lowRISC CIC says:
Recent headlines about ransomware attacks, account phishing, and identity theft continue to underscore the critical importance of cybersecurity in our everyday lives. This has led to a growing awareness among most businesses and households of important mitigations like encryption, 2-factor authentication and verified software updates. But guess what? There's an unsung hero behind all these safeguards that underpins their effectiveness: the silicon Root of Trust (RoT).
And yet, despite the vital role these RoTs play, few people, including even security professionals, are familiar with what a Root of Trust is — or in fact that it even exists. What’s more, given how essential these devices are to the safety of our products and to enabling our modern way of life, RoTs are not as ubiquitous as they should be.
So, what does a Root of Trust do exactly? Many things, but amongst the most important are ensuring that only authorized code can run on the system it sits in, and securely storing secrets independent from that device’s operating system.
The first of these you can think of like a bouncer guarding the front door of a nightclub who pats you down before he lets you in. It won’t allow any suspicious code - such as low-level ransomware -- to enter and wreck the party.
The second is an essential method to secure critical data -- such as your biometrics like fingerprints and facial profile -- against theft, even if the device’s OS is compromised.
These silicon RoTs are so important to modern society that we at lowRISC believe their design and implementation should be transparent. Otherwise, how can users be confident that its security features are as strong and robust as they need to be?
That is why we host and support OpenTitan™, the world’s first open-source silicon Root of Trust design. Our collaborative Silicon Commons chip development approach allows us — together with our partners — to create designs of known good provenance that anyone can examine, extend and integrate, sharing our collective expertise as we do. Crucially, this enables users to believe in the security claims being made, because transparent designs enable independent scrutiny.
While this way of working has become widespread in the software domain — with open source collaboration proving hugely beneficial to businesses and consumers alike — progress on the hardware side has been slower, as chip creators have, perhaps understandably given the huge costs of development, sought to keep their intellectual property to themselves. But the OpenTitan project shows how times are changing. That’s because with open hardware designs, we get not only better security but faster innovation and better products too, making the approach a win-win for business and consumers alike.
So as we round out a month dedicated to increasing cybersecurity awareness — in which we’ve been reminded to strengthen our passwords and promptly install all software updates — remember that small but essential piece of hardware, the silicon RoT. This unsung hero is working behind the scenes to keep your money and data secure, every time you fire up your laptop, unlock your car, or buy a coffee with your phone. So wouldn’t you like to know what’s inside it? With OpenTitan, you can.
