Open-Source Security Chip Released
The first commercial silicon chip that includes open-source, built-in hardware security was announced today by the OpenTitan coalition.
This milestone represents another step in the growth of the open hardware movement. Open hardware has been gaining steam since the development of the popular open-source processor architecture RISC-V
RISC-V gives an openly available prescription for a how a computer can operate efficiently at the most basic level. OpenTitan goes beyond RISC-V’s open-source instruction set by delivering an open-source design for the silicon itself. Although other open-source silicon has been developed, this is the first one to include the design verification stage and to produce a fully functional commercial chip, the coalition claims.
Utilizing a RISC-V based processor core, the chip, called Earl Grey, includes a number of built-in hardware security and cryptography modules, all working together in a self-contained microprocessor. The project began back in 2019 by a coalition of companies, started by Google and shepherded by the non-profit lowRISC in Cambridge, UK. Modeled after open-source software projects, it has been developed by contributors from around the world, both official affiliates with the project and independent coders. Today’s announcement is the culmination of five years of work.
Open source “just takes over because it has certain valuable properties… I think we’re seeing the beginning of this now with silicon.”—Dominic Rizzo, zeroRISC
“This chip is very, very exciting,” says OpenTitan co-creator and CEO of coalition partner zeroRISC Dominic Rizzo. “But there’s a much bigger thing here which is the development of this whole new type of methodology. Instead of a traditional… command and control style structure, this is distributed.”
The methodology they have developed is called Silicon Commons. Open-source hardware design faces challenges that open-source software didn’t, such as greater costs, a smaller professional community, and inability to supply bug-fixes in patches after the product is released, explains lowRISC CEO Gavin Ferris. The Silicon Commons framework provides rules for documentation, pre-defined interfaces and quality standards, as well as the governance structure laying out how the different partners make decisions as a collective.
Another key to the success of the project, Ferris says, was picking a problem that all the partners would be incentivized to continue participating in over the course of the five years of development. Hardware security was the right fit for the job because of its commercial importance as well as its particular fit to the open-source model. There’s a notion in cryptography known as Kerckhoffs’s principle which states that the only thing that should actually be secret in a cryptosystem is the secret key itself. Open-sourcing the entire protocol makes sure the cryptosystem conforms to this rule.
What is a Hardware Root-of-Trust?
OpenTitan uses a hardware security protocol known as a root of trust (RoT). The idea is to provide an on-chip source of cryptographic keys that is inaccessible remotely. Because it’s otherwise inaccessible, the system can trust that it hasn’t been tampered with, providing a basis to build security on. “Root of Trust means that at the end of the day, there is something that we both believe in,” explains Ravi Subrahmanyan, senior director of integrated circuit design at Analog Devices who was not involved in the effort. Once there is something both people agree on, a trusted secure connection can be established.
Conventional, proprietary chips can also leverage RoT technology. Open sourcing it provides an extra layer of trust, proponents argue. Since anyone can inspect and probe the design, the theory is that bugs are more likely to get noticed and the bug fixes can be verified. “The openness is a good thing.” says Subrahmanyan. “Because for example, let’s say a proprietary implementation has some problem. I won’t necessarily know, right? I’m at their mercy as to whether they’re going to tell me or not.”
This kind of on-chip security is especially relevant in devices forming the internet of things (IoT), which suffer from unaddressed security challenges. ZeroRISC and its partners will open up sales to IoT markets via an early access program, and they anticipate broad adoption in that sphere.
Rizzo and Ferris believe their chip shows off a template for open-source hardware development that other collaborations will replicate. On top of providing transparent security, open-sourcing saves companies money by allowing them to re-use hardware components rather than independently developing proprietary versions of the same thing. It also opens the door for many more partners to participate in the effort, including academic institutions such as OpenTitan coalition partner ETH Zurich. Thanks to academic involvement, OpenTitan was able to incorporate cryptography protocols that are safe against future quantum computers.
“Once the methodology has been proven, others will pick it up,” Rizzo says. “If you look at what’s happened with open-source software, first, people thought it was kind of an edge pursuit, and then it ended up running almost every mobile phone. It just takes over because it has certain valuable properties. And so I think we’re seeing the beginning of this now with silicon.”
IEEE Spectrum