The chips that power all our devices – from smartphones to servers in data centres – are vulnerable to attack. The earlier a hacker can get in to a system, the more power over it they can have. And if they attack a device as it’s turning on, they can take full control.
In 2017, Google unveiled its Titan security chip that’s since been used in its servers and Google-branded smartphones. Titan checks the firmware and software that’s being loaded as a machine boots up and cryptographically checks it is correct – reducing the chances of boot attacks.
But the chip is proprietary and isn’t used outside of any Google products. Now, the company has a plan to change this. Alongside a handful of partners, including Swiss university ETH Zurich and Western Digital, it’s taking some of its tech and making it available to anyone.
The result? OpenTitan, an effort to make silicon chip design more consistent and less closed off. “Open-sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure,” says Royal Hansen, vice president of security at Google.
“We built our own chips, we design them, we know what’s in them, we can trust the very first thing that boots,” Hansen says. “But what about everybody else? We’re stuck in our own black box compared to everybody else.”
Google’s existing Titan chip ensures that when a machine starts it does so in a condition where the code is verified as being safe. The company says this “establishes the hardware root of trust” for its data centres. It’s this trust that the new group wants to bring to other chips.
OpenTitan is creating an open source microprocessor, the cryptographic elements needed to verify systems, firmware, plus the design and layout of the overall product. It’s intended that anyone will be able to inspect and evaluate the design and ultimately it could be built into data centre servers, storage devices and other pieces of tech.
When security vulnerabilities exist in the chips that underpin all of our devices, the results can be disastrous. In January 2018 the existence of the Spectre and Meltdown flaws impacting widely used microprocessors were publicly disclosed for the first time.
Intel chips created as far back as 1995 were found to have flaws and those from the world’s other big designers and manufacturers: ARM and AMD, didn’t get off the hook either. The problems resulted in Google, Microsoft, Mozilla and Apple all scrambling to issue patches. More than a year after the vulnerabilities were first disclosed, an elite team of Intel experts were still dealing with the fallout.
“In a world that is increasingly digital, I don’t think you can understate our future confidence in that world without the root of trust,” Hansen says. “Think about all the societal dependence we have on software, all of that somewhere lands in a booted computer. The first instruction is the only way you can be confident in it.”
To distance itself from the project, Google isn’t managing OpenTitan. It doesn’t want to be seen running a scheme that could change how the chips that are used in millions of devices are constructed. Instead it’s being organised by non-profit hardware organisation lowRISC.
Gavin Ferris, a member of the lowRISC board, says it has taken 18 months to get to the point of launching OpenTitan and the group is still only mid-way through its initial work. It’s possible that it will take another 18 months for the first chips using the framework to be produced.
However, Ferris says the idea behind OpenTitan is to open source as much technology as possible to improve security around the root of trust. “Do you really want all of this opaque mystery in this root of trust, or would you rather take one that’s open down to the gate level? Where everything that be can be opened has been opened,” Ferris says.
There’s nothing new about open source technology being used to increase security. However, it’s most often used within software. For instance, the FIDO Alliance, a group including Amazon, Facebook, Microsoft, Google and others, is trying to eliminate our reliance on passwords. FIDO has created a set of rules that can be used to help identify people.
Software being open and available to anyone allows it to be inspected for security flaws. The code behind the end-to-end encrypted messaging app Signal, which also underpins WhatsApp’s encryption, is available for anyone to inspect and find flaws with. Android, Linux, and Google’s Chromium, have also benefitted from open source security elements.
Hardware presents a different problem though – it’s harder to make money from launching physical products and there’s often more intellectual property required for the manufacture of individual components. “Open source software is almost old hat now,” Hansen says. “How do we bring the hardware world to that same level of boringness that exists for open source?” The challenge for the group behind OpenTitan will be getting more companies to implement its chip designs.
Both Hansen and Ferris say security may be one way to use open source hardware at scale. “Down that production line can roll all sorts of different design points, devices, systems,” Ferris says. That future is a long way off though. Hansen says he would like to see “many hardware manufacturers” using the framework OpenTitan is creating.
The benefit to Google opening up? It won’t necessarily need to spend millions on manufacturing its own chips. “We can use them without making our own,” Hansen says. “And others can use them in the same way, so the trust could be transited and not simply be from one company to the next.”