Last week Google announced details of its OpenTitan project, the first open source silicon root of trust (RoT) project.
OpenTitan was a product of the combined efforts of Google, lowRISC, Western Digital and many others. Unlike Google or WD, lowRISC is a not-for-profit company that develops and maintains open source silicon designs and tools for the long term.
Compared to existing proprietary silicon RoT systems, OpenTitan represents a radical level of transparency, where virtually everything can be opened.
Here’s an illustration:
Machines in Google’s data centres, as with most modern computers, have multiple components, including one or more CPUs, RAM, Baseboard Management Controller (BMC), NIC, boot firmware, boot firmware flash and persistent storage. Securing the connection between chips and data centres can be demonstrated by the way components interact with each other:
- The machine’s boot process starts when the BMC configuring the machine hardware lets the CPU come out of reset.
- The CPU then loads the basic firmware (Boot or UEFI) from the boot firmware flash, which performs further hardware/software configuration.
- Once the machine is sufficiently configured, the boot firmware accesses the “boot sector” on the machine’s persistent storage, and loads a special program called the “boot loader” into the system memory.
- The boot firmware then passes execution control to the boot loader, which loads the initial OS image from storage into system memory and passes execution control to the operating system.
The availability of secure element can provide private key storage and management and this is where Titan comes into the picture. First introduced at Google Cloud Next ’17, Titan is a secure, low-power microcontroller designed for Google hardware security.
Today, the learning from the experiments of using Titan by Google and its partners is made public to promote transparency and security worldwide.
What Makes OpenTitan Relevant
Data sharing got easier with the cloud. Customers no longer need permission to come inside the firewall and they can simply access the dashboards. Undeniably, the cloud offers more flexibility.
Thanks to its elasticity, a cloud-based service can meet changing demands of bandwidth and other infrastructure demands instantly, rather than undergoing a complex (and expensive) infrastructure upgrade.
By using cloud technology, it becomes easier to meet compliances of government bodies no matter how new the policy or whether it requires the use of some metadata.
Because it is not proprietary to a specific vendor or platform, the OpenTitan project can be leveraged at the data center servers, peripherals, storage devices, and other hardware, to help reduce costs and increase customer reach.
Home » How Google’s OpenTitan Project Will Protect Data Centers & Cloud
OpenTitan is built upon the quality constructs and security principles used to create Google’s Titan chips. It is designed to serve as the system root of trust by actively mediating access to the first-stage boot firmware.
OpenTitan objectives can be summarised as follows:
- To build and maintain logically-secure silicon design, including reference firmware, verification collateral, and technical documentation.
- Promoting transparency by allowing anyone to inspect, evaluate, and contribute to OpenTitan’s design and documentation to help build a more transparent, trustworthy silicon RoT for all.
- Building platform-agnostic silicon RoT design that can be integrated into data centre servers, storage devices, peripherals and other hardware to reduce costs.
The success of this project would ensure the following:
- Protection of servers from low-level malware.
- Provide a cryptographically unique machine identity to verify the legitimacy of the servers.
- Protect secrets like encryption keys in a tamper-resistant way even for people with physical access.
- Provide authoritative, tamper-evident audit records and other runtime security services.
OpenTitan can be used to leverage the power and transparency to enable root of trust chips that can be fully inspected and verified, thereby providing strong security against malware, physical hardware modifications and other threats.
Speaking about the need for open source and transparent root of trust chips, Richard New, VP R&D, Western Digital, said that as the volume and value of data continues to grow exponentially, so does the need to keep that data safe and secure.
Few vulnerabilities put cloud services under a tight spot as the image processing tasks are quite crucial in the machine learning task. From self-driving cars to identify cancer cells, images as data are almost ubiquitous.
OpenTitan project with the open-source community and security ecosystem is aimed at accelerating the development of more secure data infrastructure and prepare to embrace the implications of the Zettabyte Age.
Provide your comments below
I have a master's degree in Robotics and I write about machine learning advancements. email:firstname.lastname@example.org