Google announces OpenTitan: Open source silicon root of trust

OpenTitan logo

Google: Mitigating risk in the hardware supply chain

Google has a new blog post talking about supply-chain security and their Titan chip.

[…]One area where we’ve put a lot of thought, and which we continue to focus on, is the security of our hardware supply chain. Today, I’d like to go into a few of the things we do specifically in this area.[…]



Google Titan trust paper available

A Vendor-Agnostic Root of Trust for Measurement
Jon McCune, Rick Altherr
We report the success of a project that Google performed as a proof-of-concept for increasing confidence in first-instruction integrity across a variety of server and peripheral environments. We begin by motivating the problem of first-instruction integrity and share the lessons learned from our proof-of-concept implementation. Our goal in sharing this information is to increase industry support and engagement for similar designs. Notable features include a vendor-agnostic capability to interpose on the SPI peripheral bus (from which bootstrap firmware is loaded upon power-on in a wide variety of devices today) without negatively impacting the efficacy of any existing vendor- or device-specific integrity mechanisms, thereby providing additional defense-in-depth.

Click to access 46352.pdf

Yuriy of Eclypsium has a few comments on the doc, click on below tweet for thread:


more on Google Titan

Earlier I pointed out some Google Titan info but didn’t have much info on it:

(nobody left a comment, but a few people commented on it on Twitter.)

In the last few days, there’s more info available now:



probably unrelated?: