OpenTitan – an open-source blueprint for a Root of Trust (RoT) system-on-chip based on RISC-V and managed by a team in Cambridge, UK – was teased by Google along with several partners today.
Hardware RoT is a means of verifying the firmware and system software in a computing device has not been tampered with, enabling features such as secure boot. Hardware RoT can also verify the integrity and authenticity of software updates, and prevent a system from being rolled back to an earlier version with known vulnerabilities. It is the lowest-level security piece in a trustworthy system.
But can you trust the RoT itself? The goal of OpenTitan is to provide an open-source design for RoT silicon so that it is (as far as possible) open for inspection.
The OpenTitan SoC will use the RISC-V open-source CPU instruction set architecture, and will be managed by lowRISC, a nonprofit in Cambridge, which has "an open-source hardware roadmap in collaboration with Google and other industry partners," we're told.
Today's announcement comes from Google, Western Digital, the ETH Zurich university, chip maker Nuvoton Technology, and friends.
The Apache 2.0-licensed OpenTitan SoC will include the lowRISC Ibex microprocessor design, cryptographic coprocessors, a hardware random-number generator, volatile and non-volatile storage, IO peripherals, and additional defensive mechanisms. It can be used in any kind of device, from servers and smartphones to Internet-of-Things gadgets.
The project founder and director is Dominic Rizzo, a Google Cloud engineer. He said OpenTitan has been underway for about two years, and that thanks to the involvement of the aforementioned partners, "almost exactly half of the contributions are coming from outside Google."
According to Rizzo: "Current silicon roots of trust are highly proprietary wherein they claim security but you have to take that as a leap of faith and you can't verify it for yourself. OpenTitan is the first open-source silicon root of trust."
Rizzo said there will also be a certification process for implementers, and integration guidelines for users. A reference implementation will be built by lowRISC.
Who will use OpenTitan? The Titan name comes from the custom silicon Google uses to secure its servers in its data centres, and according to the team, OpenTitan uses "key learnings from designing Google's Titan chips."
Asked whether it would shift to OpenTitan for servers or Pixel devices, the web giant told The Register "we don't have anything to share about future product plans for Google." Given the Chocolate Factory's sponsorship of the project, it would be reasonable to speculate along those lines.
One of Google's goals is to persuade us of the security of its own systems. Western Digital said it "is working with ecosystem partners to optimize the OpenTitan framework to meet the diverse security demands of data-centric storage use cases from the core to the edge." ®