Google announces a project called OpenTitan, designed to design open source security chips, thus inciting the current hardware-based security of the chip. The current OpenTitan project is broadly based on a proprietary “Root of Trust” chip that Google uses on its Pixel 3 and Pixel 4 smartphones. But OpenTitan has its own chip architecture and schematics developed by lowRISC engineers and partners at the ETH Zurich, Nuvoton Technology, G+D Mobile Security, and Western Digital.
The structure of OpenTitan is very similar to high-quality, high-reliability open-source software projects. The alliance will use community feedback and contributions to develop and improve industrial-grade chip designs, while lowRISC will manage the OpenTitan project.
According to Google’s blog post, the benefits of silicon RoT include:
- Ensuring that devices boot with correct firmware, free from malware infection.
- Provide a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate.
- Protect secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped).
- Provide authoritative, tamper-evident audit records and other runtime security services.
The OpenTitan project is rooted in three key principles:
- Transparency – anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation to help build more transparent, trustworthy silicon RoT for all.
- High quality – we are building a high-quality logically-secure silicon design, including reference firmware, verification collateral, and technical documentation.
- Flexibility – adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design that can be integrated into data center servers, storage, peripheral and other devices.
Currently, users can view the OpenTitan Github repository, but the schematic is not yet complete. Users can also test the OpenTitan part of the architecture on a special type of reprogrammable processor for field-programmable gate arrays, but the complete OpenTitan chip cannot be built right away. The exact time of release depends on how much community feedback the project receives and how difficult it is to resolve them.