Very uninformed person here and a genuine question. Isn’t TPM endorsed by respected security projects such as GrapheneOS, I mean the Titan chip isn’t some type of TPM equivalent for computers and one of the main reasons GrapheneOS doesn’t support other phones that aren’t Pixel?
The thing is, trusted computing as a security feature isn’t useless. For the particular case of phones, people generally use relatively low entropy passwords, because it’s impractical to do otherwise. The Titan chip uses trusted computing technologies to ensure that an attacker with physical access cannot bruteforce the password, which it does by forcing a timeout between successive attempts. It might do other things too, this isn’t my area of expertise, but (I believe) it isn’t needed for the general functioning of the device, as opposed to e.g. the intel ME.
Of course, a security chip that you have the power to control would be better, and no less secure, but that doesn’t exist. However, neither the OS itself not the apps directly depend on trusted computing. Otherwise GrapheneOS couldn’t exist in the first place.
Note that this problem doesn’t exist on desktops or laptops: it is entirely possible to memorize a passphrase around 96 bits of entropy, which is high enough that it can’t practically be bruteforced, especially if the algorithm to check if it is correct is computationally slow.
So, you lost a bit of sovereignty for your phone in the interest of security, but phones aren’t private to begin with: the actual modem also uses trusted computing. The devs behind GrapheneOS considered this the best solution to the problem, after weighing the pros and cons. Personally, I’d be happy to have a flip phone which has no password, and then do everything of significance (possibly including call and SMS) on my laptop. That is to say, I’d rather I didn’t have to use GrapheneOS, but it’s compromises align well with my own for now.
Very uninformed person here and a genuine question. Isn’t TPM endorsed by respected security projects such as GrapheneOS, I mean the Titan chip isn’t some type of TPM equivalent for computers and one of the main reasons GrapheneOS doesn’t support other phones that aren’t Pixel?
The thing is, trusted computing as a security feature isn’t useless. For the particular case of phones, people generally use relatively low entropy passwords, because it’s impractical to do otherwise. The Titan chip uses trusted computing technologies to ensure that an attacker with physical access cannot bruteforce the password, which it does by forcing a timeout between successive attempts. It might do other things too, this isn’t my area of expertise, but (I believe) it isn’t needed for the general functioning of the device, as opposed to e.g. the intel ME.
Of course, a security chip that you have the power to control would be better, and no less secure, but that doesn’t exist. However, neither the OS itself not the apps directly depend on trusted computing. Otherwise GrapheneOS couldn’t exist in the first place.
Note that this problem doesn’t exist on desktops or laptops: it is entirely possible to memorize a passphrase around 96 bits of entropy, which is high enough that it can’t practically be bruteforced, especially if the algorithm to check if it is correct is computationally slow.
So, you lost a bit of sovereignty for your phone in the interest of security, but phones aren’t private to begin with: the actual modem also uses trusted computing. The devs behind GrapheneOS considered this the best solution to the problem, after weighing the pros and cons. Personally, I’d be happy to have a flip phone which has no password, and then do everything of significance (possibly including call and SMS) on my laptop. That is to say, I’d rather I didn’t have to use GrapheneOS, but it’s compromises align well with my own for now.