What is the Titan M2 security chip in Google’s Pixel phones?
With the Pixel 6 series, Google began developing its in-house Tensor SoC. But it wasn’t the first time the search giant used a piece of custom silicon in its smartphones — the Pixel 2’s Pixel Visual Core was technically the first. A generation later, the company announced that Pixel 3 devices would include a hardware security module called Titan M. Then, in 2021, Google followed it up with the Titan M2. The security chip has since become a selling point for Google phones such as the Pixel 7 series and Pixel 6a.
So in this article, let’s take a closer look at the role of the Titan M2 in Pixel devices, how it works, and why it’s even needed in the first place.
What is the Titan M2 chip about?
Google’s Titan server chip (left) and first-generation Titan M security chip (right)
The Titan M2 is a dedicated security chip included in the Pixel 6 and Pixel 7 series smartphones. Google designed the Titan M2 in-house so that it could exercise full control over its feature set. The chip is based on the RISC-V CPU architecture and contains its own memory, RAM and cryptographic accelerator.
The Titan M2 is one of the many measures Google has taken to improve smartphone security over the years. The company uses the chip in its Pixel phones to provide an extra layer of protection on top of Android’s standard security measures.
Google designed the Titan M2 chip to extend Android’s standard security measures.
Take Android’s mandatory full-disk encryption. On most devices, it relies on a security feature known as a Trusted Execution Environment (TEE), which is essentially the secure area of a processor. Android devices store their encryption keys in this secure area, which in turn is guarded with your pattern, PIN, or password. In other words, TEE isolates cryptographic keys and never reveals them to the user or even the operating system.
Related: Everything you need to know about encryption
Virtually all smartphone SoCs in this day and age have a TEE or similar secure environment. On Snapdragon chips, it is often referred to as the Qualcomm Secure Execution Environment (QSEE). Apple’s arm-based chips like the M1 have Secure Enclave. With these secure environments in place, malicious apps cannot gain access to decryption keys, biometrics, and other sensitive data.
With the Pixel 3, Google disconnected TEE from the chipset and used a separate security module instead. The Titan M, which has now been replaced by the Titan M2, can almost be considered a standalone processor in itself. The chip has its own flash memory for storing sensitive data and runs its own minimal operating system (sometimes called a microkernel).
The Titan M2 is a separate chip that does not share resources such as memory or cache with the main processor.
It’s worth noting that dedicated security chips are not a new concept. Many computer motherboards have a Trusted Platform Module (TPM) chip that serves the same purpose, albeit with less flexibility.
What does the Titan M2 chip do?
Gary Sims / Android Authority
Unlike the main SoC that performs general tasks, a dedicated security chip like the Titan M2 performs very few functions. This greatly reduces the number of potential attack vectors since most software cannot interact directly with the security chip.
As for what the security chip actually does, let’s start by booting up the Android operating system. When you turn on a Pixel device, the Titan M2 communicates with the bootloader to confirm that you’re running the latest known version of Android. This check ensures that an attacker has not rolled back the device’s operating system to an older, potentially insecure version. Google also states that the chip protects against malicious attempts to unlock the bootloader.
The Titan M2 comes into play as soon as you press the power button, literally.
Once booted up, your phone’s storage remains encrypted and inaccessible until you clear the lock screen question. Titan M2 plays a key role here as it stores the decryption keys. Even if an attacker manipulates the operating system to try to push through the lock screen, the chip will limit the number of attempts at the hardware level. The Titan M2 will only reveal the decryption keys if you enter the correct pattern or PIN.
But what if an attacker tries to tamper with the Titan M2 directly? Google thought of that too. You cannot change or update the chip’s firmware without the device’s pattern or PIN code. The company also says it has hardened the chip against side-channel attacks such as current analysis and voltage fluctuations.
The Titan M2 also supports Android StrongBox, which is a secure repository for cryptographic keys used by third-party apps. For example, a payment app can request that the chip generates and stores a private key for your stored cards. And with Android’s Protected Confirmation, the chip also supports the universal FIDO authentication standard. This means you can use Pixel phones as a physical two-factor authentication key for your online accounts. In terms of security, Google treats it as on par with the $30 Titan Security Key.
The Titan M2 hasn’t revolutionized smartphone security by any means, but it does eliminate some key potential attack vectors. Google is currently the only smartphone manufacturer that uses a dedicated security module. However, that doesn’t mean that other Android devices aren’t secure enough. The Arm chips used in modern smartphones also have isolated and secure environments, just not to the same extent as the Titan M2.
Read next: The best Pixel-only features explained