lowRISC, presented the first commercial open source chip based on OpenTitan

In mid-2019 we shared here on the blog the news of the launch of the OpenTitan project, which was an open source initiative designed to encourage the development of the so-called ROT (Root of Trus) for data centers and consumer devices. This project was originally founded by Google, along with many other renowned companies, and Google later decided to transfer the project into the hands of lowRISC.

The reason for mentioning this is that lowRISC recently unveiled, via a blog post, the availability of the first commercial chip built on the open OpenTitan platform, which represents the culmination of the project's ultimate success after five years of strong collaboration and investment.

"We have had the privilege of working closely with our OpenTitan coalition partners from the beginning and are now even prouder to bring the first OpenTitan 'EarlGrey' chip design to market, demonstrating our leadership in open and secure integrated circuits," he said. Erez Naory, vice president. of Customers and Security Products at Nuvoton. “Open source secure silicon has proven to be a radical advance in solving the market need for a truly trusted foundation.”

OpenTitan differs from traditional Root of Trust implementations by adopting the concept of “security through transparency”. This implies the complete availability of the code and circuits, along with a completely transparent development process that is not tied to specific suppliers or chip manufacturers. OpenTitan solutions are based on technologies used in Google Titan cryptographic USB tokens and verified boot TPM chips installed on Google infrastructure servers, as well as Chromebooks and Pixel devices.

OpenTitan It stands as a Root of Trust (ROT) platform that is used to ensure the integrity of the hardware and software elements of a system. This involves ensuring that critical parts of the system have not been tampered with and are based on a verified and authorized manufacturer's code. The project offers a ready-to-use, tested and reliable framework that allows increasing confidence in the solutions developed and reduces the costs associated with the development of specialized security chips.

LoOpenTitan-based chips are versatile and can be deployed in a variety of devices, such as server motherboards, network cards, consumer devices, routers and IoT devices. These chips have various functions, including verifying firmware and boot components, generating cryptographically unique system identifiers (to protect against hardware replacement), isolating cryptographic keys (in case an attacker gains physical access to the equipment), and the provision of security-related services. Additionally, OpenTitan maintains an isolated audit log that cannot be edited or deleted, providing an additional level of security and transparency.

OpenTitan integrates a variety of logic blocks essentials designed for RoT (Root of Trust) chips. These include:

• Open microprocessor: Based on the RISC-V architecture (RV32IMCB Ibex), it provides the ability to execute code and perform security-critical tasks.
• Cryptographic coprocessors: These coprocessors are designed to accelerate cryptographic operations such as encryption, decryption, digital signature and verification.
• Hardware random number generator: Essential to generate secure random numbers used in cryptographic processes.
• Key manager with DICE support: DICE (Device Identifier Composition Engine) is a mechanism for creating and managing unique and secure device identifiers.
• secure data storage: Allows you to safely store critical information, both in permanent memory and in RAM.
• security technologies: Includes dedicated blocks to ensure system security, such as intrusion detection, integrity monitoring, etc.
• I/O blocks: Provides input and output interfaces for communication with other system components.
• Secure Boot: Facilitates secure system startup, ensuring that only trusted code is executed.

Additionally, OpenTitan includes blocks dedicated to implementing common cryptographic algorithms, such as AES (Advanced Encryption Standard) and HMAC-SHA256 (Hash-based Message Authentication Code using SHA-256). It also integrates a mathematical accelerator designed for public key digital signature algorithms, such as RSA and elliptic curve algorithms. These components are critical to ensuring the security and integrity of the systems on which OpenTitan is deployed.

finally if you are interested in knowing more about it, you can check the details In the following link.