



# OpenTitan®

Past, Present & Future of Open Secure Silicon



Dominic Rizzo

**zeroRISC Inc. CEO  
OpenTitan Project Director**

# The world's most active open-source silicon project

- @ RTL Freeze, chip-in-hand 2023, integrated upstream by EoY
- Transparent, flexible, high quality ecosystem – a resilient and growing coalition of partners
- This talk: the past, present and future of open secure silicon



---

# Past: Building an Open Silicon Coalition

# Key OpenTitan Milestones

- ~2018 Silicon Transparency Working Group chartered: lowRISC, Google & ETH Zürich
- Feb 2019 – First definition of **Comportable IP**; first use of **standard, auto-gen'd documentation**
- Jun 2019 – **SystemVerilog style guide** defined
- Jun 2019 – OpenTitan **Technical Charter** defines Steering Committee, Technical Committee roles
- ~July 2019 OpenTitan chartered: Silicon, Security & Software Working Groups established
- Aug 2019 – **Continuous Integration** running on every pull request
- Oct 2019 – Structured **Hardware Development Milestones** defined
- Nov 2019 – Public launch of the OpenTitan repository
- ...
- Oct 2020 – Continuous Integration extended to include **running tests on FPGA**
- July 2022 - Integrated WG chartered
- July 2022 – regular **Silicon Commons training** for new starters established
- May 2023 – Silicon Commons delivers: open-source chip with 35+ IPs developed by 140 contributors from 10 partners enables 2023 Engineering Sample tapeout with RTL freeze
- Ongoing – 10 partner organizations actively contribution to discrete and integrated top-level development

# OpenTitan Discrete: the “Earl Grey” Top-Level

|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul style="list-style-type: none"> <li>RV32IMCB RISC-V "Ibex" core:           <ul style="list-style-type: none"> <li>3-stage pipeline, single-cycle multiplier</li> <li>Selected subset of the bit-manipulation extension</li> <li>4kB instruction cache with 2 ways</li> <li>RISC-V compliant JTAG DM (debug module)</li> <li>PLIC (platform level interrupt controller)</li> <li>U/M (user/machine) execution modes</li> <li>Enhanced Physical Memory Protection (ePMP)</li> </ul> </li> <li>Security features:           <ul style="list-style-type: none"> <li>Low-latency memory scrambling on the icache</li> <li>Dual-core lockstep configuration</li> <li>Data independent timing</li> <li>Dummy instruction insertion</li> <li>Bus and register file integrity</li> <li>Hardened PC</li> </ul> </li> <li>Security peripherals:           <ul style="list-style-type: none"> <li>AES-128/192/256 with ECB/CBC/CFB/OFB/CTR modes</li> <li>HMAC / SHA2-256</li> <li>KMAC / SHA3-224, 256, 384, 512, [c]SHAKE-128, 256</li> <li>Programmable big number accelerator for RSA and ECC (OTBN)</li> <li>NIST-compliant cryptographically secure random number generator (CSRNG)</li> <li>Digital wrapper for analog entropy source with FIPS and CC-compliant health checks</li> <li>Key manager with DICE support</li> <li>Manufacturing life cycle manager</li> <li>Alert handler for handling critical security events</li> <li>OTP controller with access controls and memory scrambling</li> <li>Flash controller with access controls and memory scrambling</li> <li>ROM and SRAM controllers with low-latency memory scrambling</li> </ul> </li> </ul> | <ul style="list-style-type: none"> <li>Memory:           <ul style="list-style-type: none"> <li>2x512kB banks eFlash</li> <li>128kB main SRAM</li> <li>4kB Always ON (AON) retention SRAM</li> <li>32kB ROM</li> <li>2kB OTP</li> </ul> </li> <li>IO peripherals:           <ul style="list-style-type: none"> <li>47x multiplexable IO pads with pad control</li> <li>32x GPIO (using multiplexable IO)</li> <li>4x UART (using multiplexable IO)</li> <li>3x I2C with host and device modes (using multiplexable IO)</li> <li>SPi device (using fixed IO) with TPM, generic, flash and passthrough modes</li> <li>2x SPI host (using both fixed and multiplexable IO)</li> </ul> </li> <li>Other peripherals:           <ul style="list-style-type: none"> <li>Clock, reset and power management</li> <li>Fixed-frequency timer</li> <li>Always ON (AON) timer</li> <li>Pulse-width modulator (PWM)</li> <li>Pattern Generator</li> </ul> </li> <li>Software:           <ul style="list-style-type: none"> <li>Boot ROM code implementing secure boot and chip configuration</li> <li>Bare metal applications and validation tests</li> </ul> </li> </ul> |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|



# Individual Contributors

## Monthly

- ~10 organizations
- 40+ contributors
- 100s of commits, issues, PRs
- 1000s of file changes
- 10,000s of individual edits

## 5+ Years (chartered 2018)

- 140+ unique contributors
- 13k merged PRs
  - 20k commits
- 1.5M LoC (0.5M HDL)



# Organizational Partners



## Steering Committee

**Google**

**G+D**  
Mobile Security

**winbond**

**nuvoton**

**RivOS**

**ETH zürich**

**zeroRISC**

**Western Digital**

**SEAGATE**



## Contributors

## Technical Committee

## Committees

# Problem: *Scalable Open Silicon Development*



one skilled engineer



to develop a RISC-V core and open-source it



a team of engineers



to verify the core and bring it to commercial maturity



multiple teams of engineers



to design a chip around the core and deliver it to customers



multiple organizations with multiple teams



to develop and maintain the RTL, DV, firmware, & infrastructure for a complete open silicon ecosystem

**Need to get quality, collaboration and consensus right – from the start**



# Solution: The Silicon Commons

## Collateral

- [Extensive website](#)
- [Comportability](#)
- [Block documentation](#)
- [Top-level datasheet\(s\)](#)
- [Getting started guide\(s\)](#)
- Open silicon partner training sessions and material
- [How-to contribute](#) guides
- ...

## Technology

- Automated [code templating](#) and [documentation](#) generation
- [Continuous integration](#)
- [Nightly regressions](#)
- FPGA farm
- NewAE's [CW310](#), CW340 development platforms
- Hyperdebug & [opentitantool](#)
- ...

## Processes

- [Governance](#): SC, WGs, [TC](#), [Committers](#), PD
- [Hardware development stages](#)
- [RFC process](#)
- Yearly roadmap
- Tapeout Tech Leads
- On-call regression triage
- Certification-sensitive NDAs
- [Trademark policy](#)
- ...

# Silicon Commons: CI is a *massive* component



---

# Present: Commercial Silicon

# Discrete Shuttle RTL Freeze

## Burndown: IP Blocks to M2.5

- >90% on nightlies + >90% coverage



# Tapeout and Engineering Sample Silicon

## OpenTitan EarlGrey ASIC

[Datasheet](#)



Discrete Engineering Samples August '23



# OpenTitan as an Ecosystem Platform

## DANA: Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering

Nils Albari<sup>1,2</sup>, Max Hoffmann<sup>1,2</sup>, Sebastian Tammel<sup>1</sup>, Leonid Assiels<sup>3</sup> and

<sup>1</sup> Ruhr

## AKER: A Design and Verification Framework for Safe and Secure SoC Access Control

Francesco Restuccia<sup>1</sup>, Andres Meza<sup>\*</sup>, and Ryan Kastner<sup>\*</sup>  
University of California San Diego

<sup>\*</sup>Scuola Superiore Sant'Anna Pisa

**Abstract:** Examples of Intellectual Trojans. This is a large body of data showing that key idea is control in without that the ranging of-of-the-art with sup demonst whether the two applic already al also deno Hence Di netlists an the other synthe **Keywords:**

Abstract—Mech architectures what shared resources. I provided levels for by an access control for SoC access control (ACW) – a high access control system wrapping control access to the SoC and security. AKER MITRE compliant controls the IP of the ACW module at the ACW when among shared resources of access control is evaluated. X. K. with the OpenTITAN access control syst

Modern systems consist of memory hierarchy, communication network, information between with tight constraints [2].

In security-critical levels of trust nature. Examples isolated from an accessible during can be seen.

In order to verify dynamic hardware observation that there such a solution, an observation. Specifically, model and fuzz the address is how to hardware and software to represent test cases, crash, 3) what is a normal operation require an efficient

The access control and normal operation require a rigorous correctness. Additionally,

## Fuzzing Hardware Like Software

Alex Chernyakhovsky,  
Garret Kelly, Dominic Rizzo  
Computer Science & Engineering

Pascal Nasahl  
Timothy

## Kronos: Verifying leak-free reset for a system-on-chip with multiple clock domains

by  
Noah Moroze

Submitted to the Department of Electrical Engineering and Computer Science  
on January 15, 2021, in partial fulfillment of the  
requirements for the degree of  
Master of Engineering in Electrical Engineering and Computer Science

## Abstract

Notary [3] uses formal verification to prove a hardware-level security property called deterministic start for a simple system-on-chip (SoC). Deterministic start requires that an SoC's state is fully reset by boot code to ensure that secrets cannot leak across reset boundaries. However, Notary's approach has several limitations. Its

## SYNFI: Pre-Silicon Fault Analysis of an Open-Source Secure Element

## To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures

Alexander Wagner<sup>\*</sup>  
Fraunhofer AISEC  
Garching, Germany

Felix Oberholz<sup>\*</sup>  
Fraunhofer AISEC  
Garching, Germany

Marc Schink<sup>\*</sup>  
Fraunhofer AISEC  
Garching, Germany

## SCRAMBLE-CFI: Mitigating Fault-Induced Control-Flow Attacks on OpenTitan

Pascal Nasahl  
Graz University of Technology  
pascal.nasahl@tugraz.at

Stefan Mangard

## Microsoft Security Response Center

## What's the smallest variety of CHERI?

Security Research & Defense / By Saar Amar / September 6, 2022

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest microcontrollers. These cores are very different from the desktop and server-class processors that have been the focus of the [Morrolo](#) project.

## 1 Intro

Understanding Reverse Engineering, instance, it can hardware Trojan communication industry practice, including the U

Licensed under  
Received: 2020-

Report an issue

---

# Future: A Design Ecosystem

# OpenTitan Project Roadmap

2022                          2023                          2024





# SPHINCS+ Verified Boot in ROM

- TC approved Jan 2023, implementation complete May 2023
- HSM integration for Eng Sample discrete silicon
- Full L1 security parameters; ~12ms verification
- E2E & SPX+ reference test suites
- Hardware accelerated, hardened implementation



# Commercial Tapeout: Nuvoton

- Experienced TPM vendor
- Responsible for turning a commercial-quality design into a commercially relevant chip: analog components, security sensors and countermeasures; abstracted through AST, secure manuf. and bring-up
- Aligned w/ certification requirements, inc. MSSR site
- Manages the tapeout process w/ the foundry
- Partners w/ OpenTitan partners like lowRISC, Google and zeroRISC on final integration and test



# What Is OpenTitan Integrated?



- 1st new formal Working Group since project start
- Adapting the [OpenTitan](#) IP ecosystem a larger SoC's secure subsystem
- *Not a single design*; SoC integration is highly variable: chiplets, mobile, consumer, IoT, IIoT, etc.
- Certification alignment: FIP 140-3 and PP-0117

# Integrated OT RoT (Type A): “Darjeeling” Top-Level



---

# Q & A

## Key Takeaways

- Discrete design is done
- Eng Sample silicon this year
- Integrated upstream this year
- Scalable development model
- Broadly adopted ecosystem of IP