With hackers deploying sophisticated attacks against operating systems, processors, and even firmware, manufacturers have increasingly turned to a tamper-resistant processor—or part of one—often called a “secure enclave” to stymie all sorts of attacks. They place in that immutable chip the “root of trust” on a device, relying on it to run cryptographic checks every time the system starts to make sure nothing has been subtly, maliciously altered. If something is wrong, the secure enclave stops the machine from booting up. Which leads to a nagging question: How can you always be sure that you can trust the secure enclave itself?
It’s not a hypothetical. While secure root of trust schemes offer real security improvements in many ways, researchers have repeatedly shown that it can be possible to undermine those chips. Which is why Google and a consortium of companies, nonprofits, and academic institutions have all signed on to an initiative meant to improve the transparency—and ultimately the security—of secure enclaves. Known as “Open Titan,” the project aims to lift the fog of proprietary machine code and clandestine manufacturing that makes any processor difficult to fully trust. It’s managed and directed by the open source hardware nonprofit lowRISC CIC.
“This is not just bits of intellectual property floating around, but actually a real design and a real engineering organization that’s not for profit,” says Gavin Ferris, cofounder and director of lowRISC. “We believe that transparency and security go hand in hand, everything aligns with doing an open source root of trust. Chips from existing vendors are opaque, there’s a lot of mystery meat inside them in terms of what’s going on. You can talk to them from your operating system, but what’s below there? What are the components underneath it and the architecture? None of that’s visible.”
Open Titan is loosely based on a proprietary root of trust chip that Google already uses in its Pixel 3 and 4 phones. But Open Titan is its own chip architecture and extensive set of schematics developed by engineers at lowRISC along with partners at ETH Zurich, G+D Mobile Security, Nuvoton Technology, Western Digital, and, of course, Google.
Open Titan is structured to run much like a high-quality, high-reliability open source software project. Think Linux, but for chips. The consortium will use community feedback and contributions to develop and improve the industry-grade chip design, while lowRISC will manage the project and keep suggestions and proposed changes from going live haphazardly.
You can check out the Open Titan Github repository right now, but the schematics aren’t finished yet. The consortium wanted to debut the project midway through its development so that it can benefit from early public scrutiny and input. Currently you can test out parts of the Open Titan architecture on a special type of reprogrammable processor called a Field Programmable Gate Array, but complete Open Titan chips won’t be manufacturable right away. The exact timing of the release will depend on a few factors, like how much community feedback the project receives and how difficult those issues are to resolve.
It also remains to be seen whether anyone will actually manufacture them. But manufacturers in search of a secure root of trust could find both security and economic benefits in Open Titan. The publicly available option will potentially allow companies to get around the licensing fees imposed by silicon designers like ARM. And the Open Titan design will pull back the curtain on historically buggy—and therefore potentially vulnerable—parts of chip design, like firmware and data processing flows.
At the same time, any company hoping to use Open Titan will need to adapt and implement it correctly, and without introducing new vulnerabilities, to interoperate with existing software. And Open Titan faces competition from heavy hitters like Microsoft, which recently announced its own proprietary hardware to bypass firmware in establishing a secure root of trust.