back to article Hash of the Titan: How Google bakes security all the way into silicon

Google has unveiled more details about how security built into its custom silicon chips underpins the integrity of its servers and cloud-based services. A blog post details how Google's custom Titan chip provides a hardware-verified boot and end-to-end authenticated root of trust for the internet giant's computing workhorses …

  1. Anonymous Coward
    Anonymous Coward

    designed in house is half of the story

    Where is it manufactured? I can bet it is TSMC so Google is not actually in 100% control over it.

    How is the fact that the silicon matches the design verified?

    1. Anonymous Coward
      Anonymous Coward

      Re: designed in house is half of the story

      Yeah cuz google would totally make a noob mistake like that...

    2. nerdbert
      Thumb Down

      How to leak information...unintentionally

      You don't do chips, do you?

      TSMC has several modes of operation. One where you pass off RTL to them and they do the synthesis, P&R, etc. This is the "handholding for newbie startups" mode. TSMC could, if it desired, change your logic and hide it from you since they also design the test patterns.

      The other mode is where they take GDS2 (geometric trapezoids) and hand you back silicon. This is the one that serious companies use. In this case TSMC is practically locked out since they'd have to decompile the GDS, make changes, and hope like h*ll that they didn't change the test patterns you've already generated. The odds of this are infinitesimal on any practically sized SoC.

      I expect Google is a serious company, with serious money to spend given that they are going to this extent for security so TSMC isn't a practical attack vector. Your better bet would be to corrupt one of Google's IP suppliers and try to inject a vulnerability there. I seriously doubt Google is designing the microcontroller, for example, so that's where I'd start if I wanted to corrupt this sequence, although you could do it on any of several IP blocks they use.

  2. Anonymous Coward
    Anonymous Coward

    So just another TPM implementation?

    Bug of course, this, one being from Google won't get the Microsoft flak...

  3. Anonymous Coward
    Big Brother

    Google is a USA-based company...

    And therefore subject to american law...

    Wich basically means you can't trust your data won't be slurped by any of the infamous three-letter agencies...

    No matter how trustworthy their hardware is...

  4. MachDiamond Silver badge

    Baked in spyware

    Since Google is in the business of selling data about its "customers" and has long since abandoned its policy of "Do No Evil", their getting into secure hardware is not comforting.

    1. johnnyblaze

      Re: Baked in spyware

      Anonymizing collected data from users and selling it to advertisiers (yes, you are the important bit), is done by pretty much all major companies now, on a scale that you cannot even begin to imagine. It's far from just Google, although they're one of the originals, so you hope they've perfected a lot of the security side. The real evil, underhand basterds in all this though are Microsoft. Win10 is their data collection machine, so they damn well want to get it onto as many machines as possible. Sure, it's secure - secure from everyone else except MS themselves. They'll suck you dry.

  5. Anonymous Coward
    Anonymous Coward

    No different from anyone else, then

    Intel CPUs support all the same - we just don't boot directly into signed code with the full root of trust. But they can do that, if you want. Apple's SoCs do the same, and I'll bet Qualcomm's SoCs support it as well though like Intel CPUs probably the OEMs don't take full advantage of it.

    Now if there's no way to turn it off then they'd have bit of a leg up on others, but that makes testing a lot bigger pain in the ass. Otherwise requiring a signed bootloader and up doesn't guarantee perfect security, as the holes found that allow jailbreaking on iPhones demonstrate.

  6. Anonymous Coward
    Anonymous Coward

    Same old same old?

    So this Titan chip - it really just sounds like a standard secure element as used in smartcards/SIMs/etc. The only difference I can see is that it (apparently) uses Flash instead of EEPROM.

  7. Anonymous Coward
    Anonymous Coward

    Dear Google

    Can you provide me with detailed instructions on how I can stop you from acquiring all sorts of information about me, my family and my friends?

    No?

    Well [redacted] off! I do not want to help you make money on the data that I never agreed for you to have.

    Yours Anonymous Google hater.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear Google

      You don't want Google to do that? Fine, no problem, all you have to do is never use Google, Chrome, Android or YouTube ever again. Oh, and best ditch all your Chromecast and Nest kit too. And if you're really in tinfoil hat mode, get BUPA so you don't need to use the NHS.

      1. Wensleydale Cheese

        Re: Dear Google

        "You don't want Google to do that? Fine, no problem, all you have to do is never use Google, Chrome, Android or YouTube ever again. "

        I can certainly try to do that, but there are way too many sites which use googleapis, googlefonts and the like to display their own content.

    2. Daggerchild Silver badge

      Re: Dear Google

      You're going to have to switch tack. Google may be the symbol of the problem, but no way in hell are they the ones you should worry most about. There are things out there that have developed tech to pierce Chrome's Incognito mode, and they aren't Google. Even bringing Google down may only make things worse.

      Users have basically lost control of their apps/browser. You have no idea who it's visiting, what it's giving others, where they are, or who they're working with. Every time an app/extension is installed, you individualise, and become more identifiable, and your attack surface increases.

      You wanted detailed instructions? To lie to your enemies, you'll need to lie to your browser, about the machine it's on, the timezone, the time, the clockdrift of your PC, your history, your latency, your network topology, your bandwidth and packetloss, your hardware media acceleration, etc.

      And you need to tell a different lie-set for every separate site you told a Truth to. There. This is the true depth of the swamp you live in with Google. But Google didn't make this swamp, and it won't go away when you kill them.

      1. amanfromMars 1 Silver badge

        Dear Google..... re NEUKlearer HyperRadioProACTive IT in AI with Remote Access Trojans

        This is the true depth of the swamp you live in with Google. But Google didn't make this swamp, and it won't go away when you kill them. ..... Daggerchild

        Daggerchild,

        Google provides dark crafts and SMARTR weapons and blunt tools for Swamp RATs. ....... whether they want to or not. 'Tis the nature of the beast they feed and seed with novel ventures and zeroday vulnerability exploit opportunities.

  8. Brian Miller

    Secure boot good idea...

    Until the bug is in the ROM code. The i.MX7 does this, but a bug in the ROM means that any firmware can be booted if the firmware image has a malicious cert.

    But otherwise, it's a great idea. The chip can have certificate hashes burned into it, and then to boot the firmware, it has to have a signed cert. Once the firmware is booted, the Linux kernel is checked to make sure it is signed. Once that's done, it all boots normally.

    Mind you, none of this prevents evil behaviour on Google's, or any other company's, part. It just means that a rootkit will be harder to plant on the machines.

    1. Richard 12 Silver badge

      It's useless without revocation

      If you cannot securely revoke and replace the certificate, then it has a very short life.

      As with "pinning", one should assume that the certificate will be stolen before it becomes obsolete.

      1. Charles 9

        Re: It's useless without revocation

        But then one must ALSO assume that if a certificate can be replaced, it can be replaced with a BAD one. Certificate revocation is a potential DoS exploit, and certificate replacement is a MitM exploit.

  9. Claptrap314 Silver badge

    I did microprocessor validation at AMD & IBM. Verifying that the Si matches the gates matches the design is a solved problem. You can use formal methods down to the gates. And when the Si comes back, you actually cut some of them up if necessary. But in general, you don't. Cycle accurate simulators are required for serious designs, and you can compare results. This can be quite difficult on a full CPU, but on a boot processor--I expect that making this step easy is one of the design criteria.

  10. Jim Preis

    Summary: Google has their own Trusted Platform Module (TPM)

    I'll make an effort to dig a little deeper and compare/contrast what Google is implementing with the TPM invented by IBM in ~2002ish, but I'm guardedly confident that the deltas won't be too much. That TPM chip (the HW implementation) is licensed to and implemented by many, many OEMs.

    The only real story then would be that Google is rolling their own version of a TPM.

    If I'm wrong, please let me know where I've fallen short and I'll thank folks in advance for any corrections or clarifications.

  11. amanfromMars 1 Silver badge

    Beauty Made Simple .... in the Eye of the Beholder and Mind of the Reader

    "We harden our architecture at multiple layers, with components that include Google-designed hardware, a Google-controlled firmware stack, Google-curated OS images, a Google-hardened hypervisor, as well as data center physical security and services," the team of senior Google techies explain.

    A Leading AI Question would encourage Fabless Answers to …. To what Ultimate End and NEUKlearer HyperRadioProACTive Beginning?

    Is Google expanding Universal Search to Spin and Span Perfectly Timed Novel Content, for AI to Supply for Heavenly Product Placements in Future Builder Live Operational Virtual Environments ….. You can be assured such is easily possible with myriad stable and secure platforms and planforms already performing spectacularly.

    Does anyone know if/where there is a point in discovery where search is realised as being irrelevant and unnecessary when fundamental immaculate truths are sought and found. The task then evolves and transforms into passionate supply for mass media sharing.

    And that is, and with IT charged and overflowing with Supplies, can be your future taken care of too …….. and all shared online in plain text for easy foreign translation of paths taken and obstacles avoided and/or overcome.

    DeepMind Territory methinks, and an APT Space where more details of the above is not unknown, for the seeds of its growth are already sown there with wonderful words drawing pictures with alphabets.

    1. amanfromMars 1 Silver badge

      Re: Beauty Made Simple .... in the Eye of the Beholder and Mind of the Reader

      Here's looking at you too, Elon Musk ....... https://www.rt.com/usa/401052-elon-musk-neuralink-funding/

      I Script Kid Not, I Kid U Not.

      Just imagine the danger in connecting a WrongUn Mind to computer networks. Ye Olde PEBKAC Conundrum re-imagined and re-engineered to server Problems Exist Before Minds Alter Matters.

  12. nickx89

    Impressive.

    "Secure boot typically relies on a combination of an authenticated boot firmware and boot loader along with digitally signed boot files." - It's impressive that Google provided security to the boot level and implementing in-house strategy.

  13. mutin

    Intel TXT, AMD similar stuff and now Google. However, what they promote, and even in metal, is just a promise not TESTED solution. Had anybody seem these big guys ever mentioned any testing against root-kit hypervisor/malicious hypervisor?

    Yes, correct, whatever is in their firmware is BIG question. Russians found a hypervisor acting from Intel BMC BIOS management software actually working as nested hypervisor with the user own hypervisor. . That happened around 2008 ... Intel never commented on that. How many such hypervisors for silent collection of all and any information from system management level had been installed around the globe?

    System management software is claimed by vendors (Intel, AMD, etc.) always as proprietary and they are not going to release the code. But, we all depend on its quality and what they EMBEDDED in. Can we trust guys? I do not think so. System management software should be publicly disclosed.

    1. Anonymous Coward
      Anonymous Coward

      Except you can never be certain there isn't a hypervisor BEHIND the hypervisor. Turtles all the way down and all...

      1. amanfromMars 1 Silver badge

        What Drivers your Current Existence Hosted and Posted in the Mirrors of Media Presentations?

        Except you can never be certain there isn't a hypervisor BEHIND the hypervisor. Turtles all the way down and all... ..... Anonymous Coward

        There are always superhypervisors behind hypervisors, AC ..... SMARTR Monitors Mentoring Memes with and for Fabless Command and Control for Earthly Power with Cosmic Energy????

        Things nowadays certainly aren't like they used to be, with only a Chosen Few able to direct and effect future travel plans to selected choice prime destinations without competition.

        1. Anonymous Coward
          Anonymous Coward

          Re: What Drivers your Current Existence Hosted and Posted in the Mirrors of Media Presentations?

          And what if there's an ULTRAhypervisor behind the superhypervisor. Still haven't solved the Turtles All The Way Down problem.

          1. amanfromMars 1 Silver badge

            Re: What Drivers your Current Existence Hosted and Posted in the Mirrors of Media Presentations?

            And what if there's an ULTRAhypervisor behind the superhypervisor. Still haven't solved the Turtles All The Way Down problem. .... Anonymous Coward

            At that stage, AC, there is no problem to solve. The fields before you are Virgin See and Novel LandScapes on which you deliver Perfect Product with Private Pirate Supply of Heavenly Goods.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like