ZeroRISC Gets $10M Funding, Says Open-Source Silicon Security Inevitable

https://www.eetimes.com/zerorisc-gets-10-million-funding-says-open-source-silicon-security-inevitable/

50•wslh•7mo ago

Comments

tonetegeatinst•7mo ago

When we discuss the security of silicon, and are calling it open silicon, is this because the design specs and libraries are all open source, or is it due to being able to do research on chip attacks without fear of being sued?

transpute•7mo ago

The hardware IP is Apache-licensed, https://github.com/lowRISC/opentitan. Ideally, it will be possible to buy commercial hardware that incorporates an open silicon RoT, perform a reproducible build of open firmware for the device RoT, then sign and install firmware with the device owner's key.

From OP:

> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.

  research on chip attacks without fear of being sued

If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.

transpute•7mo ago

Hopefully 2025 will be the year of open-source silicon + open firmware RoT! https://opensource.googleblog.com/2025/02/fabrication-begins...

For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s... > OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.

For servers, https://github.com/chipsalliance/Caliptra & https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4...

> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.

https://opentitan.org/book/doc/use_cases/index.html & https://github.com/Microsoft/ms-tpm-20-ref

> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.

snvzz•7mo ago

>inevitable

RISC-V based, follows the RISC-V marketing book.

kaszanka•7mo ago

Oh joy. So when this sort of stuff comes to mobile phones, at least when the McDonalds app refuses to start on your pocket general purpose computer (because it's not running software that Google considers 'trustworthy') you'll be able to confidently say that the RTL for the part of the chip that is ultimately responsible for betraying your interests is open source. Surely consolation enough for missing out on your burger discount.

I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.

mrheosuper•7mo ago

"Open" does not mean "open source" anymore thanks to "OpenAI"

pjmlp•7mo ago

It never did, what open source has Open Group ever did?

In the old days Open was about industry standards not source code.

LeFantome•7mo ago

CDE is Open Source :)

But of course, you are correct.

pjmlp•7mo ago

Eventually, after it no longer mattered.

SectorC: A C Compiler in 512 bytes

The F Word

Brookhaven Lab's RHIC concludes 25-year run with final collisions

Speed up responses with fast mode

Software factories and the agentic moment

Stories from 25 Years of Software Development

Hoot: Scheme on WebAssembly

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

I write games in C (yes, C)

First Proof

Show HN: A luma dependent chroma compression algorithm (image compression)

The Waymo World Model

Al Lowe on model trains, funny deaths and working with Disney

Vocal Guide – belt sing without killing yourself

Start all of your commands with a comma (2009)

Reinforcement Learning from Human Feedback

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Selection Rather Than Prediction

Coding agents have replaced every framework I used

The AI boom is causing shortages everywhere else

A Fresh Look at IBM 3270 Information Display System

France's homegrown open source online office suite

72M Points of Interest

We mourn our craft

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Where did all the starships go?

Show HN: Kappal – CLI to Run Docker Compose YML on Kubernetes for Local Dev

Learning from context is harder than we thought

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

History and Timeline of the Proco Rat Pedal (2021)