Much more detail than in the past, and a promise of open-source software release soon:
Titan M performs several security sensitive functions, including:
- Storing and enforcing the locks and rollback counters used by Android Verified Boot.
- Securely storing secrets and rate-limiting invalid attempts at retrieving them using the Weaver API.
- Providing backing for the Android Strongbox Keymaster module, including Trusted User Presence and Protected Confirmation. Titan M has direct electrical connections to the Pixel’s side buttons, so a remote attacker can’t fake button presses. These features are available to third-party apps, such as FIDO U2F Authentication.
- Enforcing factory-reset policies, so that lost or stolen phones can only be restored to operation by the authorized owner.
- Ensuring that even Google can’t unlock a phone or install firmware updates without the owner’s cooperation with Insider Attack Resistance.