Some days ago Google presented a new open project, which has as name "OpenTitan " and that describes how a platform for creating trusted hardware components (RoT, Root of Trust). OpenTitan builds on technologies already used in Google Titan crypto USB tokens and TPM chips to provide verified downloads installed on servers on Google's infrastructure, as well as on Chromebook and Pixel devices.
G + D Mobile Security, Nuvoton Technology and Western Digital have already joined the OpenTitan collaboration, as well as in the Zurich Higher Technical School and the University of Cambridge, whose researchers are developing the architecture safe processora CHERI (Capability Hardware Enhanced RISC Instructions) and recently received a grant of 190 million euros to adapt technologies related to ARM processors and create prototypes of the new Morello hardware platform.
The goal of the new coalition is to create reliable chip designs for use in data centers, storage and computing peripherals, that are open and transparent, allowing anyone to inspect hardware for security vulnerabilities and backdoors.
Unlike existing Root of Trust implementations, the new project is being developed in accordance with the concept of 'security through transparency', which implies a completely open development process and the availability of code and schematics.
OpenTitan can be used as a ready, tested and reliable framework that allows you to increase confidence in the solutions created and reduce costs by developing specialized chips for security. OpenTitan se will develop on an independent platform as a joint project, not tied to specific chip vendors and manufacturers.
"When Google initially saw the industry need for an open source reference design, we knew that it would require a mature third-party administrator like lowRISC to foster such an open source project for the community," said Dominic Rizzo, leader of Google OpenTitan.
OpenTitan will be overseen by the non-profit organization lowRISC, which is developing a free microprocessor based on the RISC-V architecture.
The OpenTitan project covers the development of various logic components demanded in RoT chips, including the lowRISC Ibex open microprocessor based on the RISC-V architecture, cryptographic coprocessors, a hardware random number generator, a constant and random access memory data and key storage hierarchy, mechanisms protection devices, I / O input blocks, safe boot media, etc.
OpenTitan can be used wherever it is needed to ensure the integrity of the system's hardware and software components, ensuring that critical system components have not been replaced and are based on manufacturer-approved and verified code.
Chips based on OpenTitan can be used in server motherboards, network cards, consumer devices, routers, Internet of Things devices to verify firmware (detect firmware modifications by malware), provide a cryptographically unique system identifier (hardware counterfeiting protection), and protect Cryptographic keys (key isolation in the event that an attacker gains physical access to computers), provides security-related services, and maintains an isolated audit trail that cannot be edited or deleted.
OpenTitan engineers are currently building the logic design for a silicon RoT. So far that includes an open source microprocessor (lowRISC Ibex, a design based on RISC-V), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defense mechanisms, peripheral IOs, secure boot and more.
You can view progress on GitHub as project-related code and hardware specs are published on GitHub under the Apache 2.0 license.