OpenTitan's mission is to create a trustworthy, vendor-agnostic open source silicon Root of Trust (RoT) widely adopted across the industry. We do this by implementing strong logical security integrity guarantees in the hardware and firmware components, and restricting licensing of the OpenTitan trademark to those implementations conforming to OpenTitan standards.
The [OpenTitan Security Model Specification][security_model] defines the logical security properties of the discrete IC. It covers device and software attestation, provisioning, secure boot, chip lifecycle, firmware update, chip identity, and chip ownership transfer.
The [OpenTitan Security Model][logical_security_model] provides a high level framework for device provisioning and run-time operations. It starts by enumerating the range of logical entities supported by the architecture, and their mapping into software stages. Runtime isolation properties and baseline identity concepts are introduced in this document.
Silicon designs for security devices require special guidelines to protect the designs against myriad attacks. To that end, the team established [Secure Hardware Design Guidelines][implementation_guidelines] which are followed when developing OpenTitan security IP.
At the functional level OpenTitan aims to provide the following guarantees:
The security goals of the project are derived from a list of target [use cases][use_cases]. The security goals are used to define OpenTitan's [threat model][threat_model], as well as functional and assurance security requirements. Such requirements influence the system architecture, as well as the certification strategy for silicon implementations.
All hardware security primitives adhere to the OpenTitan [comportable][comportable_ip] peripheral interface specification. Implementations for some of these components are available for reference and may not meet production or certification criteria yet.
Digital wrapper for a NIST SP 800-90B compliant entropy source. An additional emulated entropy source implementation will be available for FPGA functional testing.
Cryptographically Secure Random Number Generator (CSRNG) providing support for both deterministic (DRBG) and true random number generation (TRNG).
The DRBG is implemented using the CTR_DRBG
construction specified in NIST SP 800-90A.
Advanced Encryption Standard (AES) supporting Encryption/Decryption using 128/192/256 bit key sizes in the following cipher block modes:
HMAC with SHA-2 FIPS 180-4 compliant hash function, supporting both HMAC-SHA256 and SHA256 modes of operation.
Hardware backed symmetric key generation and storage providing key isolation from software.
Public key algorithm accelerator with support for bignum operations in hardware.
Aggregates alert signals from other system components designated as potential security threats, converting them to processor interrupts. It also supports alert policy assignments to handle alerts completely in hardware depending on the assigned severity.
[aes]: {{< relref “hw/ip/aes/doc” >}} [alert_handler]: {{< relref “hw/top_earlgrey/ip_autogen/alert_handler/doc” >}} [comportable_ip]: {{< relref “doc/rm/comportability_specification” >}} [csrng]: {{< relref “hw/ip/csrng/doc” >}} [entropy_source]: {{< relref “hw/ip/entropy_src/doc” >}} [hmac]: {{< relref “hw/ip/hmac/doc” >}} [keymgr]: {{< relref “hw/ip/keymgr/doc” >}} [logical_security_model]: {{< relref “logical_security_model” >}} [implementation_guidelines]: {{< relref “implementation_guidelines/hardware” >}} [otbn]: {{< relref “hw/ip/otbn/doc” >}} [security_model]: {{< relref “specs” >}} [use_cases]: {{< relref “doc/use_cases” >}} [threat_model]: {{< relref “threat_model” >}}