For client devices, https://lowrisc.org/news/lowrisc-a-decade-of-bringing-open-s... > OpenTitan’s “Earl Grey”, will be the plan of record hardware RoT for [2025] Chromebooks.. Caliptra, another open source Root of Trust project with wide industry adoption, has incorporated a considerable amount of OpenTitan’s IP into its design.. OpenTitan’s CPU core, the Ibex RISC-V microcontroller, is an important project in its own right.. Microsoft based its CHERIoT-Ibex design on lowRISC’s commercial-grade Ibex CPU core, extending it with the proven CHERI hardware security extensions.
For servers, https://github.com/chipsalliance/Caliptra & https://146a55aca6f00848c565-a7635525d40ac1c70300198708936b4...
> Caliptra consists of IP and firmware for an integrated Root of Trust block.. targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs.. implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.
https://opentitan.org/book/doc/use_cases/index.html & https://github.com/Microsoft/ms-tpm-20-ref
> OpenTitan can be used to implement the full Trusted Platform Module (TPM) 2.0 specification to meet client and server platform use cases.
RISC-V based, follows the RISC-V marketing book.
I like to bring up McDonalds as an example because IIRC it requires the highest, 'strong integrity' verdict from SafetyNet/Play Integrity/nom-du-jour. Maybe they should rename it to something with Open in the name when OpenTitan comes to Chromebooks.
In the old days Open was about industry standards not source code.
But of course, you are correct.
tonetegeatinst•7mo ago
transpute•7mo ago
From OP:
> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.
If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.