OpenTitan: Pioneering Transparent, Open-Source Silicon Roots of Trust for Safer Systems

As device connectivity expands, the risk of cyber attacks grows. At the core of secure hardware lies the root of trust (RoT). Although many manufacturers embed RoT in silicon, proprietary designs often lack transparency, forcing designers to place blind faith in unseen components.

Enter OpenTitan—a coalition committed to making trusted security available right at the silicon level through unprecedented openness and accessibility.

The initiative unites leaders such as ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital, and is steered by the independent, non‑profit lowRISC CIC (Cambridge, U.K.). Leveraging an evolution of Google’s Titan chip and ETH’s RISC‑V core, the project aims to deliver a more open, transparent, and high‑quality RoT that will underpin trust in critical systems.

OpenTitan promises a radical degree of transparency—everything, down to the foundry boundary, is open. Engineers from partner companies are openly crafting the logical design of a silicon RoT, including the lowRISC Ibex RISC‑V processor, cryptographic coprocessors, a hardware random‑number generator, a sophisticated key hierarchy, volatile and non‑volatile memory interfaces, defensive mechanisms, I/O peripherals, and secure‑boot logic. The result will be a high‑quality RoT design and integration guidelines suitable for data‑center servers, storage arrays, peripherals, and more.

Open‑sourcing the silicon design enhances transparency, trust, and ultimately security. A silicon RoT guarantees that the hardware stack and its software remain in a verified, trustworthy state by authenticating boot firmware, preventing low‑level malware, and providing a cryptographically unique machine identity. It also protects encryption keys from tampering—even during shipment—and delivers tamper‑evident audit trails and runtime security services.

“System integrity must be anchored in silicon,” declared Dominic Rizzo, Google Cloud’s OpenTitan lead, at the project’s launch. “We built our own proprietary Titan RoT for Google’s data centers, learning that transparent integration and instruction integrity are essential. OpenTitan makes that same level of trust openly available and flexible, eliminating the need for blind faith.”

Why open source?

OpenTitan founding partners (Image: OpenTitan)

In most designs, the RoT sits physically between the boot processor and the non‑volatile ROM or flash that holds the initial firmware. The RoT validates firmware integrity before the processor can commence boot, and can provide a recovery path if latent firmware bugs arise. The RoT module is typically a separate chip or an IP block embedded in a SoC.

Silicon RoTs find application in server motherboards, network cards, client devices like laptops and phones, consumer routers, and IoT devices. Google has relied on its custom Titan RoT to guarantee that its data‑center machines boot only from verified code.

Google emphasized the need to “anchor trust in silicon” and stated, “Together with our partners, we aim to share the benefits of reliable RoT chips across the industry by making them open source.”

Richard New, Western Digital’s VP of research and development, noted that all RoT chips in circulation today are proprietary. “Because implementations are opaque, end users cannot independently verify the quality of the RoT’s architecture, firmware, or hardware design,” he said. “Users must trust the designer has implemented it correctly and without errors.”

OpenTitan argues that an open‑source silicon RoT offers the same trust‑building advantages as open‑source software: transparent design, early issue detection, and reduced blind trust. Community contributions drive innovation, while a common reference design provides implementation choice and preserves interface consistency.

OpenTitan expects to deliver a radical level of transparency, opening virtually everything, right up to the “foundry boundary.” (Image: OpenTitan)

OpenTitan’s strategy rests on three pillars: transparency, quality, and flexibility. Anyone can inspect, evaluate, and contribute to the design and documentation, ensuring a transparent, trustworthy silicon RoT. The group is delivering a high‑quality, logically secure design, complete with reference firmware, verification collateral, and comprehensive documentation. Flexibility allows adopters to lower costs and reach broader markets by integrating a vendor‑agnostic RoT into servers, storage, peripherals, and other devices.

At the press conference, Gavin Ferris, lowRISC co‑founder and board member, said, “We’re roughly 40‑50 % complete on the reference design.”

New added, “OpenTitan will play a major role in our strategy. Western Digital has long championed open source—think Linux and RISC‑V—and believes the most secure solutions arise from open, inspectable implementations coupled with transparent policies. OpenTitan has the potential to disrupt the proprietary model and offer the industry a high‑quality, open reference RoT.”

Industry reaction

John Moor, managing director of the IoT Security Foundation, told EE Times Europe that a RoT is essential for IoT security. “Cost is a major barrier, so an open‑source RoT would help,” he said, adding that scrutiny and Google’s backing lend credibility.

Andy Hopper, lowRISC chairman and former founder of the company that became Arm, remarked, “The silicon root of trust is too critical to be proprietary. OpenTitan exemplifies how open‑source development spurs innovation and delivers truly trustworthy silicon. In a post‑Moore’s‑Law world, collaboration and transparency are the path forward.”

Haydn Povey, CEO of Secure Thingz and former security lead at Arm, emphasized the need to raise awareness of RoTs—whether open or proprietary. “Security will never be perfect, but fostering open discussion prevents gaps. When done right, open source can be even more secure,” he said.

Povey highlighted that security is the next computing frontier—from edge to enterprise—and that OpenTitan represents a significant stride toward open‑source system security.