Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What is the guarantee that the Titan M chip is not backdoored?

Is there any detailed documentation about this chip?



The firmware for the Titan M HSM is open source but the RTL is closed, secret, proprietary, and even if it was open you’d still need to decap the IC to verify they fabbed the design faithfully, which exactly nobody can do, but I digress. There’s an entirely different design based around the Titan standard called OpenTitan based on LowRISC. So we know what Titan M does do, the documented functions. But what else does it do? Or put another way can a $1 trillion American corporation design a security chip intended for the 3 billion handset strong Android market and not allow the US government to install a backdoor? I think it’s common sense, the answer’s obvious. And if the HSM can’t be trusted the entire security model is broken. But maybe let’s call this for what it is: an attempt to fleece the wealthy paranoid. Unfortunately these types of products attract attention and make you a target. Let’s say you’re going through an airport inspection and it comes out that you’ve ripped the mics out of your phone well, now you’ve got a whole lot of explaining to do. You’re either crazy or up to no good and don’t expect to be flying anytime soon. Messing with the baseband probably lights up your handset on the network as well. No - if you want anonymity, privacy, secrecy from the state then you can’t use smartphones period. This technology is a fantastic advantage for general living in modern society but a cellphone represents 500+ years of R&D labor. You can’t rip a few components off the PCB and rewrite the bootloader and call it secure. This is just nonsense.


I haven't found any yet, but it's likely out there given how heavily & directly the open-source GrapheneOS project relies on it.

It's notable that GrapheneOS only currently supports the Google Pixel 4 and 5.

e.g. Peter Easton wrote a short piece here https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/ma...


What guarantee do you have that any chip on any of your devices is not backdoored?

Conversely, what indication is there that Titan M is more likely than any other chip on any of your devices to be backdoored?

How do you suggest we prove this negative?


What indication? Basic common sense tells you it has to be backdoored. Look at what it is, what it does, who’s making it and who do they serve? It’s closed hardware for a reason. That chip is so backdoored I’ll wager the backdoors have backdoors. And that’s not even a joke.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: