Google company new open project , which is a platform for creating trustworthy hardware components (RoT, Root of Trust). OpenTitan is based on technologies already used in cryptographic USB tokens и to provide verified downloads installed on servers in Google's infrastructure, as well as on Chromebooks and Pixel devices. Project-related code and hardware specifications on GitHub under the Apache 2.0 license.
Unlike existing implementations of Root of Trust, the new project is being developed in accordance with the concept of “security through transparency”, implying a completely open development process and the availability of code and schematics. OpenTitan can be used as a ready-made, proven and reliable framework that allows you to increase confidence in the solutions being created and reduce costs when developing specialized security chips. OpenTitan will develop on an independent platform as a joint project, not tied to specific suppliers and chip manufacturers.
The development of OpenTitan will be overseen by a non-profit organization , developing a free microprocessor based on the RISC-V architecture. The companies G+D Mobile Security, Nuvoton Technology and Western Digital have already joined the joint work on OpenTitan, as well as ETH Zurich and the University of Cambridge, researchers from which are developing a secure processor architecture (Capability Hardware Enhanced RISC Instructions) and recently a grant of 190 million euros to adapt related technologies to ARM processors and create a prototype of the new Morello hardware platform.
The OpenTitan project covers the development of various logic components required in RoT chips, including an open microprocessor based on the RISC-V architecture, cryptographic coprocessors, hardware random number generator, hierarchy of key and data storage in permanent and RAM, security mechanisms, input/output units, secure boot tools, etc. OpenTitan can be used where the integrity of system hardware and software components must be ensured, ensuring that critical system components have not been tampered with and are based on verified and manufacturer-authorized code.
Chips based on OpenTitan can be used in
server motherboards, network cards, consumer devices, routers, Internet of Things devices for firmware verification (detection of firmware modification by malware), provision of a cryptographically unique system identifier (protection against hardware substitution), protection of cryptographic keys (key isolation in case an attacker gains physical access to equipment), providing security-related services and maintaining an isolated audit log that cannot be edited or erased.
Source: opennet.ru