AMD, Google, Microsoft & NVIDIA Announce "Caliptra" Open-Source Root of Trust

Written by Michael Larabel in Software on 18 October 2022 at 12:00 PM EDT. Page 1 of 1. 45 Comments.

AMD, Google, Microsoft, and NVIDIA have used this week's OCP Global Summit to announce Caliptra as their open specification for a silicon Root-of-Trust (ROT) to be found with future CPUs / SoCs, GPUs, NICs, SSDs, and other hardware components.

Caliptra is the multi-vendor effort being announced today to provide a silicon root-of-trust for various components. The open-specification provides a reusable, silicon-level IP block for integration in SoCs and other ASICs. Caliptra is fully open-source down to the RTL being made public along with the firmware.

Caliptra can provide verifiable cryptographic assurances of the SoC security configuration and ensuring the boot code is trusted. Caliptra is designed to be fully integrated into the SoC/ASIC to provide integrated security compared to separate Root-of-Trust solutions today. Caliptra is designed around the needs of modern edge and confidential computing scenarios. While both NVIDIA and AMD are backing Caliptra, notably absent from today's announcement is Intel.

Interestingly the reference implementation of caliptra makes use of a RISC-V core.

As for the silicon Root-of-Trust goals with caliptra, per the new specification its stated goals are:

The scope of a Caliptra Silicon RoT is deliberately minimalistic in nature to drive agility of specification definition, to maximize applicability, and to drive industry alignment, consistency and faster adoption of foundational device security primitives. A well and narrowly defined specification maximizes architectural composability, reusability across CSPs, products and vendors, and feasibility of open sourcing.

Enhancements, advanced use cases & applications are outside the scope of this specification and may be developed in the form of a roadmap for the Silicon RoT and community engagement.

Caliptra defines a design standard for a Silicon internal RoT baseline. The standard satisfies a Root of Trust for Measurement (RTM) role. The open-source implementation of Caliptra drives transparency into the RTM and measurement mechanism that anchors hardware attestation. The Caliptra Silicon RoT must boot the SoC, measure the mutable code it loads, and measure and control mutation of non-volatile configuration bits in the SoC. The Caliptra Silicon RoT reports these measurements with signed attestations rooted in unique per-asset cryptographic entropy. As such, the Caliptra Silicon RoT serves as a Root of Trust for Identity for the SoC.

Caliptra's specification is fully open and can already be found on OpenCompute.org. Those are the brief details shared in advance about Caliptra while more technical information will be presented at this week's Open Compute Project (OCP) event.

If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal or Stripe tips are also graciously accepted. Thanks for your support.


Related Articles
Linux 6.9 Drives AMD 4th Gen EPYC Performance Even Higher For Some Workloads
Intel Core Ultra "Meteor Lake" Yields Faster Performance With Linux 6.9
Google Cloud's C3D Instances Provide Strong Performance Value For PingCAP's TiDB
Linux 6.9 Features: DM VDO, AMD Preferred Core, Intel FRED & Larger Console Fonts
LLVM Clang Shows Off Great Performance Advantage On NVIDIA GH200's Neoverse-V2 Cores
The Performance Impact Of Intel's Register File Data Sampling "RFDS" Mitigation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.