About the secure module
Some Chrome devices are shipped with a secure module to provide a number of hardware level security features.
What does Chrome OS use the secure module for?
The operating system that runs Chrome devices, Chrome OS, uses the secure module to:
- Prevent software and firmware version rollback
- Maintain information to detect transitions between normal and developer modes
- Protect data encryption keys
- Protect certain user keys ("hardware-backed" certificates)
- Provide tamper evidence for installation attributes
- Protect stateful partition encryption keys
- Attest secure module hardware-backed keys
- Attest device mode
No remote computer has access to the secure module.
What does Chrome OS not use the secure module for?
Chrome OS does not use the secure module for the following:
- Trusted boot (the secure module isn’t used as part of the Chrome OS verified boot solution)
- Runtime platform configuration measurement
- Whole-disk encryption; in particular, the secure module isn’t used to unwrap an encryption key during the boot process