I-Google, i-AMD, i-NVIDIA kanye ne-Microsoft, njengengxenye yephrojekthi ehlanganyelwe ye-Calitra, benze ibhulokhi yokuklama i-chip evulekile (i-IP block) yokushumeka amathuluzi kuma-chips ukuze bakhe izingxenye zehadiwe ezithembekile (i-RoT, Umsuka Wokuthenjwa). I-Caliptra iyiyunithi yezingxenyekazi zekhompuyutha ehlukile enenkumbulo yayo, iphrosesa kanye nokuqaliswa kwe-cryptographic primitives, ehlinzeka ngokuqinisekiswa kwenqubo yokuqalisa, i-firmware esetshenzisiwe kanye nokucushwa kwedivayisi okugcinwe kumemori engaguquki.
I-Caliptra ingasetshenziswa ukuhlanganisa iyunithi yezingxenyekazi zekhompuyutha ezimele kuma-chips ahlukahlukene, ehlola ubuqotho futhi iqinisekise ukuthi idivayisi isebenzisa i-firmware eqinisekisiwe negunyaziwe kudivayisi. I-Caliptra ingenza kube lula futhi ihlanganise ukuhlanganiswa kwezindlela zokuqinisekisa i-cryptographic ezakhelwe ngaphakathi zehadiwe kuma-CPU, ama-GPU, ama-SoC, ama-ASIC, ama-adaptha enethiwekhi, amadrayivu e-SSD, nezinye izinto zokusebenza.
Izindlela zokuqinisekisa ubuqotho nobuqiniso be-cryptographic obuhlinzekwe yinkundla izovikela izingxenye zehadiwe kusukela ekwethulweni kwezinguquko ezinonya ku-firmware futhi ivikele inqubo yokulayisha nokugcina ukucushwa ukuze kuvinjwe uhlelo oluyinhloko ukuthi lungangeni ngenxa ukuhlaselwa kwezingxenye zehadiwe noma ukushintshwa kwezinguquko ezinonya kumaketango okunikezwayo kwama-chips. I-Caliptra iphinde inikeze amandla okuqinisekisa ukubuyekezwa kwe-firmware kanye nedatha ehlobene nenkundla (RTU, Root of Trust for Update), ukuthola umonakalo ku-firmware nedatha ebalulekile (RTD, Root of Trust for Detection), ukubuyisela i-firmware eyonakele kanye nedatha (RTRec, Root weTrust for Recovery).
I-Caliptra ithuthukiswa endaweni yephrojekthi ehlanganyelwe ye-Open Compute, okuhloswe ngayo ukuthuthukisa imininingwane evulekile yemishini yokuhlomisa izikhungo zedatha. Ukucaciswa okuhlobene ne-Caliptra kusakazwa kusetshenziswa I-Open Web Foundation Agreement (OWFa), eklanyelwe ukusabalalisa amazinga avulekile (afana nelayisensi yomthombo ovulekile ukuze uthole imininingwane). Ukusetshenziswa kwe-OWFa kwenza kube nokwenzeka ukuthi uzenzele eyakho imikhiqizo kanye nokusetshenziswa kokunye okususelwe ngokusekelwe esimisweni ngaphandle kokudonsa izinkokhelo futhi kuvumela noma iyiphi inhlangano ukuthi ibambe iqhaza ekuthuthukisweni kwencazelo.
Ukuqaliswa okuyisisekelo kwe-IP block kusekelwe kuphrosesa evuliwe ye-RISC-V SWeRV EL2 futhi ifakwe no-384KB we-RAM (128KB DCCM, 128KB ICCM0 kanye no-128KB SRAM) kanye ne-32KB ROM. Ama-algorithms e-cryptographic asekelwe ahlanganisa i-SHA256, SHA384, SHA512 ECC Secp384r1, HMAC-DRBG, HMAC SHA384, AES256-ECB, AES256-CBC kanye ne-AES256-GCM.
Source: opennet.ru