Google’s OpenTitan Platform for Credible Chips: Project Opportunities
The authors of the OpenTitan platform project, which is designed to create trustworthy hardware components (RoT, Root of Trust),
about the completion of an important stage, the stage of RTL design. At the moment, the logical design of the platform is recognized as suitable for creating a physical chip and is declared frozen from making further changes. The work has moved to the stage of logical synthesis, which converts the high-level RTL into a low-level description at the level of logical elements and conductors. Available for testing, working prototypes of the chips are planned to begin production by the end of 2023.
What is this platform?
Previously, the project team talked about how OpenTitan is a platform for building trustworthy hardware components (RoT, Root of Trust), which can be used where you need to guarantee the integrity of the hardware and software elements of the system, making sure that critical parts of the system have not been spoofed and based on a code verified and authorized by the manufacturer. The project provides a ready-made, proven and reliable framework that allows you to increase the confidence in the created solutions and reduce costs in the development of specialized security chips.
The chips that are developed with this product are can be used in server motherboards, network cards, consumer devices, routers, IoT devices for verifying firmware and downloadable components, as well as for generating cryptographically unique system identifiers (protection against equipment spoofing), protecting cryptographic keys (isolating keys in case an attacker gains physical access equipment), providing security-related services, and maintaining an isolated audit log that cannot be edited or deleted.
How it works?
The principle of the platform is the use of logical blocks. They are in demand in RoT chips, such as an open microprocessor based on the RISC-V architecture (RV32IMCB Ibex), cryptographic coprocessors, a hardware random number generator, a key manager with DICE support, a mechanism for secure data storage in permanent and random access memory, protection technologies, blocks I/O, secure boot facilities, etc. The device also provides blocks that implement generic encryption algorithms such as AES and HMAC-SHA256, and a math accelerator used in public key digital signature algorithms such as RSA and elliptic curve algorithms.
The platform is based on previously created reliable solutions. For example, these technologies are already used in the Google Titan USB cryptographic tokens and TPM chips for verified downloads installed on servers in the Google infrastructure, as well as on Chromebooks and Pixel devices. At the same time, unlike existing implementations of Root of Trust, OpenTitan is developing in accordance with the concept of “security through transparency”, which implies the availability of code and schemes, as well as a completely open development process that is not tied to specific vendors and chip manufacturers.
OpenTitan is positioned as an independent collaborative project and developed under the auspices of the non-profit organization lowRISC, which oversees the development of a free microprocessor based on the RISC-V architecture. In addition to Google and lowRISC, Western Digital, Seagate, Nuvoton Technology, Winbond, Rivos, zeroRISC and G+D Mobile Security, as well as the ETH Zurich are involved in the development. The associated code and hardware specifications are published under the Apache 2.0 license.
