Connect with us

Hi, what are you looking for?


IoT Security

Google Announces Open Source Silicon Root-of-Trust Project

Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a trustworthy state.

Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a trustworthy state.

OpenTitan aims to deliver a high-quality RoT design and integration guidelines that can be used in data center servers, storage, peripherals, and more, and Google decided to open source it to make it more transparent, trustworthy, and secure.

Silicon RoT verifies that critical system components boot securely using authorized and verifiable code, Google explains.OpenTitan

To improve security, Silicon RoT ensures that a server or a device boots with the correct firmware, provides a cryptographically unique machine identity, protects secrets like encryption keys in a tamper-resistant way, and delivers authoritative, tamper-evident audit records and other runtime security services.

Applications for the technology range from server motherboards and network cards to client devices (such as laptops and phones), consumer routers, IoT devices, and more.

Google’s custom-made RoT chip, Titan, has helped ensure that machines in the Internet giant’s data centers boot from a known trustworthy state with verified code, the company explains.

“Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon,” Google says.

According to Google, open source silicon can improve trust and security by ensuring the transparency of design and implementation, can encourage innovation through contributions to the open source design, and can offer implementation choice, while preserving a set of common interfaces and software compatibility guarantees.

Advertisement. Scroll to continue reading.

Managed by the independent not-for-profit company lowRISC CIC, the OpenTitan project is supported by partners such as ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital.

According to Google, transparency is at the heart of building the logical design of a silicon RoT, including the open source microprocessor, cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more.

OpenTitan, the Internet giant explains, is based on three key principles, namely transparency, high quality, and flexibility. Thus, anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation, while adopters can reduce costs via a vendor- and platform-agnostic silicon RoT design.

Related: Google’s USB-C Titan Security Key Arrives in the U.S.

Related: New YubiKey 5Ci Has Both USB-C and Lightning Connectors

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...