Today, the hardware-level security of an operating system is an extremely important matter and is taken very seriously by manufacturers. The core security of an operating system depends on a chip separate from the CPU. This chip is called TPM or Trusted Platform Module. TPM stores various keys and other sensitive information that saves the integrity of the entire system. Security chips are also used in embedded platforms where security is the utmost priority. A good example is IoT based smart home control system. If an attacker gets access to the secure keys of various APIs used for controlling “things” remotely, they can do anything. So, these types of keys are stored in TPM.
Silicon Root of Trust (RoT) chips can provide many security benefits by helping to:
- Ensure that a server or a device boots up with the correct firmware and hasn’t been infected by low-level malware.
- Provide a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate.
- Protect secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped).
- Provide authoritative, tamper-evident audit records and other runtime security services.
OpenTitan is the first open-source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips (such as TPMs). The main goal of OpenTitan is to make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. Big companies like Western Digital, Seagate, Nuvoton, etc. are partnering with Google in this project.
OpenTitan being open-source, Root of Trust chip designers can embed this in their design with little or no legal complexities. Also, numerous talented developers can contribute to this project and raise the security standard. Open-source silicon can enhance trust and security by design and implementation transparency. problems can be detected early, and bugs can be fixed. This will also provide implementation choices and preserve a set of common interfaces.