OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.
This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or "monorepo", where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.
The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.
Have a look at CONTRIBUTING and our documentation on project organization and processes for guidelines on how to contribute code to this repository.
Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).
The repository contains a systemverilog top module which wraps the top_earlgrey architecture (revisioned with out extensions). They are found under hw/top_earlgrey/top. The top module is secure_subsystem_asynch_synth_wrap_astral.sv, while under hw/tb/ a testbench can be found for stand-alone simulations.
The architecture we modified differs with respect to the original one in terms of:
- The OTP memory have been replaced with a ROM, which implements this OTP image, in TEST_UNLOCKED0 lifecycle state.
- The embedded Flash memory have been replaced with a SRAM which must be preloaded before the secure boot (or during the secure boot if via JTAG).
- The analog sensor top have been forfeited: no tampering detection (but simplier architecture).
- Introduced two bootmodes, affecting ROM code execution: 1)Debug: core waits for debug requests 2)Secure: ROM start executing secure boot and preloading the emulated flash).
- Top module includes a PULP cluster for security policies based on ML algorithms.
- Defined scripts and Makefiles to allow for stand alone simulation.
- Defined scripts to manipulate the output VMEMs from bazel (for flash VIP, bootrom generation, otp generation).
Run the following command to inizialize the repo:
make init
To be able to run bazel, you must install the python requirements under python_requirements.txt and apt requirements as well. To compile with makefile, you just need the RISV toolchain.
Two different methods are supported, depending on whether APIs from OpenTitan are needed:
-
- Makefile (no APIs)
-
- Bazel
All the tests used in this repo are found under sw/tests/. The targets are different SoC architectures. Under each target, the following nomenclature is used:
- sram_ or flash_ are generated with bazel: they use a BUILD file to import the various deps and unses the main Makefile of the root dir.
- titanssl_ tests are related to crypto accelrators and must be compiled with bazel framework (only SRAM version is available).
- flash_preload_ are tests which are compiled with Makefile, but imports bazel-generated (after pre-processing) images as C headers (they include crypto signature for being secure booted).
- the others can be compiled with Makefile under each test dir (are compiled for SRAM).
The tests which are supposed to be ran in FLASH, must be generated with bazel and must be converted in C header to be preloaded, in case we run the secure boot via JTAG, by the Ibex core using the alternative datapath for preload (which is driven via SW). For each test generated for flash, it is needed a flash_prelaod_ binary which essentialy moves the C header into the emulated flash exploiting the alternative datapath. In case the secure boot is emulated with an external flash VIP, pythons scripts convert the VMEM from bazel into a suitable format for the specific VIP we use.
To compile with bazel, run:
make compile-bazel-sram test_name=<dir-name-under-target-dir> target=<target-arch>
Example:
make compile-bazel-sram test_name=sram_hello_world target=opentitan
By default it will compile for "opentitan" target.
To compile for flash instead run:
make flash-all test_name=<dir-name-under-target-dir target=<target-arch>
Example:
make flash-all test_name=flash_alsaqr_boot target=alsaqr
To recompile the bootrom, run:
make compile-bazel-rom
To compile the tests which do not need bazel, move under the test directory and run:
make clean all
Under scripts/, there are scripts for:
- Generating the OTP ROM starting from an image.
- Generating the bootrom starting from bazel outputs (both .sv and .coe).
- Recasting the VMEMs for different formats/targets.
To run simulation, you can run the following command providing the biniary to SRAM variable:
make clean sim SRAM=path-to-binary
One can also use the flash images running the secure boot as follows:
make secure_boot_jtag SRAM=path-to-<flash_preload>-binary
or
make secure_boot_spi
The SPI secure boot will preload external flash with this default test.
If you use this version of OpenTitan in your work or research, you can cite us:
@article{10.1145/3690823,
author = {Ciani, Maicol and Parisi, Emanuele and Musa, Alberto and Barchi, Francesco and Bartolini, Andrea and Kulmala, Ari and Psiakis, Rafail and Garofalo, Angelo and Acquaviva, Andrea and Davide, Rossi},
title = {Unleashing OpenTitan's Potential: a Silicon-Ready Embedded Secure Element for Root of Trust and Cryptographic Offloading},
year = {2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
issn = {1539-9087},
url = {https://doi.org/10.1145/3690823},
doi = {10.1145/3690823},
abstract = {The rapid advancement and exploration of open-hardware RISC-V platforms are catalyzing substantial changes across critical sectors, including autonomous vehicles, smart-city infrastructure, and medical devices. Within this technological evolution, OpenTitan emerges as a groundbreaking open-source RISC-V design, renowned for its comprehensive security toolkit and role as a standalone system-on-chip (SoC). OpenTitan encompasses different SoC implementations such as Earl Grey, fully implemented and silicon proven, and Darjeeling, announced but not yet fully implemented. The former targets a stand-alone system-on-chip implementation, the latter oriented towards an integrable implementation. Therefore, the literature currently lacks of a silicon-ready embedded implementation of an open-source Root of Trust, despite the effort put by lowRISC on the Darjeeling implementation of OpenTitan. We address the limitations of existing implementations, focusing on optimizing data transfer latency between memory and cryptographic accelerators to prevent under-utilization and ensure efficient task acceleration. Our contributions include a comprehensive methodology for integrating custom extensions and IPs into the Earl Grey architecture, architectural enhancements for system-level integration, support for varied boot modes, and improved data movement across the platform. These advancements facilitate the deployment of OpenTitan in broader SoCs, even in scenarios lacking specific technology-dependent IPs, providing a deployment-ready research vehicle for the community. We integrated the extended Earl Grey architecture into a reference architecture in 22nm FDX technology node, and then we benchmarked the enhanced architecture�s performance analyzing the latency introduced by the external memory hierarchic levels, presenting significant improvements in cryptographic processing speed, achieving up to 2.7x speedup for SHA-256/HMAC and 1.6x for AES accelerators, compared to baseline Earl Grey architecture.},
note = {Just Accepted},
journal = {ACM Trans. Embed. Comput. Syst.},
month = sep,
keywords = {RISC-V, OpenTitan, Embedded System Security, Secure System-on-Chips}
}