ZeroRISC Gets $10M Funding, Says Open-Source Silicon Security Inevitable

https://www.eetimes.com/zerorisc-gets-10-million-funding-says-open-source-silicon-security-inevitable/

50•wslh•7mo ago

Comments

tonetegeatinst•7mo ago

When we discuss the security of silicon, and are calling it open silicon, is this because the design specs and libraries are all open source, or is it due to being able to do research on chip attacks without fear of being sued?

transpute•7mo ago

The hardware IP is Apache-licensed, https://github.com/lowRISC/opentitan. Ideally, it will be possible to buy commercial hardware that incorporates an open silicon RoT, perform a reproducible build of open firmware for the device RoT, then sign and install firmware with the device owner's key.

From OP:

> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.

  research on chip attacks without fear of being sued

If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.

transpute•7mo ago

Hopefully 2025 will be the year of open-source silicon + open firmware RoT! https://opensource.googleblog.com/2025/02/fabrication-begins...

For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s... > OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.

For servers, https://github.com/chipsalliance/Caliptra & https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4...

> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.

https://opentitan.org/book/doc/use_cases/index.html & https://github.com/Microsoft/ms-tpm-20-ref

> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.

snvzz•7mo ago

>inevitable

RISC-V based, follows the RISC-V marketing book.

kaszanka•7mo ago

Oh joy. So when this sort of stuff comes to mobile phones, at least when the McDonalds app refuses to start on your pocket general purpose computer (because it's not running software that Google considers 'trustworthy') you'll be able to confidently say that the RTL for the part of the chip that is ultimately responsible for betraying your interests is open source. Surely consolation enough for missing out on your burger discount.

I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.

mrheosuper•7mo ago

"Open" does not mean "open source" anymore thanks to "OpenAI"

pjmlp•7mo ago

It never did, what open source has Open Group ever did?

In the old days Open was about industry standards not source code.

LeFantome•7mo ago

CDE is Open Source :)

But of course, you are correct.

pjmlp•7mo ago

Eventually, after it no longer mattered.

Dexterous robotic hands: 2009 – 2014 – 2025

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

Hello world does not compile

Show HN: ZigZag – A Bubble Tea-Inspired TUI Framework for Zig

Metaphor+Metonymy: "To love that well which thou must leave ere long"(Sonnet73)

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo