scott johnson silicon root of trust for cloud dominic ... · logging trusted implementation 14....
TRANSCRIPT
![Page 1: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/1.jpg)
Scott JohnsonDominic RizzoParthasarathy Ranganathan Jon McCune Richard Ho
Titan: enabling a transparent silicon root of trust for Cloud
1
![Page 2: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/2.jpg)
Talk outline
01Motivation andproblem statement
02System View and Integration
03Chip Architecture
05Building a community:Open Titan?
04Feature Deep Dives
2
![Page 3: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/3.jpg)
01Motivation and architecture
3
![Page 4: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/4.jpg)
The problem:
4
![Page 5: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/5.jpg)
Example 1:How do we know it is our equipment?
5
![Page 6: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/6.jpg)
Solution:Tag and verify every device
6
![Page 7: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/7.jpg)
Example 2:Can we trust our boot chain?
7
![Page 8: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/8.jpg)
Solution:Sign and verify all boot code
8
![Page 9: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/9.jpg)
Conclusion:We need a silicon rootof trust
Cloud
Software infrastructure
Datacenter equipment
Silicon root of trust
9
![Page 10: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/10.jpg)
Every element in the datacenter should be securely identifiable: cryptographic attestation
Cloud security properties
1 2 3 4
Trusted Machine Identity
First Instruction Integrity
Tamper-evident logging
Trusted implementation
10
![Page 11: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/11.jpg)
Cloud security properties
The first code executed should be trusted: cryptographically signed and verified firmware, live monitored for protection
1 2 3 4
Trusted Machine Identity
First Instruction Integrity
Tamper-evident logging
Trusted implementation
11
![Page 12: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/12.jpg)
Cloud security properties
All activities in the datacenter should be monitored and logged in a tamper resistant manner
1 2 3 4
Trusted Machine Identity
First Instruction Integrity
Tamper-evident logging
Trusted implementation
12
![Page 13: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/13.jpg)
Cloud security properties
Own and/or verify every piece of the stack from transistors up to critical firmware
1 2 3 4
Trusted Machine Identity
First Instruction Integrity
Tamper-evident logging
Trusted implementation
13
![Page 14: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/14.jpg)
Chip Requirements
● On-chip verified boot
● Cryptographic identity & secure mfg
● Boot Firmware signature check + monitor
● Silicon physical security
● Transparent development, full-stack
1 2 3 4
Trusted Machine Identity
First Instruction Integrity
Tamper-evident logging
Trusted implementation
14
![Page 15: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/15.jpg)
02System View and Integration
15
![Page 16: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/16.jpg)
Boot FW flash
SPI
Titan system integration
CPU Chipset
Storage and networking subsystem
TITAN
Reset andpower control
Memory subsystem
SPI
PCH / BMC
16
![Page 17: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/17.jpg)
Chipset
PCH / BMC
Storage and networking subsystem
Boot FW flash
SPI
Titan system integration
CPU TITAN
Reset andpower control
Memory subsystem
SPI
17
Requests firstboot instruction
![Page 18: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/18.jpg)
Chipset
PCH / BMC
Boot FW flash
SPI
Titan system integration
CPU TITAN
Reset andpower control
Memory subsystem
SPI
Storage and networking subsystem
Contains (signed) boot code
18
![Page 19: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/19.jpg)
Chipset
PCH / BMC
Storage and networking subsystem
Boot FW flash
SPI
Titan system integration
CPU TITAN
Reset andpower control
Memory subsystem
SPI
Authenticates firmware, releases system reset
19
![Page 20: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/20.jpg)
Chipset
PCH / BMC
Storage and networking subsystem
TITAN Boot FW flash
SPI
Titan system integration
CPU
Reset andpower control
Memory subsystem
SPI
Continuous monitoring for illegal activity
20
![Page 21: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/21.jpg)
Chipset
PCH / BMC
Storage and networking subsystem
Memory subsystem
Boot FW flash
SPI
Titan system integration
CPU TITAN
Reset andpower control
SPI
Available for cryptographic
attestation and logging21
![Page 22: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/22.jpg)
03Chip architecture
22
![Page 23: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/23.jpg)
Whatis Titan?
● Secure low-power microcontroller designed with cloud security as first-class consideration
● Not just a chip, but the supporting system and security architecture + manufacturing flow
23
![Page 24: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/24.jpg)
Implementation transparency
Complete ownership, auditability,build local expertise
Agility & velocity
Technology changes, newrisk vectors arrive
No existing solutions
Vendor-agnosticity, custom features
Whymake our own?
24
![Page 25: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/25.jpg)
Glossary: a quick security chip primer
AES Symmetric (shared-key) crypto algorithm
alert Security critical event
BIST Built in self test
BL Boot loader
CA Certificate authority
device state
Temporal state in life cycle of device (test, production, return for test, end of life)
EC Elliptic curve: modern crypto algorithm
HMAC Hash message authentication code
I2C Two-pin low-speed peripheral interface
key mgr Management of key and secret storage
NMI Non-maskable interrupt
OTP One-time programmable (fuse) memory
PCH Intel Platform Controller Hub
PMU Power Management Unit
RC Resistor/capacitor clock circuit
RSA Circa 1980s crypto algorithm
RTC Real Time Clock
SHA Hashing algorithm
SPI 4+ pin peripheral interface
TRNG True random number generator
25
![Page 26: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/26.jpg)
Titan
Titan specifications
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
UART
SPI mstr/slv
I2C mstr/slv
GPIO
Embedded 32b processor
PMU Testability / MFGabilityDebug ports
8kB ROM
64kB SRAM
512kB Flash
1kb OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
26
Muxable data ports
![Page 27: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/27.jpg)
27
Titan
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
UART
SPI mstr/slv
I2C mstr/slv
GPIO
Embedded 32b processor
PMU Testability / MFGabilityDebug ports
8kB ROM
64kB SRAM
512kB Flash
1kb OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
Muxable data ports
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
32b microcontroller core
Boot ROM
Flash for instr + data
SRAM scratchpad
One-time programmable fuses
Titan specifications
![Page 28: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/28.jpg)
28
Titan
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
UART
SPI mstr/slv
I2C mstr/slv
GPIO
Embedded 32b processor
PMU Testability / MFGabilityDebug ports
8kB ROM
64kB SRAM
512kB Flash
1kb OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
Muxable data ports
Titan specifications
Cryptographic acceleration
Key management + storage
Random number generator
![Page 29: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/29.jpg)
Titan
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
UART
SPI mstr/slv
I2C mstr/slv
GPIO
Embedded 32b processor
PMU Testability / MFGabilityDebug ports
8kB ROM
64kB SRAM
512kB Flash
1kb OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
Titan specifications
Peripheral controllers
Multipurpose IO
Custom Google features
29
Muxable data ports
![Page 30: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/30.jpg)
Titan
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
UART
SPI mstr/slv
I2C mstr/slv
GPIO
Embedded 32b processor
PMU Testability / MFGabilityDebug ports
8kB ROM
64kB SRAM
512kB Flash
1kb OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
Titan specifications
30
Muxable data ports
Physical defenses
Live status checking
Hardware securityalert response
![Page 31: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/31.jpg)
04Feature Deep Dives
31
![Page 32: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/32.jpg)
Verified Boot
32
![Page 33: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/33.jpg)
Verified boot within Titan
APPLICATION
Flash B
APPLICATION
Flash B
BOOT LOADERSI
GN
VER
Flash A
BOOT LOADERSI
GN
VER
SIG
N
VER
SIG
N
VER
Flash A
compare versions+ verify+ jump
compare versions+ verify+ jump
● Each stage verifies the next● Earlier stages do security settings, lock out further access● Permission levels drop at each stage, protecting critical control points● Splitting flash code into banks allows two copies: live-updatable● Code signing taken seriously; multiple key holders, offline logs, playbooks
BISTRESET
HW
BOOT ROM
ROM
test+ jump
33
![Page 34: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/34.jpg)
1. Test logic (LBIST) and ROM (MBIST); if fail ⇒ stay in reset; else jump to ROM2. Compare bootloader (BL) versions A + B; choose most recent3. Verify BL signature; if fail, retry with other BL; if fail, freeze4. Compare firmware application (FW) versions A + B; choose most recent5. Verify FW signature; if fail, retry with other FW; if fail, freeze6. Execute successfully verified FW
Verified boot within Titan
APPLICATION
Flash B
APPLICATION
Flash B
BOOT LOADERSI
GN
VER
Flash A
BOOT LOADERSI
GN
VER
SIG
N
VER
SIG
N
VER
Flash A
compare versions+ verify+ jump
compare versions+ verify+ jump
BISTRESET
HW
BOOT ROM
ROM
test+ jump
1
4
3
6
2
5
34
![Page 35: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/35.jpg)
Trusted identity
35
![Page 36: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/36.jpg)
Trusted chip identity
● Establish trust at manufacturing
● Each tested device uniquely identified (personalized)
○ Assigned a serial number, unique but not secret
○ Self-generates a cryptographically strong Identity Key
● Identity registered in off-site secure database
● Parts shipped, put onto datacenter devices for production
● Parts available for “attestation”, proof that they are ours
ATTESTINSTALLSHIPREGISTERPERSONALIZETEST
MANUFACTURING PRODUCTION
36
![Page 37: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/37.jpg)
key manager
Key manager creates chip identity key
HASH
processor cmd
export
key storage
Partial secrets from a variety of silicon
technologies
● Dedicated hardware execution
● Processor walks FSM commands
● Keys inaccessible to processor
● Identity = crypto_hash of partial secrets
○ Each comes from a different silicon technology
○ Requires attackers to defeat each
● Export enabled if FSM complete
● Export disabled after manufacture
37
![Page 38: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/38.jpg)
Trusted identity (registration)
Secure channel
Remote registry
● Personalization firmware loaded
● Chip creates identity message
● Identity exported to registry via secure channel
● Identities signed by offline certificate authority
● Certificate available for installation
● Identity available for later query
Offline certificate authority
Tester
Identity message
Device
perso FW
Air gap
38
![Page 39: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/39.jpg)
Life cycle tracking using OTP Fuses
● After manufacturing, must continue to guarantee authenticity
● Define six stages, and what is enabled in each stage
Raw: no features enabled, deters wafer theft
Test: enable test features only, no production features
Development: enable production-level features for lab bringup
Production: final production features, no testability, unique keys
RMA (return for test): re-enable testability, no more production
RIP: after RMA or mfg failure, permanently disable device
● Burnable fuses track life cycle from manufacturing to production
● Each stage transition a one-way street
39
![Page 40: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/40.jpg)
Life cycle tracking using OTP FusesBurn fuse
RAW MFG Test PRODDEV RMA RIP
40
![Page 41: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/41.jpg)
First instruction integrity
41
![Page 42: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/42.jpg)
SPI
First instruction integrity
● Titan interposes on SPI, between host and system firmware Flash
● At system reset, does signature check of FW
○ Signature OK ⇒ enables system
○ Signature fail ⇒ alerts of failure
● Live monitoring
○ Snoops SPI for illegal activity
○ Unauthorized actions convertedto harmless commands
Device (PCH/BMC) TitanSPI
Flash
Reset control
42
![Page 43: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/43.jpg)
SPI interposition
The challenges of SPI interposition
● Vendor agnostic requires flexibility
● SPI does not have flow control
● Passthrough latency must be minimized
● Chip & board timing a challenge
● Can affect boot latencyOutgoing SPI bus to flash
Incoming SPI bus from host
Snoop / control logic
Safecommand
43
![Page 44: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/44.jpg)
Physical and tamper-resistant security
44
![Page 45: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/45.jpg)
Physical security & countermeasures
Anti-glitch / anti-tamper mechanisms
● Attack detection (glitch, laser, thermal, voltage)
● Fuse, key storage, clock, and memory integrity checks
● Memory and bus scrambling and protection
● Register — and memory-range address protection and locking
● TRNG entropy monitoring
● Boot-time and live-status checks
45
![Page 46: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/46.jpg)
Alert responder
Alert send
Alert send
Alert send
Alert send
Alert send
Alert send
Alert send
Alert send
Interrupt
NMI
Freeze
Reset
Glitch
Voltage
Light
Temperature
Keymgr integrity
TRNG integrity
Clk integrity
Bus parity
Online checksPhysical defenses
Physical security & countermeasures
46
![Page 47: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/47.jpg)
05Open Titan
47
![Page 48: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/48.jpg)
Moving from Titan to Open Titan
Thesis
The functional security mechanisms, provenance and digital implementation are commodities and thus good candidates for open sourcing
Evidence
Credible open ISAs, our RTL repositories, standard crypto primitives
Outcome
An open, transparent implementation of a secure cloud root of trust
48
![Page 49: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/49.jpg)
What would Open Titan look like?
Open
Titan
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
SPI mstr/slv
UART rx/tx
I2C mstr/slv
GPIO
Secure RISC - V32b core
PMU Testability / MFGabilityDebug ports
ROM
SRAM
Flash
OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
USB ports
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
DMA
SPI ports
Muxable data ports
Open source IP
Proprietary foundry IP
analog IP / digital wrap
49
![Page 50: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/50.jpg)
Open
Titan
What would Open Titan look like?
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
SPI mstr/slv
UART rx/tx
I2C mstr/slv
GPIO
Secure RISC - V32b core
PMU Testability / MFGabilityDebug ports
ROM
SRAM
Flash
OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
USB ports
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
DMA
SPI ports
Muxable data ports
Open source IP
Proprietary foundry IP
analog IP / digital wrap
Open sourcedigital IP
Analog wrappers
50
![Page 51: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/51.jpg)
What would Open Titan look like?
EC/RSA crypto
AES/SHA/HMAC
Key manager
TRNG
timers
USB 1.1
SPI mstr/slv
UART rx/tx
I2C mstr/slv
GPIO
Secure RISC - V32b core
PMU Testability / MFGabilityDebug ports
ROM
SRAM
Flash
OTP (Fuse)
jitter RC
Shield Temp sense
Test ports
timer RC Low speed RC
USB ports
Muxable data portsDefenses
Peripherals
Volt sense Device state Alert resp
Memory
DMA
SPI ports
Muxable data ports
Open source IP
Proprietary foundry IP
analog IP / digital wrap
Open
TitanRequired vendor
collateral:
STDCELL, memories, pads, etc.
51
![Page 52: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/52.jpg)
Silicon Transparency WorkingGroup
52
![Page 53: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/53.jpg)
Questions
For additional informationhttps://cloudplatform.googleblog.com/2017/08/Titan-in-depth-security-in-plaintext.html
53
![Page 54: Scott Johnson silicon root of trust for Cloud Dominic ... · logging Trusted implementation 14. System View 02 and Integration 15. Boot FW flash SPI Titan system integration ... for](https://reader034.vdocuments.us/reader034/viewer/2022042201/5ea1b1f691aad54e100831ef/html5/thumbnails/54.jpg)
54
That’s a wrap
54