Google announced OpenTitan on Tuesday, a special-purpose chip design for open source security for use in data center servers, storage, peripherals and other devices.
OpenTitan is an open source silicon-based Root-of-Trust (RoT) project of Google to deliver “design and integration guidelines” for developers of servers and other devices, Google wrote in its Open Source blog. “Silicon RoT can help ensure that the hardware infrastructure and software that runs on it remain in their intended, trustworthy state by verifying that the critical system components boot securely using authorized and verifiable code,” the blog said. Root-of-Trust uses cryptography to ensure that a chip hasn’t been tampered with.
The security features of OpenTitan are considered increasingly essential in an era when sophisticated hacks can be coordinated by nation states to infiltrate computers and other gear introduced into the supply chains of the U.S. and other countries for long-term spying. The U.S. Senate is currently considering a bill designed to track computers and other gear shipped from countries such as China that are used in U.S. government agencies, including the Department of Defense.
The silicon RoT can be used in server motherboards, network cards, client devices like laptops and smartphones, but also in a variety of IoT devices. It is platform agnostic. Google has its own custom-made Titan chip, first introduced in 2017 to ensure that the computers in Google’s cloud data centers boot with verified code in a known trustworthy state. “We want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry,” Google said. “We believe that the best way to accomplish that is through open source silicon.”
OpenTitan is a coalition of Google, Western Digital, Nuvoton Technology, G+D Mobile Security and ETH Zurich and is managed by lowRISC CIC, an independent non-profit with an engineering team based in Cambridge, UK.
OpenTitan fits into a similar security category as Apple’s proprietary silicon called the Apple T2 that is deployed in recent MacBooks. It controls security functions and stores passwords and encryption keys.
Google is also part of the Open Compute Project, which also includes Facebook and Intel. It was created to promote open-source core server designs for more efficient operations.