With hackers deploying sophisticated attacks against operating systems, processors, and even firmware, manufacturers have increasingly turned to a tamper-resistant processor—or part of one—often called a "secure enclave" to stymie all sorts of attacks. They place in that immutable chip the "root of trust" on a device, relying on it to run cryptographic checks every time the system starts to make sure nothing has been subtly, maliciously altered. If something is wrong, the secure enclave stops the machine from booting up. Which leads to a nagging question: How can you always be sure that you can trust the secure enclave itself?
It's not a hypothetical. While secure root of trust schemes offer real security improvements in many ways, researchers have repeatedly shown that it can be possible to undermine those chips. Which is why Google and a consortium of companies, nonprofits, and academic institutions have all signed on to an initiative meant to improve the transparency—and ultimately the security—of secure enclaves. Known as “Open Titan,” the project aims to lift the fog of proprietary machine code and clandestine manufacturing that makes any processor difficult to fully trust. It's managed and directed by the open source hardware nonprofit lowRISC CIC.
“This is not just bits of intellectual property floating around, but actually a real design and a real engineering organization that’s not for profit,” says Gavin Ferris, cofounder and director of lowRISC. “We believe that transparency and security go hand in hand, everything aligns with doing an open source root of trust ..
Support the originator by clicking the read the rest link below.
