Google has announced OpenTitan, an open source silicon root of trust (RoT) project designed to provide guidelines for data center server, storage and peripheral security. The OpenTitan announcement comes after Google previously introduced Titan, a purpose-built chip for Google Cloud Platform (GCP) servers.
OpenTitan promotes the creation of an open source silicon design, Google indicated. As such, OpenTitan benefits chip manufacturers, platform providers and organizations that want to enhance their infrastructure with silicon-based security.
How Does OpenTitan Work?
OpenTitan is supported by a coalition of partners committed to building the logical design of a silicon RoT, Google stated. The project is based on the following principles:
- Transparency: Anyone can inspect, evaluate and contribute to OpenTitan’s design and documentation.
- High Quality: OpenTitan engineers are developing a high-quality, logically secure silicon design that emphasizes reference firmware, verification collateral and technical documentation.
- Flexibility: OpenTitan adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design across their data center servers, storage, peripherals and other devices.
With OpenTitan, an open source silicon design could be created that promotes transparency, ensures that security issues can be identified quickly and fosters innovation, Google noted. OpenTitan also could provide various silicon implementation options, along with a set of common interfaces and software compatibility guarantees via an open reference design.
What Is a Silicon RoT?
A silicon RoT ensures that hardware infrastructure and the software that runs on it remain secure, Google indicated. It verifies that system components boot securely using authorized and verifiable code, thereby protecting organizations against firmware-level attacks.
A silicon RoT also can be used in server motherboards, network cards, routers and other devices, Google noted. In doing so, a silicon RoT ensures that these devices consistently boot from a known trustworthy state with verified code.