OpenTitan Integrated：面向大型SoC的RISC-V开源硅信任根.pdf

1、1OpenTitan IntegratedA RISC-V Open-Source Silicon Root-of-Trust for large SoCsRobert SWhat is OpenTitan Integrated?2From a discrete chipOpen Source Silicon Root of Trust(RoT)Fully Open Design:RTL,DV,firmware,and documentation under a permissive license:https:/opentitan.orgTrustworthy&Verifiable Secu

2、rity:Enhancing hardware security through an open and auditable foundationFocus on Quality&Flexibility:Emphasizes rigorous verification and adaptable design for diverse integrationsWhat is OpenTitan Integrated?3From a discrete chipIP contributed by Rivos to a an integrated RoTControlled Communication

3、 InterfaceRoT and SoC communication need proper isolationPrinciple of Least PrivilegeSoC should not have unfettered access into RoTRoT should not have unfettered access into SoCSoC may have different memory space partitionsOpenTitan controlled SoC controlled4SoC to OpenTitan-MailboxSoC has no direct

4、 access into OpenTitan spaceAll transactions managed through a mailboxExternal host deposits transactions,OpenTitan software readsOpenTitan software deposits transactions,external host readsMany applicationsDebug authorization requestSecurity services request5OpenTitan to SoC-DMADMA has limited acce

5、ss to OpenTitan private memoryOnly operates on a isolated memory rangeSupport for inline hashing operationCompute SHA-2 digest while transferring dataMany applicationsCode loading and verificationData transfer to low-speed IOs6Access Control Range CheckNew IPConfigurable number of rangesTOR matching

6、 logic with static prioritizationPermission checks for R/W/X and RACLUsed at the boundary of RoTAlso comes with block-level DV7Debug and DFT GovernanceOpenTitan maintains life cycle schemeLocal debug and test gated directly by the life cycleOpenTitan authorizes SoC debug and testSoC can either rely