Last week Google announced details of its OpenTitan project, the first open source silicon root of trust (RoT) project. \n\n\n\nOpenTitan was a product of the combined efforts of Google, lowRISC, Western Digital and many others. Unlike Google or WD, lowRISC is a not-for-profit company that develops and maintains open source silicon designs and tools for the long term.\n\n\n\nCompared to existing proprietary silicon RoT systems, OpenTitan represents a radical level of transparency, where virtually everything can be opened. \n\n\n\n\n\n\n\nHere\u2019s an illustration:\n\n\n\n\n\n\n\n via lowrisc.org \n\n\n\n\n\n\n\n\n\n\n\nMachines in Google\u2019s data centres, as with most modern computers, have multiple components, including one or more CPUs, RAM, Baseboard Management Controller (BMC), NIC, boot firmware, boot firmware flash and persistent storage. Securing the connection between chips and data centres can be demonstrated by the way components interact with each other:\n\n\n\nThe machine's boot process starts when the BMC configuring the machine hardware lets the CPU come out of reset. The CPU then loads the basic firmware (Boot or UEFI) from the boot firmware flash, which performs further hardware\/software configuration. Once the machine is sufficiently configured, the boot firmware accesses the "boot sector" on the machine's persistent storage, and loads a special program called the "boot loader" into the system memory. The boot firmware then passes execution control to the boot loader, which loads the initial OS image from storage into system memory and passes execution control to the operating system.\n\n\n\nThe availability of secure element can provide private key storage and management and this is where Titan comes into the picture. First introduced at Google Cloud Next '17, Titan is a secure, low-power microcontroller designed for Google hardware security.\n\n\n\nToday, the learning from the experiments of using Titan by Google and its partners is made public to promote transparency and security worldwide.\n\n\n\nWhat Makes OpenTitan Relevant\n\n\n\n\n\n\n\n\n\n\n\nData sharing got easier with the cloud. Customers no longer need permission to come inside the firewall and they can simply access the dashboards. Undeniably, the cloud offers more flexibility. \n\n\n\nThanks to its elasticity, a cloud-based service can meet changing demands of bandwidth and other infrastructure demands instantly, rather than undergoing a complex (and expensive) infrastructure upgrade.\n\n\n\n\n\n\n\nBy using cloud technology, it becomes easier to meet compliances of government bodies no matter how new the policy or whether it requires the use of some metadata.\n\n\n\nBecause it is not proprietary to a specific vendor or platform, the OpenTitan project can be leveraged at the data center servers, peripherals, storage devices, and other hardware, to help reduce costs and increase customer reach.\n\n\n\nOpenTitan is built upon the quality constructs and security principles used to create Google\u2019s Titan chips. It is designed to serve as the system root of trust by actively mediating access to the first-stage boot firmware. \n\n\n\nOpenTitan objectives can be summarised as follows:\n\n\n\nTo build and maintain logically-secure silicon design, including reference firmware, verification collateral, and technical documentation.Promoting transparency by allowing anyone to inspect, evaluate, and contribute to OpenTitan\u2019s design and documentation to help build a more transparent, trustworthy silicon RoT for all.Building platform-agnostic silicon RoT design that can be integrated into data centre servers, storage devices, peripherals and other hardware to reduce costs.\n\n\n\nThe success of this project would ensure the following:\n\n\n\nProtection of servers from low-level malware.Provide a cryptographically unique machine identity to verify the legitimacy of the servers.Protect secrets like encryption keys in a tamper-resistant way even for people with physical access.Provide authoritative, tamper-evident audit records and other runtime security services.\n\n\n\nFuture Direction\n\n\n\n via Google Cloud \n\n\n\n\n\n\n\nOpenTitan can be used to leverage the power and transparency to enable root of trust chips that can be fully inspected and verified, thereby providing strong security against malware, physical hardware modifications and other threats. \n\n\n\nSpeaking about the need for open source and transparent root of trust chips, Richard New, VP R&D, Western Digital, said that as the volume and value of data continues to grow exponentially, so does the need to keep that data safe and secure. \n\n\n\nFew vulnerabilities put cloud services under a tight spot as the image processing tasks are quite crucial in the machine learning task. From self-driving cars to identify cancer cells, images as data are almost ubiquitous. \n\n\n\nOpenTitan project with the open-source community and security ecosystem is aimed at accelerating the development of more secure data infrastructure and prepare to embrace the implications of the Zettabyte Age.