Security news that informs and inspires

OpenTitan Chips Are on the Horizon

After nearly four years of research, development, and refinement, the OpenTitan project will have the first chips built on its open hardware and software designs in hand.

The project began in 2019 as a collaboration between Google, lowRISC, Western Digital, and a number of other organizations, with the goal of building an open-source hardware root of trust that manufacturers can use in servers, IoT devices, or OT infrastructure. The idea was to provide an alternative to the custom, highly expensive secure chips that only a handful of companies such as Apple and Google can afford to design and build for their devices. Now, that finish line is nearly in sight.

“It took five years, and quite a bit of investment, but now the open source flywheel has spun up and we’re finally at a place where we have the first commercially relevant open source design for a secure root of trust,” said Dominic Rizzo, the project director for OpenTitan.

Earlier this month, the project announced that it had reached the RTL freeze milestone for its first chip release candidate, named Earl Grey. That means the design has been released to manufacturing partners for synthesis and fabrication. Rizzo said he expects to have the first chips in hand by the end of 2023. From there, it’s up to the device manufacturers and partners to get them into devices and into the marketplace.

“The first places they show up could be OS agnostic servers or industrial IoT, operational technology, those sorts of sports,” Rizzo said.

“It’s not realistic to not connect that stuff to the internet, but by god you better do it well. The whole ‘trust me it’s secure’ thing isn’t really going to cut it anymore.”

“There’s no reason why someone can’t use the individual IP blocks for what they want.

Secure, verified hardware has become a valuable commodity in recent years, as attacks against software have increased in sophistication and attackers have targeted supply chains for both hardware and software to establish deep access to target organizations.

“Hitting this milestone demonstrates that large-scale engineering efforts can be successful when many organizations with aligned interests collaborate on an open source project. It also matters because traditionally, computing ecosystems have had to depend heavily on proprietary hardware (silicon) and software solutions to provide foundational, or “root,” trust assurances to their users. OpenTitan fundamentally changes that paradigm for the better, delivering secure root of trust silicon technology which is open source, high quality, and publicly verifiable,” Google’s OpenTitan team said in a post.

“This release means the OpenTitan chip digital design is complete and has been verified to be of sufficiently high quality that a tapeout is expected to succeed. In other words, the logical design is judged to be of sufficient maturity to translate into a physical layout and create a physical chip. The initial manufacturing will be performed in a smaller batch, delivering engineering samples which allow post-silicon verification of the physical silicon, prior to creating production devices in large volume.”

In addition to the Earl Grey design that’s soon to go into production, the OpenTitan project also has made available the individual blocks that went into building that design. Other projects can use any or all of those blocks in their own designs, Rizzo said.

“There’s no reason why someone can’t use the individual IP blocks for what they want. Things commoditize over time and we’d rather be intentional with this,” he said.

All of the OpenTitan code and other tools is available on GitHub.