Motorola Phones and PQC support

n2gwtl

I have been reading the GOS hardware requirements https://grapheneos.org/faq#future-devices and it seems to be missing details on PQC support. It seems Google has adopted an aggressive timeline for transitioning to PQC in their secure element and verified boot. Will the Motorola phones support PQC secure/verified boot and PQC signing keys in the secure element?

de0u

n2gwtl If Google is updating the library code that Android bootloaders use for AVB (source) and believes they can ship this out to current devices to update their bootloaders, the same should be true of other vendors who are on top of things.

I suspect this will be fine.

DohnJoe

n2gwtl

From the same link you posted we can read:

Non-exhaustive list of requirements for future devices

I trust GOS team (and Motorola) they will include whatever is considered important for the project, including PQC (if considered important).

n2gwtl

But belo

de0u but below that, the ROM code must include public PQC keys.

de0u

n2gwtl but below that, the ROM code must include public PQC keys.

Modern devices mostly don't have ROM as such; most work from NAND flash.

Android bootloaders are fairly frequently upgraded. The GrapheneOS installation process includes adding an Android Verified Boot signing key. It is not clear there is any obstacle to adding key material of any type through normal update channels.

n2gwtl

DohnJoe I trust GOS, too. But they have publicly published their hardware requirements and do not mention PQC which goes beyond software.

n2gwtl

de0u

The ROM serves as a hardware root of trust. It is the anchor for secure boot. The higher stages of secure boot probably rely on NAND flash.

de0u

n2gwtl The ROM serves as a hardware root of trust.

Ok, you forced me to have an extended conversation with an LLM (more than an hour). As expected, much of what it said was wrong, but I think I have a coherent picture. Note that what I am posting is my understanding, not LLM output. Also, since the LLM isn't great about providing citations that work, and I've already spent well over an hour on this, I'm not going to provide citations (at least not this afternoon).

At least at present, quantum computers threaten classical signature algorithms (RSA, DSA) much more than they threaten classical encryption algorithms or classical secure hash functions.
The first-stage bootloader on old devices (such as a Pixel 6) performs a classical signature check on the second-stage bootloader, and this code cannot be changed. This is unfortunate, because if the key for that signature is blown by a quantum computer then people can sign malicious second-stage bootloaders.
However, the first-stage bootloader hashes/measures itself and the second-stage loader into Platform Configuration Registers (PCRs). So even if a malicious second-stage bootloader has a fake-correct classical signature and is launched by the first-stage loader, the PCRs will still be off.
The Titan M2 secure element won't release the storage encryption keys for the flash storage if the hashes of the bootloader and OS in the PCRs don't look right.
An upgrade path will be built into a new release of the Titan M2 firmware so that during an upgrade from a classical-signing bootloader chain to a PQC-signing bootloader chain the flash storage encryption keys will be re-encrypted based on the new chain of trust.

I expect I still have some details wrong. But I now believe that Google will be able to update out a new bootloader path that will provide acceptable assurance even on devices that are already in the field. And unless there is a reasonable claim that Samsung or Motorola has made a specific mistake that would stand in the way of them doing something similar, I still/again suspect it'll be ok.