Verifying the security of an open-source hardware root of trust

By Jason Oberg and Dominic Rizzo

OpenTitan is a powerful open-source silicon root-of-trust project, built from the ground up as a transparent, reliable, and secure implementation for enterprises, platform vendors, and chipmakers. It includes many hardware security features ranging from secure boot and remote attestation to secure storage of private user data. The open-source development model enables OpenTitan to serve as a vehicle for innovation in academia, as well as an effective commercial platform.

Cycuity provides software products that help detect and prevent unexpected design weaknesses throughout the semiconductor design process. The Radix product line enables rigorous hardware security assurance for all types of silicon devices, helping companies that build or rely on semiconductors achieve security approval in a more systematic and predictable way. OpenTitan’s freely available, permissively licensed, and security-focused design provided an ideal opportunity to demonstrate Cycuity’s technology, while providing greater OpenTitan design assurance in the process.

Since the open source hardware roots of trusts are a new technology – OpenTitan being the first – it is important to transparently create trust in their accuracy. Due to its open availability, Cycuity was able to use the OpenTitan design to demonstrate the effectiveness of using security verification to show the reliability of open source hardware. Working with Professor Ryan Kastner and his lab at UC San Diego, we successfully applied Cycuity’s Radix technology to OpenTitan’s OTP controller, validating some challenging security requirements.

Importance of security check

OpenTitan’s rich suite of security features allows it to be a reliable root of trust for systems that adopt it. Basically, this means that these secure features should be fine to the max. Systematically specifying security requirements and then creating a security verification plan for those requirements achieves the highest levels of assurance for a design.

Security verification is often challenging due to the difficulty of easily mapping security requirements into concise verification rules and being able to execute those rules in existing design verification environments. Additionally, security requirements are often vague or poorly specified, making it difficult to specify compact verification instructions.

Cycuity’s Radix products use information flow, an innovative technology that makes it very efficient to create concise requirements-based security rules and easily identify any violation of security requirements from unknown or unexpected weaknesses in the design. Radix’s security analysis capabilities also make it very effective in helping to refine security requirements if they are not clearly defined.

Example: Security Requirements for OpenTitan OTP Controller

Radix establishes security requirements based on design assets. To do this effectively, several components of the security requirement must be identified, including:

  • Assets: Resources in the design that must be protected from an adversary
  • Security objectives: Confidentiality, integrity or availability of assets
  • Protections and Protection limits for design assets under the security objective

Using this framework creates succinct and verifiable security requirements that can be easily executed in Radix software.

Many OpenTitan assets require protection from an adversary to ensure their secure operation. An example is a random netlist key stored in OpenTitan’s One Time Programmable (OTP) memory controller which is used to scramble users’ keys to protect them against physical attacks, such as those from injection. faults. Using the approach described above, we have created a concise security requirement for this random netlist key asset below:

“RndCnstKey should not be read on OTP outputs”

From this security requirement, we were able to identify the asset as the RndCnstKeythe security goal as Confidentiality and the protection boundary as OTP outputs. With this information, we were able to easily create a Radix security rule and run it in Radix to analyze any security breaches.

Analysis of security breaches

Security analysis is an essential part of the security verification process. This is crucial to ensure security requirements are specified concisely, as well as to help identify unknown design weaknesses. Using Radix’s security analysis capabilities, we were able to validate that the random constant key never arrives at the output of the OTP controller in an unobstructed form, which is a good thing.

When applying Radix to the OTP controller, we also identified intermediate values ​​of the random constant key appearing on the jammer output. This is interesting and surprising, but was determined to be low risk since intermediate values ​​are protected at the OTP output boundary. Even so, this information allowed OpenTitan to come up with a patch mitigating this leak out of caution against potential future threats.

This systematic analysis allowed us to provide strong assurance that an adversary is unlikely to retrieve the constant random key and subvert the mitigations within the OTP controller, as the only way for them to access key information from the outside is when the key is in a scrambled form. . We will continue to work on several other design assets and security requirements to verify other important security features within OpenTitan as well. We will also share security requirements and results with the community to help advance OpenTitan’s secure development lifecycle.


OpenTitan is a powerful silicon root-of-trust design with comprehensive security features needed to build secure hardware-rooted systems. Along with other best practices, defining concise security requirements and performing a systematic security check helps ensure that these features are securely integrated and configured throughout the design lifecycle.

Thanks to Radix’s unique security analysis capabilities, we were able to identify improvements to the design of certain OpenTitan blocks that conventional functional verification techniques can sometimes miss. This has and will continue to increase the security assurance that OpenTitan provides in an open and transparent manner.

Dominic Rizzo is Technical Lead and OpenTitan Project Manager at Google.

Jason Oberg

Jason Oberg

(All posts)

Jason Oberg is the CTO and co-founder of Tortuga Logic. His work has been cited over 700 times and he holds six issued and pending patents. He earned his BS in Computer Engineering from UC Santa Barbara and an MS and Ph.D. in computer science from UC San Diego.