éå¶å©å£äœ
RISC-V ã¢ãŒããã¯ãã£ã«åºã¥ã OpenTitan ã¯ãããŒã¿ ã»ã³ã¿ãŒã®ãµãŒããŒããããŒãã®ä¿¡é Œæ§ã確ä¿ãããã¡ãŒã ãŠã§ã¢ãå€æŽããä¿è·ããã«ãŒããããã®å¯èœæ§ãæé€ããå¿ èŠããããã®ä»ã®æ©åšã«ã€ã³ã¹ããŒã«ããããã®å°çšãããã§ãããããã¯ãã¶ãŒããŒãã§ãããããã¯ãŒã¯ã«ãŒããã«ãŒã¿ãŒãIoTããã€ã¹ãã¢ãã€ã«ã¬ãžã§ãããªã©
ãã¡ãããåæ§ã®ã¢ãžã¥ãŒã«ãææ°ã®ããã»ããµãŒã«ãååšããŸããããšãã°ãIntel Hardware Boot Guard ã¢ãžã¥ãŒã«ã¯ãIntel ããã»ããµã®ä¿¡é Œã®ã«ãŒãã§ãã OS ãããŒãããåã«ãä¿¡é Œãã§ãŒã³ãéã㊠UEFI BIOS ã®ä¿¡é Œæ§ãæ€èšŒããŸãããããåé¡ã¯ãèšèšã«ãã°ããªããšããä¿èšŒããªããããããã§ãã¯ããæ¹æ³ããªãããšãèãããšãç¬èªã®ã«ãŒãã»ãªãã»ãã©ã¹ããã©ã®çšåºŠä¿¡é Œã§ããã®ããšããããšã§ããèšäºãèŠã
ãµãã©ã€ãã§ãŒã³ã«ãããæ©åšã®äŸµå®³ã®è
åšã¯é©ãã»ã©çŸå®çã§ããã¢ããã¥ã¢ã®é»åæè¡è
ãªã誰ã§ãããã§ãããã
ãããŒããŠã§ã¢ ããŒãããŒããŒãä¿¡é Œã§ããªãå Žåã¯ãã²ãŒã ãªãŒããŒã§ããã
圌ã¯è©±ããŸã ã®ã£ãã³ã»ãã§ãªã¹ãlowRISC åç· åœ¹äŒã¡ã³ããŒã ããªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãäœããããã¯åé¡ã§ã¯ãããŸããããªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãèµ·åãããŸã§ã«ã»ãã¥ãªãã£ã䟵害ãããŠããã°ãããšã¯æè¡ã®åé¡ã§ãããããçµãã£ããã ããã
ãã®åé¡ã¯ããã®çš®åã®ãªãŒãã³ ããŒããŠã§ã¢ ãã©ãããã©ãŒã OpenTitan (
Google èªäœã¯ãIntel Management Engine (ME) ãããã«çµã¿èŸŒãŸãã Minix ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãçºèŠããåŸãTitan ã®éçºãéå§ããŸããããã®è€é㪠OS ã¯ãäºæž¬äžèœãã€å¶åŸ¡äžèœãªæ¹æ³ã§æ»æ察象é åãæ¡å€§ããŸãããã°ãŒã°ã«
ä¿¡é Œã®æ ¹æºãšã¯äœã§ããããïŒ
ã·ã¹ãã èµ·åããã»ã¹ã®å段éã§ã次ã®æ®µéã®ä¿¡é Œæ§ããã§ãã¯ããã ä¿¡é Œã®é£é.
ã«ãŒã ãªã ãã©ã¹ã (RoT) ã¯ãä¿¡é Œãã§ãŒã³å ã®æåã®å®è¡å¯èœãªåœä»€ã®ãœãŒã¹ãå€æŽã§ããªãããšãä¿èšŒããããŒããŠã§ã¢ ããŒã¹ã®èªèšŒã§ãã RoT ã¯ã«ãŒããããã«å¯Ÿããåºæ¬çãªä¿è·ã§ããããã¯ããŒã ããã»ã¹ã®éèŠãªæ®µéã§ãããBIOS ãã OS ããã³ã¢ããªã±ãŒã·ã§ã³ã«è³ãããã®åŸã®ã·ã¹ãã ã®èµ·åã«é¢äžããŸããåŸç¶ã®åããŠã³ããŒãæé ã®ä¿¡é Œæ§ãæ€èšŒããå¿ èŠããããŸãããããè¡ãã«ã¯ãããžã¿ã«çœ²åãããããŒã®ã»ãããå段éã§äœ¿çšãããŸããããŒããŠã§ã¢ ããŒä¿è·ã®æãäžè¬çãªæšæºã® XNUMX ã€ã¯ãTPM (Trusted Platform Module) ã§ãã
ä¿¡é Œã®ã«ãŒãã確ç«ãããäžèšã¯ãäžå€ã¡ã¢ãªå
ã®ããŒãããŒããŒããå§ãŸããä¿¡é Œã®ãã§ãŒã³ãäœæãã XNUMX 段éã®ããŒã ããã»ã¹ã§ããåã¹ãããã§ã¯ãå
¬éããŒã䜿çšããŠã次ã«ããŒããããã³ã³ããŒãã³ãã® ID ãæ€èšŒããŸããããªãŒã»ãªãŒã®æ¬ã®ã€ã©ã¹ã
RoT ã¯ããŸããŸãªæ¹æ³ã§èµ·åã§ããŸãã
- ãã¡ãŒã ãŠã§ã¢ãŸãã¯äžå€ã¡ã¢ãªããã€ã¡ãŒãžãšã«ãŒãããŒãããŒãããŸãã
- ãã¥ãŒãºãããã䜿çšããŠã«ãŒãããŒãã¯ã³ã¿ã€ã ããã°ã©ããã«ã¡ã¢ãªã«ä¿åããã
- ä¿è·ãããã¡ã¢ãªé åããä¿è·ãããã¹ãã¬ãŒãžã«ã³ãŒããããŒãããŸãã
ããã»ããµãŒãç°ãªãã°ãä¿¡é Œã®ã«ãŒãã®å®è£
æ¹æ³ãç°ãªããŸããã€ã³ãã«ãšARM
次ã®ãã¯ãããžãŒããµããŒãããŸãã
- ARM TrustZoneã®ã ARM ã¯ãä¿¡é Œã®ã«ãŒãããã®ä»ã®ã»ãã¥ãªã㣠ã¡ã«ããºã ãæäŸããç¬èªã®ã·ãªã³ã³ ãããã¯ããããã¡ãŒã«ãŒã«è²©å£²ããŠããŸããããã«ããããã€ã¯ãããã»ããµãå®å šã§ãªãã³ã¢ããåé¢ãããŸãã Trusted OS ã¯ãå®å šã§ãªãã³ã³ããŒãã³ããšå¯Ÿè©±ããããã®æ確ã«å®çŸ©ãããã€ã³ã¿ãŒãã§ã€ã¹ãåããå®å šãªãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã§ããä¿è·ããããªãœãŒã¹ã¯ä¿¡é Œã§ããã³ã¢ã«ååšããå¯èœãªéã軜éã§ããå¿ èŠããããŸããç°ãªãã¿ã€ãã®ã³ã³ããŒãã³ãéã®åãæ¿ãã¯ãããŒããŠã§ã¢ ã³ã³ããã¹ã ã¹ã€ããã³ã°ã䜿çšããŠè¡ããããããå®å šãªç£èŠãœãããŠã§ã¢ã¯å¿ èŠãããŸããã
- ã€ã³ãã«ããŒãã¬ãŒã æå·åæ段ãŸãã¯æž¬å®ããã»ã¹ãéããŠãåæããŒã ãããã¯ã®ä¿¡é Œæ§ãæ€èšŒããããã®ããŒããŠã§ã¢ ã¡ã«ããºã ã§ããæåã®ãããã¯ãæ€èšŒããã«ã¯ã補é å ã¯å ¬éããŒãšç§å¯ããŒã® 2048 ã€ã®éšåã§æ§æããã XNUMX ãããã®ããŒãçæããå¿ èŠããããŸããå ¬éããŒã¯ã補é äžã«ãã¥ãŒãºãããããççºããããããšã«ãã£ãŠåºæ¿ã«å°å·ãããŸãããããã®ããã㯠XNUMX åéã䜿çšãããå€æŽã§ããŸãããããŒã®ãã©ã€ããŒãéšåã¯ããã®åŸã®ããŠã³ããŒã段éã®èªèšŒã®ããã®ããžã¿ã«çœ²åãçæããŸãã
OpenTitan ãã©ãããã©ãŒã ã¯ã以äžã®å³ã«ç€ºãããã«ããã®ãããªããŒããŠã§ã¢/ãœãããŠã§ã¢ ã·ã¹ãã ã®äž»èŠãªéšåãå ¬éããŸãã
OpenTitan ãã©ãããã©ãŒã
OpenTitan ãã©ãããã©ãŒã ã®éçºã¯ãéå¶å©å£äœ lowRISC ã«ãã£ãŠç®¡çãããŠããŸãããšã³ãžãã¢ãªã³ã° ããŒã ã¯ã±ã³ããªããž (è±åœ) ã«æ ç¹ã眮ããã¡ã€ã³ ã¹ãã³ãµãŒã¯ Google ã§ããèšç«ããŒãããŒã«ã¯ãETH ZurichãG+D Mobile SecurityãNuvoton TechnologyãWestern Digital ãå«ãŸããŸãã
ã§ãã°ã€ã³
ã«ãŒã ãªã ãã©ã¹ãã¯ããã©ã¹ããã ã³ã³ãã¥ãŒãã£ã³ã° ã¢ãžã¥ãŒã«ã®æäžäœã¬ãã«ã«ããä¿¡é Œãã§ãŒã³ã®æåã®ãªã³ã¯ã§ãããã·ã¹ãã ã«ãã£ãŠåžžã«å®å šã«ä¿¡é ŒãããŸãã
RoT ã¯ãå ¬éããŒåºç€ (PKI) ãå«ãã¢ããªã±ãŒã·ã§ã³ã«ãšã£ãŠéèŠã§ãã IoT ã¢ããªã±ãŒã·ã§ã³ãããŒã¿ã»ã³ã¿ãŒãªã©ã®è€éãªã·ã¹ãã ã®åºç€ãšãªãã»ãã¥ãªã㣠ã·ã¹ãã ã®åºç€ã§ãããããã£ãŠãGoogle ããã®ãããžã§ã¯ãããµããŒãããçç±ã¯æããã§ããçŸåšã19 倧éžã« XNUMX ã®ããŒã¿ã»ã³ã¿ãŒããããŸããããŒã¿ã»ã³ã¿ãŒãã¹ãã¬ãŒãžãããã·ã§ã³ã¯ãªãã£ã«ã«ãªã¢ããªã±ãŒã·ã§ã³ã¯åºå€§ãªæ»æ察象é åãæäŸããŠããããã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãä¿è·ããããã«ãGoogle ã¯åœåãTitan ãããäžã«ç¬èªã®ã«ãŒã ãªã ãã©ã¹ããéçºããŸããã
GoogleãµãŒããŒã®Titanããã
Titan ã¢ãŒããã¯ãã£ã¯ä»¥å㯠Google ãææããŠããŸããããçŸåšã¯ãªãŒãã³ãœãŒã¹ ãããžã§ã¯ããšããŠãããªã㯠ãã¡ã€ã³ã«ãªã£ãŠããŸãã
ãããžã§ã¯ãã®æåã®æ®µéã¯ããªãŒãã³ãœãŒã¹ ãã€ã¯ãããã»ããµãå«ããããã ã¬ãã«ã§ã®è«ç RoT èšèšã®äœæã§ãã
Googleã«ããã°ãOpenTitanã¯XNUMXã€ã®éèŠãªååã«åºã¥ããŠãããšããã
- 誰ãããã©ãããã©ãŒã ããã§ãã¯ããŠè²¢ç®ããæ©äŒããããŸãã
- ç¬èªã®ãã³ããŒå¶éã«ãã£ãŠãããã¯ãããªãè«ççã«å®å šãªèšèšãéãããšã«ãããæè»æ§ãåäžããŸãã
- å質ã¯èšèšãã®ãã®ã ãã§ãªãããªãã¡ã¬ã³ã¹ãã¡ãŒã ãŠã§ã¢ãããã¥ã¡ã³ãã«ãã£ãŠãä¿èšŒãããŸãã
ãä¿¡é Œã®ã«ãŒããæã€çŸåšã®ãããã¯éåžžã«ç¬èªã®ãã®ã§ãã圌ãã¯å®å šã§ãããšäž»åŒµããŠããŸãããçŸå®ã«ã¯ãããåœç¶ã®ããšã ãšèããããŠãããèªåã§ãããæ€èšŒããããšã¯ã§ããŸããããš Google Titan ãããžã§ã¯ãã®äž»ä»»ã»ãã¥ãªã㣠ãµã€ãšã³ãã£ã¹ãã§ãã Dominic Rizzo æ°ã¯èšããŸãã ãçŸåšãç¬èªã®ä¿¡é Œã®ã«ãŒãèšèšã®éçºè ãç²ä¿¡ããããšãªãã»ãã¥ãªãã£ãæäŸã§ããããã«ãªããŸãããã€ãŸããåºç€ã匷åºã§ããã ãã§ãªããæ€èšŒããããšãã§ããã®ã§ããã
Rizzoæ°ã¯ãOpenTitanã¯ãçŸç¶ã«æ¯ã¹ãŠæ ¹æ¬çã«éæãªèšèšããšèãããããšä»ãå ããã
éçºè ã«ããã°ãéçºã¯ãŸã å®äºããŠããªããããOpenTitan ã¯æ±ºããŠå®æåãšã¿ãªãããã¹ãã§ã¯ãããŸããã圌ãã¯éçºéäžã®ä»æ§ãšèšèšãæå³çã«å ¬éããçç£éå§åã«èª°ããã¬ãã¥ãŒããæèŠãæäŸããã·ã¹ãã ãæ¹åã§ããããã«ããŸããã
OpenTitan ãããã®çç£ãéå§ããã«ã¯ãç³è«ããŠèªå®ãååŸããå¿
èŠããããŸããã©ããããã€ã€ãªãã£ãŒã¯å¿
èŠãªãããã§ãã
åºæïŒ habr.com