Thursday, November 7, 2019
Aiming to make security more accessible and transparent, a new group has been launched to deliver what it said is the first open source silicon root of trust (RoT) design. The OpenTitan project brings a coalition of companies together to deliver an evolution of Google’s Titan chip, to help critical system components have their trust anchored in silicon.
OpenTitan is staffed by engineers representing a coalition of partners who say they want to deliver a more open, transparent, and high-quality RoT. The project is managed by the lowRISC CIC, an independent not-for-profit company with a full-stack engineering team based in Cambridge, UK. It is supported by a coalition of partners, including ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital.
Speaking at a press conference to launch the project, Google Cloud’s OpenTitan lead, Dominic Rizzo, said, “System integrity should be anchored in silicon. At Google, we built our own silicon root of trust with the Titan family of chips. This was proprietary to Google. We learned a lot from integrating it into our data centers: such as the importance of transparent integration and instruction integrity. This was great for our customers, but proprietary, as were other roots of trust. So OpenTitan is designed to be open and flexible.” Rizzo emphasized that many proprietary RoT’s require developers to put blind trust in them, and added that with OpenTitan, “Blind trust is no longer necessary.”
The group said it is transparently building the logical design of a silicon RoT, including an open source microprocessor (the lowRISC Ibex, a RISC-V-based design from ETH Zurich), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, and secure boot. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and other devices.
Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure. A silicon RoT can help ensure that the hardware infrastructure and the software that runs on it remain in their intended, trustworthy state by verifying that the critical system components boot securely using authorized and verifiable code. This means it helps ensure that a server or a device boots with the correct firmware and hasn't been infected by a low-level malware, and provides a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate. It also protects secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped), and provides authoritative, tamper-evident audit records and other runtime security services.
Root of trust: proprietary vs. open source
In a typical implementation, the RoT is interposed physically between the boot processor in the system and the non-volatile ROM or flash which contains the initial boot firmware. The RoT can hence validate the integrity of the firmware as it is being read by the boot processor before the system is allowed to boot. A RoT can also provide a path to recovery if latent firmware bugs permit some compromise to occur. The RoT module typically comes in the form of a separate chip or intellectual property (IP) embedded in a system on a chip (SoC).
A silicon RoT can be used in server motherboards, network cards, client devices (e.g., laptops, phones), consumer routers and IoT devices. Google has relied on its custom-made RoT chip, Titan, to ensure machines in Google’s data centers boot from a known trustworthy state with verified code. Google said, “Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon.”
According to Western Digital’s VP of research and development, Richard New, all RoT chips in use today are proprietary. “Because implementations are opaque, there is no way for an end-user to independently verify the quality of the RoT chip’s architecture, firmware, or hardware design. This means that the end-user of any such device needs to trust that the designer of the RoT has implemented it correctly, and not introduced any errors.”
The argument made by OpenTitan is that an open source silicon RoT has similar benefits to open source software. It enhances trust and security through design and implementation transparency, with the ability to discover issues early, and reducing the need for blind trust. The community aspect means innovation is enabled and encouraged through contributions to the open source design. And while it’s not promoted as a standard, it can help provide implementation choice and preserve a set of common interfaces and software compatibility guarantees through a common, open reference design.
The OpenTitan project said it is rooted in three key principles: transparency, quality and flexibility. In principle, anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation to help build a transparent, trustworthy silicon RoT. The group is building a high-quality logically-secure silicon design, including reference firmware, verification collateral, and technical documentation;
Speaking at the press conference, Gavin Ferris, co-founder and board member at lowRISC, said, “We are about 40-50% done with the reference design. On the flexibility aspect, OpenTitan said adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design that can be integrated into data center servers, storage, peripheral and other devices.
Andy Hopper, chairman, lowRISC
Richard New added, “OpenTitan will be a significant part of our strategy. Our company has a long history in contributing to open source, such as Linux and RISC-V. Open source is the natural path industry needs to take.” He said Western Digital’s view is that the most secure solutions are based on open and inspectable implementations combined with transparent policies and security practices. “Specifically, this means that the best security architectures will be those that are, to the greatest extent possible, open to and inspectable by everyone. This is a non-controversial view in security circles, but unfortunately one that is not widely followed in practice. OpenTitan has the potential to disrupt the proprietary development model and provide an open and inspectable high-quality RoT reference design for the industry at large.”
What does the industry think?
So what do others in the industry think? We asked John Moor, managing director of the IoT Security Foundation. He told us, “The RoT is a critical part of the IoT. A major impediment to security is cost, so having an open source RoT would be helpful.” He said that transparency is a good thing, but that it’s important that the open source gets the scrutiny it should. “If it genuinely has scrutiny it’s a good thing.” He added that the cost and the power of Google behind it is probably a good thing.
Andy Hopper, the chairman of lowRISC, and a veteran of the computing industry who originally founded the pre-cursor to Arm back in 1978, said, “The silicon root of trust is too important a foundational security technology to be proprietary; the OpenTitan project is another example of how open source development encourages innovation and serves greater interests by creating a truly trustworthy piece of silicon. As someone involved in the computer science and hardware industry for several decades, I'm encouraged to see companies working in a more collaborative and transparent fashion with researchers and the open source community to continue innovating in a post-Moore's law world."
Another veteran of the chip world, and member of the IoT Security Foundation’s executive steering board, Haydn Povey, said, “Generically we need to make people more aware of the need for a RoT, whether it’s open source or proprietary.” Povey, who is CEO and founder of Secure Thingz, and previously responsible for security at Arm, added, “Security is never going to be perfect, but it’s vital to have people thinking about security to ensure there are no gaps in thinking. Open source done right can actually be more secure.” He said security is the next major wave of computing, from the ‘edge to the enterprise’, and that while he did not have full details of OpenTitan, it looked like a major step forward in open source computing system security.
Copyright © 2019 CST, Inc. All Rights Reserved