There is a growing awareness among businesses but also individuals about the importance of cybersecurity to protect our modern, cloud-based daily lives against the constantly growing number of threats and attacks. To address them, today’s cloud in-depth security builds on top of technologies like secure and measured boot, verified software updates, platform attestation and confidential computing. All those beefy, massive hyperscale systems rely on a tiny, unsung hardware hero to implement those technologies: The Silicon Root of Trust (RoT).
Despite their fundamental role in safeguarding our business and lives, not so many people are familiar with what RoTs are. Most of the time, users don’t even know about their presence. The first part of this presentation will thus attempt to describe what a silicon root of trust really is and what its role in modern, large scale platforms is.
But how much can a root of trust really be trusted? If a platform security is entirely based on this tiny piece of silicon, then it is as trustworthy as the silicon root of trust implementation is. To provide the highest levels of confidence and trust, open source and transparent designs for standalone root of trust implementations are emerging, like e.g. the Caliptra and OpenTitan projects. The rest of this presentation will dive into the OpenTitan one, and we will show how a single, 32-bit RISC-V open source CPU core can become the fundamental security block for large server class systems. At the heart of OpenTitan is a set of high quality, comportable and fully open source code bases for every part of the project, from IP block and CPU core RTL to the device ROM itself, including software and design validation. By describing the project IP blocks and their hardened relationships, the security-focused software architecture that runs on top of them, and the device manufacturing flows, we will show how they form one of the most reliable frameworks for building trustable silicon roots of trust.
Samuel Ortiz, Rivos
Samuel Ortiz is a software engineer at Rivos, where he works on security and confidential computing.