Today, we have announced an exciting new partnership with lowRISC and Google in support of OpenTitan, the first open-source project building transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips that can be used in data storage, compute, and other hardware platforms. To provide background, I’d like to describe Western Digital’s goals and objectives for this project, and share some reflections on the importance of hardware security and our ongoing commitment to open source.
Hardware Security from the Ground Up
Security begins with secure infrastructure and with strong security practices and procedures. For hardware-based security systems, the most basic building block is a physical RoT. This is a hardware component within a computing module that is automatically considered to be trustworthy by the computer’s operating system. The RoT generally serves as the foundational element in a linked chain of trusted elements, in which each element is secured through verification by a prior trusted element in the chain. In this way, a RoT can be used to bootstrap security across a large complex system consisting of many constituent elements.
A Root of Trust (RoT) is a set of functions in a computing module that is always trusted by the computer’s operating system (OS). The RoT serves as a separate compute engine which controls the trusted computing platform cryptographic processor in the computing platform in which it is embedded.
In a typical implementation, the RoT is interposed physically between the boot processor in the system and the non-volatile ROM or flash which contains the initial boot firmware. From this position, the RoT can validate the integrity of the firmware as it is being read by the boot processor before the system is allowed to boot. In addition, a RoT may also provide a path to recovery if latent firmware bugs permit some compromise to occur. The RoT module may come in the form of a separate chip or a design IP embedded in a system on a chip (SoC).
High-Quality Security through Open-Source Implementations
All RoT chips in use today are proprietary. Because implementations are opaque, there is no way for an end-user to independently verify the quality of the RoT chip’s architecture, firmware, or hardware design. This means that the end-user of any such device needs to trust that the designer of the RoT has implemented it correctly, and not introduced any errors.
This is where we get to open source: our view at Western Digital is that the most secure solutions are based on open and inspectable implementations combined with transparent policies and security practices. Specifically, this means that the best security architectures will be those that are, to the greatest extent possible, open to and inspectable by everyone. This is a non-controversial view in security circles, but unfortunately one that is not widely followed in practice. OpenTitan has the potential to disrupt the proprietary development model, and provide an open and inspectable high-quality RoT reference design for the industry at large.
We and our partners in the OpenTitan project believe in the power and transparency of the open-source development model, in which companies, universities and individuals work together in an open development environment towards a common goal. Western Digital has been a strong proponent and promoter of open source, both in the software domain, where we participate and contribute to development of the Linux kernel in areas related to our storage business, and also through our commitment to open-source hardware, including through the RISC-V Foundation.
A High Quality and Flexible Security Platform
We’ve mentioned that one of the guiding principles of OpenTitan is openness and transparency, as reflected in the open development model. Two other important guiding principles are high quality of implementation and use-case flexibility.
In addition to providing greater security, we believe that an open source development model will ensure the highest quality design for the project. We believe that a fully transparent implementation will result in greater scrutiny, more eyes on the project, and more opportunities to discover flaws, improve design and incorporate new ideas.
The OpenTitan architecture is designed with a range of applications and use cases in mind. Our expectation is that the design will be suitable for use across a wide range of platform types, including enterprise, client, mobile, and IoT, as well as a broad range of market segments from general purpose compute to more specialized applications in specific markets. Western Digital is committed to developing the OpenTitan RoT long term; from today’s discrete reference chip through to the derived embedded IP, security models, and integration architectures necessary to incorporate OpenTitan into the heart of our future disk controllers.
Data Security as a Core Design Principle
As the volume and value of data continues to grow, so does the need to keep data safe and secure. As a leading data infrastructure company, we strive to innovate and enhance our products to provide increased privacy and security. We recognize that security must be a core design principle that permeates every aspect of our product design, as well as our internal policies and procedures. We believe OpenTitan can be a key component of our strategy to address this challenge. Our expectation is that OpenTitan will become the model foundational security element for the data infrastructure industry as a whole, and we look forward to being part of that journey with our partners and customers.
Richard New is Vice President of Research at Western Digital, in charge of the Western Digital Research Lab.