Google this week announced OpenTitan, an open source silicon root of trust (RoT) project that can help ensure that both hardware infrastructure and the software running on it remain in a trustworthy state.
OpenTitan aims to deliver a high-quality RoT design and integration guidelines that can be used in data center servers, storage, peripherals, and more, and Google decided to open source it to make it more transparent, trustworthy, and secure.
Silicon RoT verifies that critical system components boot securely using authorized and verifiable code, Google explains.
To improve security, Silicon RoT ensures that a server or a device boots with the correct firmware, provides a cryptographically unique machine identity, protects secrets like encryption keys in a tamper-resistant way, and delivers authoritative, tamper-evident audit records and other runtime security services.
Applications for the technology range from server motherboards and network cards to client devices (such as laptops and phones), consumer routers, IoT devices, and more.
Google’s custom-made RoT chip, Titan, has helped ensure that machines in the Internet giant’s data centers boot from a known trustworthy state with verified code, the company explains.
“Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon,” Google says.
According to Google, open source silicon can improve trust and security by ensuring the transparency of design and implementation, can encourage innovation through contributions to the open source design, and can offer implementation choice, while preserving a set of common interfaces and software compatibility guarantees.
Managed by the independent not-for-profit company lowRISC CIC, the OpenTitan project is supported by partners such as ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital.
According to Google, transparency is at the heart of building the logical design of a silicon RoT, including the open source microprocessor, cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more.
OpenTitan, the Internet giant explains, is based on three key principles, namely transparency, high quality, and flexibility. Thus, anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation, while adopters can reduce costs via a vendor- and platform-agnostic silicon RoT design.
Related: Google’s USB-C Titan Security Key Arrives in the U.S.
Related: New YubiKey 5Ci Has Both USB-C and Lightning Connectors