Titan M is a primary reason that Pixel phones are the top pick for security & privacy OSs. Unfortunately there are no alternatives yet that would stop bruteforce attacks on unlocking a phone. And even with filesystem encryption: if it is unlocked by bruteforce, then that is of no help.
So, what we need is a FOSS Titan-M-like chip. Does it exist? Is there any talk from the Fairphone engineers on this topic?
A Titan-M-chip in a future Fairphone model would actually be a great thing. Then GrapheneOS would be possible, which is currently probably the most secure and privacy-friendly custom ROM under Android. However, you would have the dilemma that there are no security updates at all after 2-3 years. Graphene only supports a device as long as there are kernel and baseband updates. Thus, the Fairphone would be electronic waste at an early stage. This contradicts the idea of using a Fairphone (or other smartphone) as long as possible for the sake of the environment. Everyone has to make this decision for themselves: Does the environment come first or my personal IT security and data protection? With other custom roms, you at least get the security updates for the OS even without the urgently needed kernel and baseband updates. In the long run, there is only one solution: There has to be a way to update the kernel and baseband for as long as you want. But whether this problem will ever be solved without Qualcomm and Co. (and they of course have no interest in it) ??? Unfortunately, we are currently still far away from being able to operate a smartphone âsafelyâ for many many years.
After all, the EU seems to want to tackle a law with which there should be an obligation that a smartphone must get all security updates for at least 5 years. That would at least be a first ray of hopeâŠ
Titan M is not that unique (anymore). Although itâs still one of the best. There are some others as well (article is in Dutch, but can be translated).
ARM TrustZone is what Qualcomm chips use.
Check this, Trusted Execution Environment is what youâre looking for:
@LibrePhoner I think youâre trying to predict & anticipate too many things at once. Yes, we donât know if the OS would be Graphene. It could certainly borrow from it⊠But why would there be no security updates after 2-3y? Isnât a major feature of a Fairphone the modularity of baseband hardware? I would not want to depend on the EU for anythingâŠ
Even if it was open-source (donât know), you canât verify whatâs installed in that secure environment. Itâs separated from you, thatâs what makes it so secure. As far as I know anyway, itâs been a while since I checked these details.
Fairphone ships its smartphone with Google Android. OK, maybe I misunderstood something. I thought GrapheneOS was only available for smartphones that have a Titan M chip, among other things? Thatâs where I got the idea that you could then install Graphene yourself if the prerequisites were met. I didnât mean that Fairphone would offer Graphene or any other custom rom. But it is indeed the case that Graphene stops supporting a device as soon as there are no more baseband and kernel updates. That is part of their security concept. So you either have to change the smartphone every 3 years if you want to keep all 3 security levels up to date or you take another OS that still offers security updates and upgrades for Android after that. Then 2 security levels are no longer updated, but you can at least continue to use the smartphone with the security updates for Android.
This article describes how Graphene is ahead of other custom roms:
under â2.1 Supported devicesâ there is a quote from Grapheneâs FAQ:
Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, thereâs not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.
As far as I know, the baseband of the Fairphone cannot be exchanged (for a newer model).
This is the point of this thread⊠Fairphone should get these security features - not just so GrapheneOS might consider supporting it - but so we can have the first phone as secure as the Pixel that is actually verifiable (so actually more secure than the Pixel).
If secure boot is what youâre looking for, then most Android devices have that. And Qualcomm does provides this as well. Pixels go a bit further. But the trusted execution environment is there.
But even if it was open-source, you canât verify it. Itâs a closed environment. Just like the TPM chip in your laptop/PC. I think youâre good with Fairphone in this regards. The only downside is mostly that you wonât get security fixes as fast as on a Pixel.
The OS stores a high entropy random value as the Weaver token on the secure element (Titan M on Pixels) and uses it as another input for key derivation. The Weaver token is stored alongside a Weaver key derived by the OS from the password token. In order to retrieve the Weaver token, the secure element requires the correct Weaver key. A secure internal timer is used to implement hardware-based delays for each attempt at key derivation. It quickly ramps up to 1 day delays before the next attempt. Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots. The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.
Standard delays for encryption key derivation enforced by the secure element:
0 to 4 failed attempts: no delay
5 failed attempts: 30 second delay
6 to 9 failed attempts: no delay
10 to 29 failed attempts: 30 second delay
30 to 139 failed attempts: 30 Ă 2â(n - 30) Ă· 10â where n is the number of failed attempts. This means the delay doubles after every 10 attempts. There's a 30 second delay after 30 failed attempts, 60s after 40, 120s after 50, 240s after 60, 480s after 70, 960s after 80, 1920s after 90, 3840s after 100, 7680s after 110, 15360s after 120 and 30720s after 130
140 or more failed attempts: 86400 second delay (1 day)
Invalid input outside the minimum or maximum length limits of the UI wonât trigger an attempt at authentication or key derivation.
This is indeed great for security, its akin to TPM on x86-64 and Secure Enclave on Mac/iPhone.
And yes, this protects the user, very much so. If they lose (in whatever way) ownership of the device. That is what its for. Entire iPhone and iPad graveyards are filled with devices which⊠still got a password on their Secure Enclave.
If GrapheneOS stops supporting a smartphone, its time to dump/sell it, or slap pmOS on it and have some fun with it
Just read about it in this article below, so itâs open-source and Titan uses ARM TrustZone, just like Fairphone (could, I donât know if they actually utilize it).
