Lub koom haum non-profit nrog Google thiab lwm tus neeg txhawb nqa Lub Kaum Ib Hlis 5, 2019 peb tes num , uas hu ua "thawj qhov chaw qhib qhov project los tsim ib qho qhib, zoo siab chip architecture nrog lub hauv paus ntawm kev ntseeg siab (RoT) ntawm qib kho vajtse."
OpenTitan raws li RISC-V architecture yog lub hom phiaj tshwj xeeb rau kev teeb tsa ntawm cov servers hauv cov chaw khaws ntaub ntawv thiab hauv lwm yam khoom siv uas tsim nyog los xyuas kom meej khau raj qhov tseeb, tiv thaiv lub firmware los ntawm kev hloov pauv thiab tshem tawm qhov muaj peev xwm ntawm rootkits: cov no yog cov motherboards, network cards, routers, IoT li, mobile gadgets, thiab lwm yam.
Ntawm chav kawm, zoo sib xws modules muaj nyob rau hauv niaj hnub processors. Piv txwv li, Intel Hardware Boot Guard module yog lub hauv paus ntawm kev ntseeg siab hauv Intel processors. Nws txheeb xyuas qhov tseeb ntawm UEFI BIOS los ntawm kev ntseeg siab ua ntej thauj khoom OS. Tab sis cov lus nug yog, ntau npaum li cas peb tuaj yeem tso siab rau cov hauv paus ntawm kev ntseeg siab, muab tias peb tsis muaj kev lees paub tias yuav tsis muaj kab hauv kev tsim, thiab tsis muaj txoj hauv kev los xyuas nws? Saib tsab xov xwm nrog rau cov lus piav qhia ntawm "yuav ua li cas cov kab laum uas tau cloned rau ntau xyoo hauv kev tsim tawm ntawm ntau tus neeg muag khoom tso cai rau tus neeg tawm tsam tuaj yeem siv cov thev naus laus zis no los tsim cov cuab yeej zais zais hauv lub kaw lus uas tsis tuaj yeem tshem tawm (txawm tias nrog tus programmer).
Qhov kev hem thawj ntawm kev sib haum xeeb ntawm cov khoom siv hauv cov saw hlau yog qhov xav tsis thoob tiag: pom tau tias, txhua tus kws tshaj lij hluav taws xob ua haujlwm pib siv cov cuab yeej raug nqi tsis tshaj $200. Qee cov kws tshaj lij xav tias "cov koom haum nrog kev siv nyiaj ntau pua lab daus las tuaj yeem ua qhov no tau ntau xyoo." Txawm hais tias tsis muaj pov thawj, nws yog theoretical ua tau.
"Yog tias koj tsis tuaj yeem ntseeg lub hardware bootloader, nws dhau los ua si," Gavin Ferris, tus tswv cuab ntawm pawg thawj coj ntawm lowRISC. - Nws tsis muaj teeb meem dab tsi lub operating system ua - yog hais tias los ntawm lub sij hawm lub operating system loads koj muaj kev cuam tshuam, ces tus so yog ib tug teeb meem ntawm technology. Koj twb tiav lawm."
Qhov teeb meem no yuav tsum tau daws los ntawm thawj ntawm nws hom qhib hardware platform OpenTitan (, , ). Kev txav deb ntawm cov tswv cuab daws teeb meem yuav pab hloov "kev lag luam RoT qeeb thiab tsis zoo," Google hais.
Google nws tus kheej pib tsim Titan tom qab tshawb pom Minix operating system ua rau Intel Management Engine (ME) chips. Qhov no complex OS nthuav dav qhov chaw nres nyob rau hauv unpredictable thiab uncontrolled txoj kev. Google , tab sis ua tsis tiav.
Lub hauv paus ntawm kev ntseeg yog dab tsi?
Txhua theem ntawm cov txheej txheem khau raj kuaj xyuas qhov tseeb ntawm theem tom ntej, yog li tsim saws kev ntseeg.
Lub hauv paus ntawm kev ntseeg siab (RoT) yog ib qho kev lees paub ntawm cov khoom siv kho vajtse uas ua kom ntseeg tau tias qhov chaw ntawm thawj qhov kev qhia ua tiav hauv cov saw ntawm kev ntseeg tsis tuaj yeem hloov pauv. RoT yog qhov yooj yim tiv thaiv rootkits. Qhov no yog theem tseem ceeb ntawm cov txheej txheem khau raj, uas yog koom nrog hauv kev pib ua haujlwm tom ntej ntawm lub kaw lus - los ntawm BIOS mus rau OS thiab cov ntawv thov. Nws yuav tsum txheeb xyuas qhov tseeb ntawm txhua kauj ruam tom ntej rub tawm. Txhawm rau ua qhov no, ib txheej ntawm cov yuam sij kos npe digitally yog siv ntawm txhua theem. Ib qho ntawm cov qauv nrov tshaj plaws rau kho vajtse tiv thaiv tseem ceeb yog TPM (Trusted Platform Module).
Tsim kom muaj lub hauv paus ntawm kev ntseeg siab. Saum toj no yog tsib-kauj ruam txheej txheem khau raj uas tsim kom muaj kev ntseeg siab, pib nrog lub bootloader hauv kev nco tsis hloov. Txhua kauj ruam siv tus yuam sij pej xeem txhawm rau txheeb xyuas tus kheej ntawm cov khoom txuas ntxiv mus rau kev thauj khoom. Piv txwv ntawm Perry Lee phau ntawv
RoT tuaj yeem tsim tawm hauv ntau txoj kev:
- thauj cov duab thiab cov hauv paus ntsiab lus los ntawm firmware lossis nco tsis hloov;
- khaws cov hauv paus ntsiab lus hauv ib lub sijhawm programmable nco siv fuse khoom;
- Chaw thau khoom code los ntawm thaj chaw nco tiv thaiv mus rau hauv qhov chaw khaws cia.
Cov txheej txheem sib txawv siv lub hauv paus ntawm kev ntseeg sib txawv. Intel thiab ARM
txhawb cov thev naus laus zis hauv qab no:
- ARM TrustZone. ARM muag cov khoom siv silicon thaiv rau chipmakers uas muab lub hauv paus ntawm kev ntseeg siab thiab lwm yam kev ruaj ntseg mechanisms. Qhov no cais cov microprocessor los ntawm cov tub ntxhais tsis ruaj ntseg; Nws khiav Trusted OS, kev ua haujlwm ruaj ntseg nrog lub interface zoo rau kev cuam tshuam nrog cov khoom tsis ruaj ntseg. Cov peev txheej tiv thaiv nyob rau hauv cov tub ntxhais uas ntseeg siab thiab yuav tsum yog qhov hnyav li sai tau. Hloov ntawm cov khoom sib txawv yog ua tiav siv cov ntsiab lus kho vajtse hloov pauv, tshem tawm qhov xav tau kev ruaj ntseg xyuas software.
- Intel Boot Guard yog ib qho cuab yeej kho vajtse rau kev txheeb xyuas qhov tseeb ntawm qhov pib khau raj thaiv los ntawm cryptographic txhais tau tias lossis los ntawm cov txheej txheem ntsuas. Txhawm rau txheeb xyuas qhov thaiv thawj zaug, cov chaw tsim khoom yuav tsum tsim kom muaj 2048-ntsis tus yuam sij, uas muaj ob ntu: pej xeem thiab ntiag tug. Tus yuam sij pej xeem tau luam tawm ntawm lub rooj tsavxwm los ntawm "detonating" fuse cov khoom thaum tsim khoom. Cov khoom no yog siv ib zaug thiab hloov tsis tau. Qhov chaw ntiag tug ntawm tus yuam sij tsim ib qho kev kos npe digital rau kev lees paub tom qab ntawm lub sijhawm rub tawm.
Lub OpenTitan platform nthuav tawm qhov tseem ceeb ntawm xws li kho vajtse / software, raws li qhia hauv daim duab hauv qab no.
OpenTitan Platform
Txoj kev loj hlob ntawm OpenTitan platform yog tswj hwm los ntawm lub koom haum non-profit lowRISC. Pab pawg engineering yog nyob hauv Cambridge (UK), thiab tus neeg txhawb nqa tseem ceeb yog Google. Cov koom tes tsim muaj xws li ETH Zurich, G + D Mobile Security, Nuvoton Technology thiab Western Digital.
Google project ntawm Google Open Source neeg blog. Lub tuam txhab tau hais tias OpenTitan tau cog lus rau "muab kev taw qhia zoo ntawm RoT tsim thiab kev koom ua ke rau kev siv hauv cov ntaub ntawv chaw servers, khaws cia, ntug khoom thiab ntau dua."
Lub hauv paus ntawm kev ntseeg siab yog thawj qhov txuas hauv cov saw hlau ntawm kev ntseeg siab ntawm qib qis tshaj hauv kev ntseeg siab ntawm kev suav, uas yog ib txwm ntseeg siab los ntawm lub system.
RoT yog qhov tseem ceeb rau cov ntawv thov suav nrog pej xeem qhov tseem ceeb infrastructures (PKIs). Nws yog lub hauv paus ntawm kev ruaj ntseg system uas muaj cov txheej txheem nyuaj xws li daim ntawv thov IoT lossis cov chaw khaws ntaub ntawv. Yog li nws paub meej tias vim li cas Google txhawb nqa qhov project no. Tam sim no nws muaj 19 lub chaw cov ntaub ntawv nyob rau tsib lub teb chaws. Cov chaw khaws ntaub ntawv, khaws cia, thiab cov ntawv thov tseem ceeb tshaj tawm nthuav tawm qhov chaw nres tsheb loj heev, thiab los tiv thaiv cov txheej txheem no, Google pib tsim nws tus kheej hauv paus kev ntseeg siab ntawm Titan nti.
rau Google cov chaw zov me nyuam tau pib ua ntej ntawm Google Cloud Next lub rooj sib tham. "Peb cov khoos phis tawj ua cov kev kuaj xyuas cryptographic ntawm txhua pob software thiab tom qab ntawd txiav txim siab seb puas yuav tso cai rau nws nkag mus rau cov peev txheej hauv network. Titan koom ua ke rau hauv cov txheej txheem no thiab muab cov txheej txheem tiv thaiv ntxiv, "cov neeg sawv cev ntawm Google tau hais ntawm qhov kev nthuav qhia ntawd.
Titan nti hauv Google server
Lub Titan architecture yav dhau los yog tus tswv los ntawm Google, tab sis tam sim no tau ua rau pej xeem sau ua qhov qhib qhov project.
Thawj theem ntawm txoj haujlwm yog kev tsim cov txheej txheem RoT tsim ntawm qib nti, suav nrog kev qhib qhov chaw microprocessor , cryptographic processors, hardware random number generator, key and memory hierarchies for non-volatile and non-volatile storage, security mechanisms, I/O peripherals and secure boot processes.
Google hais tias OpenTitan yog raws li peb lub hauv paus ntsiab lus:
- txhua tus muaj lub sijhawm los saib xyuas lub platform thiab pab txhawb;
- nce kev yooj yim los ntawm kev qhib qhov tsim kom muaj kev ruaj ntseg uas tsis raug thaiv los ntawm kev txwv tus neeg muag khoom;
- zoo guaranteed tsis tsuas yog los ntawm tus tsim nws tus kheej, tab sis kuj los ntawm kev siv firmware thiab cov ntaub ntawv.
"Cov chips tam sim no nrog cov hauv paus kev ntseeg siab yog tus tswv heev. Lawv thov kom muaj kev nyab xeeb, tab sis qhov tseeb, koj muab nws tso cai thiab tsis tuaj yeem kuaj xyuas koj tus kheej, hais tias Dominic Rizzo, tus kws tshaj lij kev nyab xeeb rau Google Titan project. "Tam sim no, thawj zaug, nws muaj peev xwm muab kev ruaj ntseg yam tsis muaj kev ntseeg tsis pom kev hauv cov neeg tsim khoom ntawm lub hauv paus ntawm kev ntseeg siab tsim. Yog li lub hauv paus tsis yog tsuas yog ruaj khov, nws tuaj yeem txheeb xyuas tau. "
Rizzo hais ntxiv tias OpenTitan tuaj yeem suav hais tias yog "kev tsim qauv pob tshab piv rau lub xeev tam sim no."
Raws li cov neeg tsim khoom, OpenTitan yuav tsum tsis muaj txoj hauv kev suav tias yog cov khoom tiav, vim tias kev txhim kho tseem tsis tau tiav. Lawv txhob txwm qhib qhov kev qhia tshwj xeeb thiab tsim kev tsim kho nruab nrab kom txhua tus tuaj yeem tshuaj xyuas nws, muab tswv yim, thiab txhim kho lub kaw lus ua ntej pib tsim khoom.
Txhawm rau pib tsim OpenTitan chips, koj yuav tsum tau thov thiab tau txais ntawv pov thawj. Thaj, tsis tas yuav muaj nuj nqis.
Tau qhov twg los: www.hab.com