About the secure module

Some Chrome devices are shipped with a secure module to provide a number of hardware level security features.

What does ChromeOS use the secure module for?

  • Prevent software and firmware version rollback.
  • Maintain information to detect transitions between normal and developer modes.
  • Protect data encryption keys.
  • Protect certain user keys ("hardware-backed" certificates).
  • Provide tamper evidence for installation attributes.
  • Protect stateful partition encryption keys.
  • Attest secure module hardware-backed keys.
  • Attest device mode.

No remote computer has access to the secure module.

What does ChromeOS not use the secure module for?

  • Trusted boot (the secure module isn’t used as part of the ChromeOS verified boot solution).
  • Runtime platform configuration measurement.
  • Whole-disk encryption. In particular, the secure module isn’t used to unwrap an encryption key during the boot process.

Was this helpful?

How can we improve it?
false
Search
Clear search
Close search
Google apps
Main menu
710094304504872112
true
Search Help Center
true
true
true
true
true
208
false
false