Google, AMD, NVIDIA and Microsoft, as part of the Caliptra joint project, have developed an open chip design block (IP block) for embedding tools in chips to create trustworthy hardware components (RoT, Root of Trust). Caliptra is a separate hardware unit with its own memory, processor and implementation of cryptographic primitives, which provides verification of the boot process, firmware used and the device configuration stored in non-volatile memory.
Caliptra can be used to integrate an independent hardware unit into various chips, which performs integrity checks and ensures that the device uses verified and authorized firmware for the device. Caliptra can significantly simplify and unify the integration of built-in hardware cryptographic verification mechanisms into CPUs, GPUs, SoCs, ASICs, network adapters, SSD drives, and other equipment.
The means of cryptographic verification of integrity and authenticity provided by the platform will protect hardware components from the introduction of malicious changes to the firmware and secure the process of loading and storing the configuration in order to prevent the main system from being compromised as a result of attacks on hardware components or substitution of malicious changes in the supply chains of chips. Caliptra also provides the ability to authenticate firmware updates and platform-related data (RTU, Root of Trust for Update), detect damage to firmware and critical data (RTD, Root of Trust for Detection), restore damaged firmware and data (RTRec, Root of Trust for Recovery).
Caliptra is being developed on the platform of the Open Compute joint project, aimed at developing open specifications for equipment for equipping data centers. Caliptra-related specifications are distributed using the Open Web Foundation Agreement (OWFa), designed to distribute open standards (similar to an open source license for specifications). The use of OWFa makes it possible to create your own products and derivative implementations based on the specification without deducting royalties and allows any organization to take part in the development of the specification.
The basic implementation of the IP block is based on the open RISC-V SWeRV EL2 processor and is equipped with 384KB of RAM (128KB DCCM, 128KB ICCM0 and 128KB SRAM) and 32KB ROM. Supported cryptographic algorithms include SHA256, SHA384, SHA512 ECC Secp384r1, HMAC-DRBG, HMAC SHA384, AES256-ECB, AES256-CBC and AES256-GCM.
Source: opennet.ru