Oh joy. So when this sort of stuff comes to mobile phones, at least when the McDonalds app refuses to start on your pocket general purpose computer (because it's not running software that Google considers 'trustworthy') you'll be able to confidently say that the RTL for the part of the chip that is ultimately responsible for betraying your interests is open source. Surely consolation enough for missing out on your burger discount.
I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.
mrheosuper · 1h ago
"Open" does not mean "open source" anymore thanks to "OpenAI"
For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s...> OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.
> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.
> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.
tonetegeatinst · 10h ago
When we discuss the security of silicon, and are calling it open silicon, is this because the design specs and libraries are all open source, or is it due to being able to do research on chip attacks without fear of being sued?
transpute · 9h ago
The hardware IP is Apache-licensed, https://github.com/lowRISC/opentitan. Ideally, it will be possible to buy commercial hardware that incorporates an open silicon RoT, perform a reproducible build of open firmware for the device RoT, then sign and install firmware with the device owner's key.
From OP:
> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.
research on chip attacks without fear of being sued
If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.
I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.
For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s... > OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.
For servers, https://github.com/chipsalliance/Caliptra & https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4...
> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.
https://opentitan.org/book/doc/use_cases/index.html & https://github.com/Microsoft/ms-tpm-20-ref
> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.
From OP:
> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.
If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.RISC-V based, follows the RISC-V marketing book.