Open Compute Project Unveils Caliptra, a Silicon Root-of-Trust
Ubiquitous hardware security, whether a secure enclave or a fully trustable boot sequence, has long been a security goal. With the announcement of the Caliptra 0.5 specification today, the Open Compute Project Foundation (OCP) hopes to bring that vision closer to reality.
The OCP Foundation is an industry collective that aims to bring open source and open collaboration to hardware systems. The goal of the OPC Foundation, initiated by Facebook in 2011, is to apply the benefits of open source and open collaboration to hardware. The foundation said that the efforts of the OCP Security Working Group are making progress toward establishing the platform and peripheral security architecture recommendations necessary to attain consistency in hardware platform security.
The Need for Trusted Hardware Environments
With Caliptra, the OCP said, it hopes to eventually enhance cloud security by not only integrating trust into every chip but bringing uniformity. “Traditional RoT (root of trust) architectures have offered a multitude of intrinsic security services and hosted security applications on a trusted execution environment (TEE) that consist of (but are not limited to) hardware capabilities (cryptographic and microprocessor), ROM, firmware and API infrastructure. These solutions have been instantiated in discrete or integrated forms in various platform and component architectures,” the OCP wrote in its specification publication Caliptra: A Datacenter System on a Chip (SOC) Root of Trust (RoT).
Historically these RoT systems have been either proprietary or aligned to specific parts of an industry standard body, consortium or association specification. With Caliptra, the OCP hopes to bring uniformity across hardware providers. “Establishing a consistent root of trust on very different hardware configurations while maintaining configuration and deployment flexibility is challenging. There is no uniform configuration across cloud service providers. Example: A system with host processors has very different firmware security measures compared to systems without head nodes or host processors,” the group stated.
“What the market has come to believe is, ultimately, if we’re going to have a trusted environment, we need to embed the capability into the silicon itself,” said Clifford Grossner, VP of market intelligence and innovation at the OCP, during a briefing with media.
Caliptra: A Design Standard for Silicon Trust
To get there, the OCP is launching Caliptra, an open specification for a silicon root of trust (RoT) The Caliptra specification defines a reusable drop-in silicon block for a root-of-trust management that can be integrated into various application-specific integrating circuit hardware (ASICs), system-on-a-chip (SOC), central and graphic processors, hard drives, network cards and eventually more. Through verifiable cryptographic assurances, Caliptra will attest that the hardware’s security configuration is correct and provide a way within the SoC to maintain that the boot code is trustworthy. “That starts with the first instruction executed,” said Grossner.
The OCP contends that Caliptra defines a design standard for a silicon internal RoT baseline. The standard satisfies the ability to provide a RoT for measurement capability and the open source implementation of Caliptra drives transparency into the processes that provide trustable hardware attestation. The Caliptra Silicon RoT must boot the SoC, measure the mutable code it loads, and measure and control the mutation of non-volatile configuration bits in the SoC. The Caliptra Silicon RoT then reports these measurements with signed attestations rooted in unique per-asset cryptographic entropy. As such, the Caliptra silicon RoT serves as a root-of-trust for the identity of the SoC.
“This is really remarkable,” said Mark Papermaster, CTO and EVP of technology and engineering at AMD, during a news pre-briefing with select media. “The set of companies that have come together and launched this is truly remarkable. We were on a path to have a number of bifurcated solutions here, and that’s just not good for anyone,” Papermaster added.
The Goals for Caliptra Version 1.0
The OCP Caliptra specification document explained that the Caliptra Silicon RoT is intentionally minimalistic. The specification can remain agile, maximize its use case applicability and drive industry alignment, consistency and faster adoption. “A well- and narrowly-defined specification maximizes architectural composability and reusability across cloud service providers, products and vendors and feasibility of open sourcing,” the OCP wrote.
According to the OCP, the goals for Caliptra 1.0 include defining and designing the standard silicon internal RoT baseline. That would consist of its functional specification, the root of trust measurement, root of trust identity capabilities and control over SoC non-volatile state, including per asset entropy, reference APIs, attestation APIs, internal SoC services and reference implementation. Additionally, the Open Source Reference (including register-transfer level and firmware reference code) for implementation consistency and to leverage open source.
The OCP also hopes the Caliptra specification will accelerate adoption. For instance, future products can leverage existing designs and avoid starting the design process from scratch for greater transparency and to avoid fragmentation in vendor implementation. Finally, firmware and register-transfer level logical design is open and managed by the OCP.
The specification is also designed to provide consistency across the industry in the internal RoT (iRoT)architecture and implementation, including Device Identifier Composition Engine (DICE) identity, measurement and recovery. The silicon RoT scope includes all data center-focused server class devices, such as SoC, ASICs, CPUs/GPUs and network cards.
The Caliptra specification doesn’t tackle foundry IP integration, physical design countermeasures, analog IPs or post-manufacture test and initialization certification.
It’s really about open source root-of-trust for creating trustable devices, said Grossner. “And to provide a set of security primitives that form a foundation for building more advanced security features within the entire system in a transparent and consistent solution. Going forward, we’re going to continue to meet the market and shape the future,” added Grossner.
