AMD, Google, Microsoft & NVIDIA Announce "Caliptra" Open-Source Root of Trust
AMD, Google, Microsoft, and NVIDIA have used this week's OCP Global Summit to announce Caliptra as their open specification for a silicon Root-of-Trust (ROT) to be found with future CPUs / SoCs, GPUs, NICs, SSDs, and other hardware components.
Caliptra is the multi-vendor effort being announced today to provide a silicon root-of-trust for various components. The open-specification provides a reusable, silicon-level IP block for integration in SoCs and other ASICs. Caliptra is fully open-source down to the RTL being made public along with the firmware.
Caliptra can provide verifiable cryptographic assurances of the SoC security configuration and ensuring the boot code is trusted. Caliptra is designed to be fully integrated into the SoC/ASIC to provide integrated security compared to separate Root-of-Trust solutions today. Caliptra is designed around the needs of modern edge and confidential computing scenarios. While both NVIDIA and AMD are backing Caliptra, notably absent from today's announcement is Intel.
Interestingly the reference implementation of caliptra makes use of a RISC-V core.
As for the silicon Root-of-Trust goals with caliptra, per the new specification its stated goals are:
The scope of a Caliptra Silicon RoT is deliberately minimalistic in nature to drive agility of specification definition, to maximize applicability, and to drive industry alignment, consistency and faster adoption of foundational device security primitives. A well and narrowly defined specification maximizes architectural composability, reusability across CSPs, products and vendors, and feasibility of open sourcing.
Enhancements, advanced use cases & applications are outside the scope of this specification and may be developed in the form of a roadmap for the Silicon RoT and community engagement.
Caliptra defines a design standard for a Silicon internal RoT baseline. The standard satisfies a Root of Trust for Measurement (RTM) role. The open-source implementation of Caliptra drives transparency into the RTM and measurement mechanism that anchors hardware attestation. The Caliptra Silicon RoT must boot the SoC, measure the mutable code it loads, and measure and control mutation of non-volatile configuration bits in the SoC. The Caliptra Silicon RoT reports these measurements with signed attestations rooted in unique per-asset cryptographic entropy. As such, the Caliptra Silicon RoT serves as a Root of Trust for Identity for the SoC.
Caliptra's specification is fully open and can already be found on OpenCompute.org. Those are the brief details shared in advance about Caliptra while more technical information will be presented at this week's Open Compute Project (OCP) event.
If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal or Stripe tips are also graciously accepted. Thanks for your support.