 years to break a Titan M with a 4 digit random PIN
• 10:35
  cn3m[m]
  and of course that primary unlock method is super strong since the Titan M
• 10:35
  strcat[m]
  it's super strong if you use a strong passphrase regardless since it uses scrypt combined with hardware-accelerated, hardware-bound encryption with the Titan M protection added on top of that
• 10:36
  strcat[m]
  the Titan M protection added on top is what makes it so that even a 6 digit PIN will take a ridiculous amount of time to brute force unless they can exploit the tiny attack surface of the Titan M
• 10:40
  strcat[m]
  and if the Titan M is not exploited successfully, then even a crappy PIN unlock lasts that long
• 10:41
  strcat[m]
  and Titan M firmware cannot be updated until authentication of the owner account is done successfully so you'd actually need to exploit it, can't do something like bribing insiders millions to steal the keys to sign firmware

• #grapheneos
• 21:29
  cn3m[m]
  <bypassbob[m] "Is that the facial recognition? "> it is a fuzzed mathmatical representation stored in the Titan M

• #grapheneos
• 19:21
  jpds
  lev[m]: The biometric data is stored in the Titan M security chip

• #grapheneos
• 14:40
  jacktheclipper[m
  Titan M is the full name. Basically it is a separate chip that stores the encryption key for the phone. This article explains it better than I can: wired.com/story/google-titan-m-security-chip-pixel-3
• 14:42
  jacktheclipper[m
  When you change your screen PIN or pattern, the actual encryption keys do not change (re-encypting the phone would take a long time) but because it is really hard to access the tiny Titan M chip the encryption keys are still safe.

• #grapheneos
• 18:43
  cn3m[m]
  <tinkerthinker "? reboot disables biometrics? Ho"> Before first unlock no keys are stored in the system only in the Titan M
• 18:46
  cn3m[m]
  due to Titan M insider attack resistance

• #grapheneos
• 06:31
  cn3m[m]
  Titan M enforces the boot integrity. Google offers $1,000,000 in bounty for persistent attacks against it.
• 06:33
  Vappy[m]
  <cn3m[m] "Titan M enforces the boot integr"> Titan M chip makes sure you cant flash a modded bl right
• 06:34
  cn3m[m]
  <Vappy[m] "Titan M chip makes sure you cant"> Yes(ish) standard feature with the Qualcomm TEE on Android
• 06:35
  cn3m[m]
  Titan M expands and strengthens the stock Android security features
• 06:37
  cn3m[m]
  Titan M also enforces user consent for firmware upgrades
• 06:42
  cn3m[m]
  Pixel has none of these issues and pushes it further. The Titan M security chip can't load firmware without user permission so even with Google and GrapheneOS fully cooperating with whoever wants to break into a seized phone they would be sore out of luck.
• 06:52
  Vappy[m]
  This makes me wonder, is the Titan M googles implementation of the security enclave on iPhones? Better or worse?
• 06:52
  Vappy[m]
  you're making the Titan M sound like an indestructible shield and im a bit skeptical, although I dont know too much about it
• 06:53
  cn3m[m]
  Vappy: The Secure Enclave has a very strong track record and is over 7 years old and very well documented. It is probably to early to compare the Titan M definitively. Though the Titan M matches it on feature set and has had no issues so far
• 06:54
  cn3m[m]
  You will not lose anything to my knowledge using the Titan M instead
• 06:54
  Vappy[m]
  1 mill to any bugs found on the Titan M chip

• #grapheneos
• 06:36
  niky
  but if im buy an android device it will be a pixel coz of titan m and updates

• #grapheneos
• 20:54
  blueuser[m]
  it's hardcoded in source but maybe it's different for pixels with titan m idk

• #grapheneos
• 14:22
  za_vilfp8kn0pcyh
  Besides, the encryption keys on Titan M would be wiped anyways if you do so
• 14:45
  Autopsy[m]
  <sinenomine[m] "Okay but does the delete option "> Set up a strong password and biometrics. If someone has access to your phone, they won't be able to recover anything without that. The Titan M chip will do its job to ensure no unauthorised access is done.
• 14:49
  derpy
  Think the Titan M is backdoored?

• #grapheneos
• 19:04
  nikitalita[m]
  is there a decent whitepaper on how the Titan M works? I'm not able to turn up much besides the google blog post announcing it

• #grapheneos
• 13:15
  cn3m[m]
  The Titan M does the same thing

• #grapheneos
• 01:12
  cn3m[m]
  the hardware rate limiter in the Titan M means a 4 Digit PIN should be safe for 650 years
• 01:16
  cn3m[m]
  a hardware rate limiter bypass is extremely unlikely. The SEP has gone undefeated for 7 years. No firmware decryption and partial compromises don't count. The Titan M will hold on

• #grapheneos
• 21:56
  SchismXL[m]
  kejsixi reddit.com/r/GrapheneOS/comments/hf…_chip_actually_do/fw8kr29?context=3 check this comment and read through the info.
• 22:11
  kejsixi[m]
  SchismXL: thank you! I have read all of what's linked in the reddit post yesterday, but not security.googleblog.com/2018/10/bui…-titan-better-security-through.html They write ...Titan M performs several security sensitive functions, including:
• 22:17
  SchismXL[m]
  <kejsixi[m] "hm. which would be stored on the"> Someone else may be along later today or tomorrow to answer these in more detail, of they have time. But yeah, biometrics and such will be on the Titan M chip.
• 22:58
  bocyemofo[m]
  <kejsixi[m] "i asumed youre thinking economy "> In this case data = money. A Titan backdoor would only provide data on Pixel phones (Android as a whole is much larger, of course), and would also not provide any extra data except in the (incredibly rare) case of a de-googled custom ROM.
• 22:58
  Antoine-Frdric[m
  Maybe there's a backdoor into Titan M, maybe not. Anyway, you're not worth a zero-day.
• 23:11
  camoufrage[m]
  <kejsixi[m] "yes sounds like an IME/VPRO to m"> Google does not sell nearly enough pixels to do this. Especially since Titan is based on their own security measures on the Titan

• #grapheneos
• 00:03
  cn3m[m]
  3. Titan M doesn't have networking and has to pass CTS(open source) as matching the encryption output
• 00:04
  cn3m[m]
  Those 3 reasons is why it is essentially impossible for the Titan M to be backdoored. Otherwise it would be noticed in testing. Google won't take a risk. They will pay a million per exploit against it and fix it
• 00:10
  cn3m[m]
  <plain_dust[m] "why isn't the titan chip open so"> I don't know it is something they are planning and they are building an open hardware option too
• 08:00
  SchismXL[m]
  That Pixel 4a leak looks quite nice. 6gb RAM, 128gb storage, Snapdragon 730G, 5.81 inch hole punch, FHD+ HDR, 3140mAh battery, 12.2MP rear, 8MP front, headphone jack (apparently), Titan M Chip... For $349.

• #grapheneos
• 10:31
  anonhat[m]
  <anupritaisno1[m] "Google has made a requirement in"> But the Titan M chip is still a black box.
• 10:31
  anupritaisno1[m]
  anonhat: it doesn't matter because they have to proof that encryption in SW and from the titan M is exactly the same
• 10:32
  anupritaisno1[m]
  * anonhat: it doesn't matter because they have to prove that encryption in SW and from the titan M is exactly the same
• 10:32
  cn3m[m]
  Titan M should be the least of your worries
• 10:34
  cn3m[m]
  <cn3m[m] "it also has insider attack resis"> the Titan M is extremely hard for Google to backdoor for the government(a
• 10:35
  cn3m[m]
  Titan M should hold, but no guarantees of course
• 10:39
  cn3m[m]
  SEP is using it I would bet $50 Titan M is too
• 10:54
  anupritaisno1[m]
  If there was a titan M and full verified boot on desktop it'd be great
• 10:54
  cn3m[m]
  <anupritaisno1[m] "If there was a titan M and full "> Apple Silicon
• 10:55
  EssentialChaos[m
  <anupritaisno1[m] "If there was a titan M and full "> At least you have a secure phone

• #grapheneos
• 04:22
  cn3m[m]
  <Knull[m] "The subpoenas. Id rather my devi"> it is stored fuzzed in the Titan or SEP
• 04:25
  cn3m[m]
  <switchdominion[m "cn3m: "> reddit.com/r/GrapheneOS/comments/hf…he_titan_m_chip_actually_do/fw8kr29 this is all I found
• 04:29
  switchdominion[m
  <cn3m[m] "reddit.com/r/Graphen"> I read a bit of that earlier and I'll take a closer look now. Mostly I was wondering what you meant by Face ID and/or biometrics being "stored fuzzed in the Titan or SEP."
• 04:51
  switchdominion[m
  <cn3m[m] "650 years, though there could al"> Specifically, I'm referring to brute forcing a pin with a Titan M. What flaw might you be referring to?
• 04:54
  switchdominion[m
  <cn3m[m] "It is not outside the realm of p"> Of course. That is probably why Google has a $1.5 million bounty for anyone that can find a bug in the Titan M.
• 04:58
  switchdominion[m
  theverge.com/2019/11/21/20975650/go…chip-bug-bounty-program-3-3a-4-hack

• #grapheneos
• 09:37
  cn3m[m]
  <Jimmehh[m] "cn3m: no there is one from like "> right same goes for Titan M or anything
• 09:39
  Jimmehh[m]
  <cn3m[m] "right same goes for Titan M or a"> titan m hasn't had any public vulnerabilities to my knowledge yet
• 09:41
  cn3m[m]
  the SEP and Titan M are both great either could fall but probably won't. Outside of 99% of people's threat models

• #grapheneos
• 18:11
  theultron[m]
  I think the Pixel have something called Titan M which makes brute forcing difficult. You still may go with a longer password to be on the safer side.
• 18:13
  lovesausage[m]
  ah , I never understood what the titan M did really
• 18:13
  cn3m[m]
  The Titan M is extremely close to the Secure Enclave from Apple which has still secure after 7 years
• 18:13
  cn3m[m]
  The Titan M and Secure Enclave both offer Insider Attack Resistance and rollback protection
• 18:13
  rover1[m]
  <cn3m[m] "The Titan M and Secure Enclave b"> researchers made work on sep, see Hao Xu abstract mosec.org/en/2020
• 18:21
  anupritaisno1[m]
  cn3m: apart from the 1M bounty are you describing Qualcomm TEE or Titan M because Qualcomm TEE does that as well
• 18:21
  anupritaisno1[m]
  There are other reasons for the titan M to be used
• 19:12
  TheJollyRoger
  No, you can't. The Titan M contains an access token and its own internal incremental timer that doesn't answer to the host timer.
• 19:13
  TheJollyRoger
  So even if you found an exploit for the operating system, the Titan M is going to say "Sorry, but your timer doesn't match mine. Fifty seconds, by MY COUNT, and not yours."
• 19:24
  cn3m[m]
  the iPhone has key derivation of ~150ms with dedicated crypto hardware. The Titan M must be similar that is impressive
• 19:32
  cn3m[m]
  there is really no better option(maybe marginally the secure enclave), but overall Titan M is basically our best option

• #grapheneos
• 13:56
  strcat[m]
  like it's totally possible the beta had screwed up Titan M firmware and triggered some tamper thing
• 13:58
  strcat[m]
  if they had a serial debug cable they could get Titan M logs (there's a way to get them)
• 13:58
  blacklight447[m]
  <strcat[m] "like it's totally possible the b"> Does flashing the os on your storage alter the titan firmware..?
• 13:59
  strcat[m]
  Titan M firmware is uploaded by the OS
• 14:03
  anupritaisno1[m]
  strcat: how to see titan M logs?
• 14:06
  anupritaisno1[m]
  strcat: does fastboot -w wipe titan M like recovery?
• 15:46
  strcat[m]
  StrongBox (i.e. secure element, which is the Titan M on a Pixel) does not
• 15:47
  strcat[m]
  on Pixels StrongBox is provided by the Titan M
• 16:20
  strcat[m]
  it seems like his Titan M is broken
• 16:20
  strcat[m]
  afaik it's the OS that updates the firmware on the Titan M anyway
• 16:21
  strcat[m]
  but it seems like his Titan M has broken firmware

• #grapheneos
• 02:46
  nickcalyx[m]
  strcat would know the specifics but I think there were improvements in the titan M in between 3 and 4 ?
• 03:15
  nickcalyx[m]
  There is something about,the Titan m chip increasing the delay in between attempts, the more you try
• 03:17
  jknsec[m]
  The irony is that this is why the Titan M exists and why Graphene likes Pixels

• #grapheneos
• 06:02
  strcat[m]
  cn3m: also original pixels didn't have Titan M or Android Verified Boot 2.0