Non-profit organization with the participation of Google and other sponsors November 5, 2019 project , which he calls "the first open source project to create an open, high-quality Root of Trust (RoT) chip architecture at the hardware level."
OpenTitan on RISC-V architecture is a special-purpose chip for installation on servers in data centers and in any other equipment where it is necessary to ensure the authenticity of the boot, protect the firmware from changes and exclude the possibility of rootkits: these are motherboards, network cards, routers, IoT devices , mobile gadgets, etc.
Of course, there are such modules in modern processors. For example, the Intel Boot Guard hardware module is the root of trust in Intel processors. It verifies the authenticity of the UEFI BIOS through a chain of trust before booting the OS. But the question is, how much can we trust the proprietary roots of trust, given the fact that we have no guarantees that the design will not have bugs, and there is no way to check it? See article with a description of "how a cloned bug in the production of several vendors for years allows a potential attacker to use this technology to create a hidden rootkit that cannot be removed (even by a programmer) in a system."
The threat of equipment compromise in the supply chain is surprisingly real: apparently, any amateur electronics engineer using equipment costing no more than $200. Some experts suspect that "organizations with a budget of hundreds of millions of dollars may have been doing this for years." Although there is no evidence, it is theoretically possible.
"If you can't trust the hardware loader, it's game over," Gavin Ferris, board member of lowRISC. - It doesn't matter what the operating system does - if by the time the operating system boots you are compromised, then the rest is a matter of technology. You are already finished."
This problem should be solved by the first of its kind open hardware platform OpenTitan (, , ). Moving away from proprietary solutions will change the βclumsy and imperfect RoT industry,β Google says.
Google itself began developing Titan after discovering the Minix operating system built into Intel Management Engine (ME) chips. This complex OS expanded the attack surface in an unpredictable and unmanageable way. Google , but unsuccessfully.
What is the root of trust?
Each step in the system boot process authenticates the next step, thus generating chain of trust.
Root of Trust (RoT) is a hardware-based authentication that ensures that the origin of the first executable instruction in a chain of trust cannot be changed. RoT is the basic protection against rootkits. This is a key step in the boot process and is involved in the further startup of the system - from the BIOS to the OS and applications. It must authenticate each subsequent download step. To do this, at each stage, a set of keys with a digital signature is used. One of the most popular hardware key protection standards is TPM (Trusted Platform Module).
Establishing a root of trust. Above is a five-stage boot that forms a chain of trust and starts with a bootloader residing in immutable memory. Each step uses a public key that authenticates the next component to be loaded. Illustration from Perry Lee's book
RoT can be started in different ways:
- loading image and root key from firmware or immutable memory;
- storing the root key in a one-time programmable memory using fuse bits;
- loading code from a protected memory area into a protected storage.
Root of trust is implemented differently in different processors. Intel and ARM
support the following technologies:
- ARM TrustZone. ARM sells a proprietary silicon block to chipmakers that provides a root of trust and other security mechanisms. This separates the microprocessor from the unsafe core; it runs Trusted OS, a secure operating system with a well-defined interface for interacting with insecure components. Protected resources reside in a trusted core and should be as lightweight as possible. Switching between different types of components is done using hardware context switching, eliminating the need for secure monitoring software.
- Intel Boot Guard is a hardware mechanism for verifying the identity of the initial boot block by cryptographic means or by means of a measurement process. To verify the initial block, the manufacturer must generate a 2048-bit key, which consists of two parts: public and private. The public key is printed on the board by "detonating" the fuse bits during the manufacturing phase. These bits are one-time and cannot be changed. The private part of the key generates a digital signature for subsequent authentication of the download step.
The OpenTitan platform opens up key parts of such a hardware/software system, as shown in the diagram below.
OpenTitan Platform
The development of the OpenTitan platform is managed by the non-profit organization lowRISC. The engineering team is based in Cambridge, UK and the main sponsor is Google. Founding partners include ETH Zurich, G+D Mobile Security, Nuvoton Technology and Western Digital.
Google project in the corporate blog Google Open Source. The company said that OpenTitan aims to "provide high quality RoT design and integration guidance for use in data center servers, storage, edge devices and more."
The root of trust is the first link in the chain of trust at the lowest level in the trusted compute module, which is always fully trusted by the system.
RoT is critical for applications including public key infrastructures (PKIs). It is the foundation of the security system on which a complex system such as an IoT application or data center is based. Therefore, it is understandable why Google supports this project. It now has 19 data centers on five continents. Data centers, storage, and mission-critical applications present a large attack surface, and to protect this infrastructure, Google initially developed its own root of trust on the Titan chip.
for Google data centers was first introduced at the Google Cloud Next conference. βOur computers do a cryptographic check of each software package and then decide whether to give it access to network resources. Titan integrates into this process and offers additional layers of protection, βGoogle representatives said at that presentation.
Titan Chip in Google Server
The Titan architecture was owned by Google, but is now in the public domain as part of an open source project.
The first stage of the project is the creation of the logical design of RoT at the chip level, including an open source microprocessor , cryptographic processors, hardware random number generator, key and memory hierarchies for nonvolatile and nonvolatile storage, security mechanisms, I/O peripherals, and secure boot processes.
Google says that OpenTitan is based on three key principles:
- everyone has the opportunity to test the platform and contribute;
- increased flexibility by opening up a logically secure design that is not blocked by proprietary vendor restrictions;
- quality provided not only by the design itself, but also by reference firmware and documentation.
βThe current chips with roots of trust are very proprietary. They claim to be secure, but in reality you take it for granted and you canβt verify them yourself,β says Dominic Rizzo, lead security specialist for the Google Titan project. βNow, for the first time, it is possible to provide security without blindly trusting the developers of the proprietary design of the roots of trust. So the foundation is not just solid, it can be tested.β
Rizzo added that OpenTitan could be considered "a radically transparent design compared to the current state of affairs."
According to the developers, OpenTitan should by no means be considered a finished product, because the development has not yet been completed. They deliberately opened the specs and design in the middle of development so that everyone can test it, provide input, and improve the system before production starts.
To start manufacturing OpenTitan chips, you need to apply and get certified. Apparently, no license fees are required.
Source: habr.com