Kwakusemuva ngo-2019 lapho sabelana lapha kubhulogi izindaba zokuqala kokuthuthuka kwe- Inkundla evulekile ye-OpenTitan, lapho i-Google ihlanganyele nezinkampani ezimbalwa ukuze ithuthukiswe futhi manje ngemva kweminyaka engaphezu kweyisithupha yentuthuko, i-Google inikeze ukukhanya okuluhlaza ngokukhiqizwa kwayo.
Kulabo abangazi nge-OpenTitan, kufanele wazi ukuthi lokhu Kuwuhlaka oluqinile noluqinisekisiwe olusetshenziselwa ukwakha izingxenye zehadiwe ezithenjwayo., noma "izimpande zokwethembana," kubalulekile ukuze kuqinisekiswe ubuqotho bakho kokubili ihadiwe nesofthiwe yesistimu. Ngokunikeza isisombululo esilungele ukusetshenziswa, iphrojekthi isiza ukunciphisa kakhulu izindleko nobunzima ekuthuthukisweni kwama-chips akhethekile.
Izicelo ze-OpenTitan
I-OpenTitan ivumela ukusetshenziswa kwayo ezinhlobonhlobo zamadivayisi, kusukela kumabhodi omama weseva namakhadi enethiwekhi kuya ezintweni zabathengi, amarutha namadivayisi we-IoT. Lawa ma-chips ane ikhono lokuqinisekisa i-firmware nama-bootloaders, khiqiza izihlonzi ezi-cryptographically ezihlukile ukuze zinqande ukuphazamisa nokuhlinzeka ngezinsizakalo zokuphepha ezibalulekile, njengokuhlukanisa okhiye be-cryptographic ekufinyeleleni okungagunyaziwe ngokomzimba.
Ngaphezu kwalokhu, isiteji ihlanganisa uchungechunge lwamabhulokhi anengqondo wama-chips athembekile, okuhlanganisa i-microprocessor yomthombo ovulekile esekelwe ekwakhiweni kwe-RISC-V (RV32IMCB Ibex), ama-coprocessors akhethekile emisebenzini ye-cryptographic, i-hardware generator inombolo engahleliwe kanye nomphathi oyinhloko osekelwa i-DICE.
Ku-OpenTitan, futhi Izindlela ezithuthukisiwe ezihlukene zifakwe ukuze kugcinwe idatha evikelekile kumemori yokusebenza nengunaphakade, kanye nezingxenye ezibalulekile zokuqalisa okuphephile. Ngaphezu kwalokhu, idivayisi Inamamojula asebenzisa ama-algorithms wokubethela ajwayelekile, njenge-AES ne-HMAC-SHA256, futhi ifaka isisheshisi esithuthukisa ukusebenza kwezibalo ezisetshenziswa kuma-algorithms wesiginesha yedijithali ngokusekelwe ekubetheleni kokhiye basesidlangalaleni.
Ukungafihli nokusebenzisana
Kuyafaneleka ukusho ukuthi iphrojekthi ye-OpenTitan Iqale ngaphansi kwe-Google, nakuba ngokushesha yadluliselwa enhlanganweni engenzi nzuzo i-lowRISC, okuphawula uguquko olunamasu oluya endleleni esekelwe emphakathini kanye neyokuhlanganyela. Ngokuhamba kwesikhathi, intuthuko yayiqala ukubaluleka sibonga ukwengezwa kwemikhiqizo ebalulekile embonini. Lokhu kubambisana okubanzi kusekelwe obala nolwazi oluvulekile, njengoba yonke imininingwane yekhodi nehadiwe ishicilelwa ngaphansi kwelayisensi ye-Apache 2.0, okusiza ukuqinisekiswa okuzimele kwengxenye ngayinye.
Ubuchwepheshe obukhuthazayo I-OpenTitan zivela kuzixazululo ezihlolwe ngaphambilini, njenge-Google Titan Cryptographic USB Tokens nama-TPM chips asetshenziselwa ukuqinisekisa ukuqalisa okuqinisekisiwe kumaseva e-Google, kanye namadivayisi afana nama-Chromebook namaphikiseli.
Ngokungafani nezinye izimpande zokuqaliswa kokuthembela, i-OpenTitan yakhelwe phezu kwesisekelo sokuthi ukuphepha kuyaqiniswa ngokubonakala okuphelele. Okusho ukuthi kokubili amadizayini ekhodi nezingxenyekazi zekhompuyutha ayatholakala esidlangalaleni, angavumeli nje kuphela ukucwaninga okungapheli komphakathi, kodwa futhi asusa ukuncika kubathengisi bobunikazi noma abakhiqizi. Ukuvula inqubo yokuthuthukisa, ngokwakho, kuyisiqinisekiso sokuthi uhlelo lwakhiwe ngamazinga aphezulu ekhwalithi kanye nomthwalo wemfanelo okwabelwana ngawo.
Isici esibalulekile se-OpenTitan ikhono layo lokufaka, okokuqala ngqa kumsuka womthombo ovulekile wokwethenjwa, indlela evikelekile ye-bootstrap ye-post-quantum esekelwe ku-SLH-DSA ye-algorithm yesiginesha yedijithali (Sphincs+). Lokhu kubalulekile njengoba yakhelwe ukumelana nokuhlaselwa ngamandla ngisho nasemongweni we-quantum computing, ukubeka i-OpenTitan njengendlela yokuphepha yedijithali esikhathini se-post-quantum.
Kuhle ukusho ukuthi ama-chips okuqala azokhiqizwa yi-Nuvoton futhi ethulwe njengafanele amaphrojekthi okukhiqiza, neqoqo lokuhlola selikhishiwe ukuze lihlolwe kuyilapho ukukhiqizwa ngobuningi kulindeleke ukuthi kuqale kule ntwasahlobo.