Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Google Announces Open Source Silicon Root-of-Trust Project

Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a trustworthy state.

Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a trustworthy state.

OpenTitan aims to deliver a high-quality RoT design and integration guidelines that can be used in data center servers, storage, peripherals, and more, and Google decided to open source it to make it more transparent, trustworthy, and secure.

Silicon RoT verifies that critical system components boot securely using authorized and verifiable code, Google explains.OpenTitan

To improve security, Silicon RoT ensures that a server or a device boots with the correct firmware, provides a cryptographically unique machine identity, protects secrets like encryption keys in a tamper-resistant way, and delivers authoritative, tamper-evident audit records and other runtime security services.

Applications for the technology range from server motherboards and network cards to client devices (such as laptops and phones), consumer routers, IoT devices, and more.

Google’s custom-made RoT chip, Titan, has helped ensure that machines in the Internet giant’s data centers boot from a known trustworthy state with verified code, the company explains.

“Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon,” Google says.

According to Google, open source silicon can improve trust and security by ensuring the transparency of design and implementation, can encourage innovation through contributions to the open source design, and can offer implementation choice, while preserving a set of common interfaces and software compatibility guarantees.

Managed by the independent not-for-profit company lowRISC CIC, the OpenTitan project is supported by partners such as ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital.

Advertisement. Scroll to continue reading.

According to Google, transparency is at the heart of building the logical design of a silicon RoT, including the open source microprocessor, cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more.

OpenTitan, the Internet giant explains, is based on three key principles, namely transparency, high quality, and flexibility. Thus, anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation, while adopters can reduce costs via a vendor- and platform-agnostic silicon RoT design.

Related: Google’s USB-C Titan Security Key Arrives in the U.S.

Related: New YubiKey 5Ci Has Both USB-C and Lightning Connectors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...