Caliptra is an open specification for incorporating security mechanisms into chips.
Recently Google, AMD, NVIDIA and Microsoft announced through a blog post, the news of the project as a whole «calyptra», with which they have developed an open chip design block (IP block) to embed tools on chips to create reliable hardware components (RoT, Root of Trust).
calyptra is a separate hardware unit with its own memory, processor, and implementation of cryptographic primitives, which provides verification of the boot process, the firmware used, and the device configuration stored in non-volatile memory.
Caliptra can be used to integrate a separate hardware unit into multiple chips which performs integrity checks and ensures that the device uses firmware verified and authorized by the manufacturer. calyptra can significantly simplify and unify the integration of verification mechanisms Hardware cryptography built into CPUs, GPUs, SoCs, ASICs, network adapters, SSDs, and other equipment.
The basic implementation of the IP block is based on the open RISC-V SWeRV EL2 processor and is equipped with 384 KB of RAM (128 KB DCCM, 128 KB ICCM0 and 128 KB SRAM) and 32 KB of ROM. Supported cryptographic algorithms include SHA256, SHA384, SHA512 ECC Secp384r1, HMAC-DRBG, HMAC SHA384, AES256-ECB, AES256-CBC, and AES256-GCM.
The project Caliptra revolves around establishing a root of trust (RoT)Build layers of security into the silicon so that data is encrypted and not exposed while traveling in data centers or in the cloud.
“Today marks a major step forward in industry-wide security collaboration with the release of the Caliptra 0.5 specifications by OCP and the availability of Caliptra 0.5 RTL through the CHIPS Alliance. AMD will continue to be an active participant in Caliptra and the Open Compute Project. in support of our customers and partners across the ecosystem.” Mark Papermaster, CTO and Executive Vice President of Technology and Engineering at AMD
"Open ecosystems and projects are core to Google's business and have been since day one," said Partha Ranganathan, Vice President and Member of Engineering, Google Cloud and OCP Board Member. “With Caliptra, we are bringing the speed of open source development to infrastructure security, allowing the community to collectively strengthen a strong block of IP that we can all trust across a diverse set of silicon offerings.”
“More transparency and consistency in low-level hardware security is needed. We are opening Caliptra with our partners to address these needs." Mark Russinovich, CTO and Technical Fellow at Microsoft Azure.
The means of cryptographic verification of integrity and authenticity provided by the platform will protect hardware components from the introduction of malicious firmware changes and they will secure the configuration loading and saving process to prevent the main system from being compromised as a result of attacks on hardware components or substitution of malicious changes in chip supply chains.
calyptra also provides the ability to authenticate firmware updates and platform-related data (RTU, Root of Trust for Update), detect firmware corruption and critical data (RTD, Root of Trust for Detection), restore corrupted firmware and data (RTRec, Root of Trust for Recovery).
Caliptra is being developed on the platform of the Open Comput joint project, which aims to develop open specifications for equipment to equip data centers.
The specifications Related to Caliptra are distributed through the Open Web Foundation Agreement (OWFa), designed to promote open standards (similar to an open source license for specifications). The use of OWFa makes it possible to create your own products and derived implementations based on specification without deducting royalties and allows any organization to participate in the development of the specification.
Finally, if you are interested in knowing more about it, you can consult the details In the following link.