Google Titan · GitBook

Understanding the UEFI Secure Boot Chain

DRAFT [03/30/2021 03:43:22]

Revision 01.0

Google Titan

Google developed Titan as a hardware root-of-trust solution for Google Cloud Platform (GCP). Aside from basic secure boot, Titan implements remediation and first-instruction integrity. These features are like functions found in Intel Boot Guard and Project Cerberus.

“Trust can be re-established through remediation in the event that bugs in Titan firmware are found and patched, and first-instruction integrity allows the platform to identify the earliest code that runs on each machine’s startup cycle.”

-- “Titan in depth: Security in plaintext” (cloud.google.com)

Figure 4-10 shows the Titan System Integration diagram. Figure 4-11 shows the Titan Verified Boot flow.

Figure 4-10: Titan System Integration (source: “Titan silicon root of trust for Google Cloud”)

Figure 4-11: Titan Verified Boot(source: “Titan silicon root of trust for Google Cloud”)

Understanding the UEFI Secure Boot Chain

DRAFT [03/30/2021 03:43:22]

Revision 01.0