Western Digital Corp. has teamed up with lowRISC, Google and a coalition of partners in support of OpenTitan, an open-source project building transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips that can be used in data storage, compute, and other hardware platforms.
Western Digital is working with ecosystem partners to optimize the OpenTitan framework to meet the diverse security demands of data-centric storage use cases from the core to the edge, including machine-learning applications, smartphones and connected Internet of Things (IoT) devices.
The OpenTitan project was established with the belief that the ability to understand, inspect and verify a device from the chip to the application is critical in data security. As it's open, adopters of the new OpenTitan framework can now review, audit and contribute to OpenTitan's register-transfer level (RTL) reference design, firmware and integration guidelines.
"As the volume and value of data continues to grow exponentially, so does the need to keep that data safe and secure," said Dr. Richard New, vice president of research and development at Western Digital. "OpenTitan leverages the power and transparency of the open-source development model to enable root of trust chips that can be fully inspected and verified, thereby providing strong security against malware, physical hardware modifications and other threats. Our work with the OpenTitan project, and ongoing collaboration with the open-source community and security ecosystem, furthers our commitment to accelerating the development of more secure data infrastructure as we move into the zettabyte era."
As part of the company's participation in the OpenTitan project, Western Digital is collaborating with lowRISC, Google and others to develop the OpenTitan RoT, including contributing to its initial overall design, hardware block implementation and firmware.
For hardware-based security systems, the most basic building block is a physical RoT. This is a hardware component within a computing module that is automatically considered to be trustworthy by the computer’s operating system. The RoT generally serves as the foundational element in a linked chain of trusted elements, in which each element is secured through verification by a prior trusted element in the chain. In this way, a RoT can be used to bootstrap security across a large complex system consisting of many constituent elements.
A Root of Trust (RoT) is a set of functions in a computing module that is always trusted by the computer’s operating system (OS). The RoT serves as a separate compute engine which controls the trusted computing platform cryptographic processor in the computing platform in which it is embedded.
In a typical implementation, the RoT is interposed physically between the boot processor in the system and the non-volatile ROM or flash which contains the initial boot firmware. From this position, the RoT can validate the integrity of the firmware as it is being read by the boot processor before the system is allowed to boot. In addition, a RoT may also provide a path to recovery if latent firmware bugs permit some compromise to occur. The RoT module may come in the form of a separate chip or a design IP embedded in a system on a chip (SoC).
Key benefits of the OpenTitan RoT include:
- Transparency: Adopters can inspect and contribute to OpenTitan's design, firmware, and documentation, helping to build more transparent, trustworthy hardware RoT chips that benefit everyone.
- High quality: OpenTitan's goal is to build and maintain a high-quality and logically secure RTL design, firmware, and documentation. The project is staffed by expert engineers focused on rigorous design validation and technical documentation, all based on key learnings from designing Google's Titan chips.
- Flexible: Adopters can increase their total addressable market and reduce costs by using a single platform-agnostic hardware RoT design that can be integrated in data center servers, peripherals, and any other hardware platforms.
OpenTitan is managed by lowRISC, an independent not-for-profit engineering organization that uses collaborative engineering to develop and maintain open-source silicon designs and tools.