ZeroRISC Gets $10M Funding, Says Open-Source Silicon Security Inevitable

https://www.eetimes.com/zerorisc-gets-10-million-funding-says-open-source-silicon-security-inevitable/

50•wslh•7mo ago

Comments

tonetegeatinst•7mo ago

When we discuss the security of silicon, and are calling it open silicon, is this because the design specs and libraries are all open source, or is it due to being able to do research on chip attacks without fear of being sued?

transpute•7mo ago

The hardware IP is Apache-licensed, https://github.com/lowRISC/opentitan. Ideally, it will be possible to buy commercial hardware that incorporates an open silicon RoT, perform a reproducible build of open firmware for the device RoT, then sign and install firmware with the device owner's key.

From OP:

> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.

  research on chip attacks without fear of being sued

If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.

transpute•7mo ago

Hopefully 2025 will be the year of open-source silicon + open firmware RoT! https://opensource.googleblog.com/2025/02/fabrication-begins...

For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s... > OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.

For servers, https://github.com/chipsalliance/Caliptra & https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4...

> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.

https://opentitan.org/book/doc/use_cases/index.html & https://github.com/Microsoft/ms-tpm-20-ref

> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.

snvzz•7mo ago

>inevitable

RISC-V based, follows the RISC-V marketing book.

kaszanka•7mo ago

Oh joy. So when this sort of stuff comes to mobile phones, at least when the McDonalds app refuses to start on your pocket general purpose computer (because it's not running software that Google considers 'trustworthy') you'll be able to confidently say that the RTL for the part of the chip that is ultimately responsible for betraying your interests is open source. Surely consolation enough for missing out on your burger discount.

I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.

mrheosuper•7mo ago

"Open" does not mean "open source" anymore thanks to "OpenAI"

pjmlp•7mo ago

It never did, what open source has Open Group ever did?

In the old days Open was about industry standards not source code.

LeFantome•7mo ago

CDE is Open Source :)

But of course, you are correct.

pjmlp•7mo ago

Eventually, after it no longer mattered.

What rare disease AI teaches us about longitudinal health

The Brand Savior Complex and the New Age of Self Censorship

Show HN: A Prompting Framework for Non-Vibe-Coders

Kilroy is a local-first "software factory" CLI

Mathscapes – Jan 2026 [pdf]

80386 Barrel Shifter

Training Foundation Models Directly on Human Brain Data

Web Speech API on HN Threads

ArtisanForge: Learn Laravel through a gamified RPG adventure – 100% free

Your phone edits all your photos with AI – is it changing your view of reality?

DStack, a small Bash tool for managing Docker Compose projects

Hop – Fast SSH connection manager with TUI dashboard

Turning books to courses using AI

Top #1 AI Video Agent: Free All in One AI Video and Image Agent by Vidzoo AI

Ask HN: How would you design an LLM-unfriendly language?

Show HN: MuxPod – A mobile tmux client for monitoring AI agents on the go

March for Billionaires

Turn Claude Code/OpenClaw into Your Local Lovart – AI Design MCP Server

An Nginx Engineer Took over AI's Benchmark Tool

Use fn-keys as fn-keys for chosen apps in OS X

Sir/SIEN: A communication protocol for production outages

Show HN: OpenCode for Meetings

The chaos in the US is affecting open source software and its developers

The world heard JD Vance being booed at the Olympics. Except for viewers in USA

The original vi is a product of its time (and its time has passed)

Circumstantial Complexity, LLMs and Large Scale Architecture

Tech Bro Saga: big tech critique essay series

Show HN: A calculus course with an AI tutor watching the lectures with you

Show HN: 83K lines of C++ – cryptocurrency written from scratch, not a fork

Show HN: SAA – A minimal shell-as-chat agent using only Bash