Google is working on bringing full compatibility with its Titan security standard and the accompanying USB keys to Chrome OS. The Titan standard is a special security measure that works on both hardware and software levels, and uses a dedicated microprocessor for ongoing live security and verified booting on compatible hardware. It’s available built-in with specialized systems, or via a special USB key. It’s the latter flavor that the company is working into Chrome OS, according to the Chromium code gerrit. Currently, the standard seems to be in the early testing phase; Chrome OS code indicates that Googlers are testing certain functions regarding the key, such as autosuspend and the system’s whitelist.
Titan is currently in use only on Google’s own systems, and there is no real indication in this code that this will change. Titan is similar to Yubikey, but uses a wider range of security measures. It was developed internally by Google, and uses a very tiny microprocessor that runs specialized code to verify anything attached to it. On Google’s own servers that have Titan, the coprocessor runs at boot to verify that the system has not been tampered with, and keeps running to verify all code that runs on the system does not follow any known patterns of malware. Titan has fixed, preprogrammed code in its long-term read-only memory that ensures that it can never be compromised in typical access scenarios, whether remotely or physically.
This change to Chrome OS’ internal code does not necessarily reflect any consumer-facing changes or patterns, since Titan seems to only be used internally by Google. Still, adding in more physical security standards does add in a basis to build others. This will be the fourth such standard that Chrome OS is compatible with, should it be fully implemented. While Titan hardware may never leave Google’s offices, the company could quite possibly sell the technology in the future, with enterprise use cases through Chrome OS being the prime selling point. One interesting thing to note is that adding an internal security standard to Chrome OS may mean that Google intends to use Chromebooks in more mission-critical applications internally.