skip to Main Content

OpenTitan: Transparency Leads to Greater Security

Auguste Kerckhoffs
Auguste Kerckhoffs

The statement in the title may seem counter-intuitive – aren’t most security systems based on propriety secrets? Yes, they are. These secrets are the cryptographic root keys on which the security of a system is built. However, this does not mean that everything about a security architecture should remain a secret. On the contrary! This has been defined as one of the most important concepts in cryptography: Kerckhoffs’ principle. This principle states that a cryptosystem can be secure, even if everything about the system – except the key – is public knowledge. So, when it comes to securing the ever-growing internet of things (IoT), transparency and standards could well be the smoothest path to securing each and every connected device. This is where OpenTitan can play a key role for the semiconductor industry.

What is OpenTitan?

OpenTitan is the first open-source project to build a transparent, high-quality reference design, along with integration guidelines, for silicon root of trust (RoT) chips. Since the project is open source, anyone can inspect, evaluate, and contribute to the OpenTitan design and documentation to help build a more transparent, trustworthy silicon RoT for all. The project’s aim is to build and maintain a high-quality, logically secure silicon design, including reference firmware, verification collateral, and technical documentation. Adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design that can be integrated into data center servers, storage devices, peripherals, and other hardware.

RoT Integration Banner 1024x170

Why is OpenTitan important?

With the growing need for security for an increasing number of connected devices, the need for easier-to-secure solutions has become critical. OpenTitan enables developers to use an open-source RoT that is completely transparent and verifiable. The documented designs can be inspected before they are used in a product. Included with the implementation is the design verification, which not only enables users to verify the design, but also helps with the integration and evaluation of OpenTitan in a product.

Thinking back on Kerckhoffs’ principle, we know that an RoT like OpenTitan can be public knowledge, as is the case with an open-source implementation, as long as the root key of the system remains a secret. So, how do we protect the foundational secret of a cryptosystem, the root key?

Integrating QuiddiKey into OpenTitan

Intrinsic ID QuiddiKey® is a hardware IP solution that enables device manufacturers and designers to secure their products with internally generated, device-unique cryptographic keys without the need for adding costly, security-dedicated silicon. It uses the inherently random start-up values of SRAM as a physical unclonable function (PUF), which generates the entropy required for a strong hardware root of trust. QuiddiKey IP can be applied easily to almost any chip – from tiny microcontrollers (MCUs) to high-performance systems-on-chip (SoCs).

By integrating QuiddiKey into OpenTitan, Intrinsic ID is enabling developers to securely generate and store the cryptographic root keys that provide the security for the RoT. They can combine the security and key management benefits of QuiddiKey with the advantages of the reduced costs and streamlined development offered by OpenTitan. A new application note, “OpenTitan QuiddiKey Integration,” is now available for teams evaluating the integration of QuiddiKey into OpenTitan. This application note provides a step-by-step integration guide. The final result is a modification of the OpenTitan reference design that integrates QuiddiKey as a peripheral.

If your team is using, or considering the use of OpenTitan, and you would like to explore an integration with QuiddiKey? You can access the application note now and contact Intrinsic ID for the associated files.

OT QK
OpenTitan with QuiddiKey

This Post Has 0 Comments

Leave a Reply

Your email address will not be published.

Back To Top