About the secure module

Some Chrome devices are shipped with a secure module to provide a number of hardware level security features.

What does Chrome OS use the secure module for?

  • Prevent software and firmware version rollback.
  • Maintain information to detect transitions between normal and developer modes.
  • Protect data encryption keys.
  • Protect certain user keys ("hardware-backed" certificates).
  • Provide tamper evidence for installation attributes.
  • Protect stateful partition encryption keys.
  • Attest secure module hardware-backed keys.
  • Attest device mode.

No remote computer has access to the secure module.

What does Chrome OS not use the secure module for?

  • Trusted boot (the secure module isn’t used as part of the Chrome OS verified boot solution).
  • Runtime platform configuration measurement.
  • Whole-disk encryption. In particular, the secure module isn’t used to unwrap an encryption key during the boot process.
Was this helpful?
How can we improve it?