GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
This is closely related to publishing the rest of the Trusty code used for Pixels, since they implement communication using authenticated encryption between the SoC secure core and the standalone secure element. Non-Pixel Android ecosystem could benefit a lot from all this code.

Pixel 6 and later use the open source Trusty OS for the Trusted Execution Environment (TrustZone) and secure core firmware.

Starting with this month’s quarterly release (Android 14 QPR3), Trusty sources and baseline applets are part of the Android Open Source Project in trusty/.

Not everything is published, particularly Tensor specific portions. It’d be helpful to publish the rest to make it easier to audit and propose improvements.

They still need to publish the Titan M2 fork of OpenTitan too, which they committed to eventually doing several years ago.

OpenTitan was created to replace their secure elements based on ARM secure cores with a custom RISC-V design across their servers, Chromebooks and Pixel phones/tablets. Pixel 6 and later have a RISC-V secure element (Titan M2), but they still need to publish Pixel specific code.

Upstream OpenTitan project is currently focused on implementing the TPM specification for desktop/server use. TPM is a horrible secure element API. It isn’t what’s used on Pixels where they got to design APIs for usage by the Android Open Source Project based on what it needs.

This is closely related to publishing the rest of the Trusty code used for Pixels, since they implement communication using authenticated encryption between the SoC secure core and the standalone secure element. Non-Pixel Android ecosystem could benefit a lot from all this code.