6.5.12Advanced & Emerging Architectures

Open hardware ecosystem (OpenRISC, OpenTitan)

2,222 words10 min readdifficulty · medium

WHAT is "open hardware"?

Three things can each be "open", and people confuse them:

Layer What it is Open example
ISA (Instruction Set Architecture) the contract between SW and HW RISC-V, OpenRISC ORBIS
Microarchitecture / RTL the actual gate-level implementation mor1kx, Ibex
Toolchain compiler, simulator, EDA flow GCC port, Verilator, OpenROAD

WHY does open hardware matter? (the 80/20 core)

The four big WHYs:

  1. Auditability — anyone can look for backdoors/bugs (crucial for a Root of Trust).
  2. No vendor lock-in / no per-unit royalties — the RTL is free to reuse.
  3. Longevity — the design outlives any single company.
  4. Community fixes — bugs get found and patched by many eyes (Linus's Law for hardware).

OpenRISC — the early open CPU


OpenTitan — the open Root of Trust

Figure — Open hardware ecosystem (OpenRISC, OpenTitan)

HOW the pieces fit (mental model)

        OPEN ISA (spec)  ──▶  OPEN RTL (core)  ──▶  OPEN SoC (chip)
        RISC-V / ORBIS        Ibex / mor1kx        OpenTitan
                                    │
                              open toolchain
                          (GCC, Verilator, OpenROAD)

Flashcards

What are the three independent layers that can each be "open" in hardware?
The ISA (spec), the microarchitecture/RTL (implementation), and the toolchain (compiler/EDA flow).
Does an open ISA imply the chip is open?
No — an ISA is only a specification; you can build a fully proprietary core that implements an open ISA (e.g. a closed RISC-V phone SoC).
What is a hardware Root of Trust?
The first component to boot; it measures and verifies each later stage, forming a chain of trust that everything above depends on.
Why must a Root of Trust be auditable / open?
Because you cannot verify the absence of a backdoor in a black box, and everything above it trusts it implicitly.
What CPU core and ISA does OpenTitan use?
The Ibex core, which implements the RISC-V ISA (not OpenRISC).
What is OpenRISC and its main ISA?
An early (~2000) open RISC CPU family; main ISA is ORBIS32/64, flagship core mor1kx.
Why does a fixed 32-bit instruction width simplify the CPU?
Next-instruction address is simply PC+4 with no decoding needed, so total code size = 4N bytes for N instructions.
Why use a signature and not just a hash in secure boot?
A hash gives integrity but not authenticity; a signature binds the hash to the vendor's private key so an attacker can't replace image AND hash.
Roughly how hard is finding a SHA-256 collision, and why?
About 2^128 attempts, from the birthday bound (~2^(n/2) for an n-bit hash).
State Kerckhoffs's principle for silicon.
Security must depend on the secret keys, not on the secrecy of the design.

Recall Feynman: explain to a 12-year-old

A Root of Trust is like the security guard who arrives first and unlocks the building. If that guard is secretly a burglar, it doesn't matter how good the locks are inside — the whole building is unsafe. Now: would you rather have a guard whose training manual is secret, or one whose manual is published so the whole town can check it's honest? Open hardware publishes the manual. The guard still has a secret key nobody can copy (burned into the chip), but the design is open so everyone can make sure there's no hidden trapdoor. OpenTitan is that open guard-chip; OpenRISC was an early open brain (CPU) that showed the idea could work.

Connections

  • RISC-V ISA — the ISA OpenTitan's Ibex core implements
  • Secure Boot & Chain of Trust — the hash-signature mechanism above
  • Cryptographic Hash Functions — collision resistance & the birthday bound
  • Digital Signatures — authenticity vs integrity
  • One-Time-Programmable Fuses (eFuse) — where the root key lives
  • Kerckhoffs's Principle — security by keys, not obscurity
  • FPGA & RTL Verification — Verilator/formal methods used on Ibex

Concept Map

releases

spans three layers

spans three layers

spans three layers

spec only, not silicon

early open

core mor1kx uses

open at all layers

implements

requires

enabled by

security not by secrecy

Open Hardware

RTL design source

ISA layer

Microarch RTL

Toolchain

OpenRISC

OpenTitan

RISC fixed-width

Root of Trust

Auditability

Kerckhoffs principle

Hinglish (regional understanding)

Intuition Hinglish mein samjho

Socho ki kisi chip ke andar ka design — matlab uska RTL (Verilog/VHDL wala hardware "source code") — sabke liye khula ho, jaise open-source software hota hai. Yahi open hardware hai. Isme teen alag layers open ho sakti hain: ISA (software aur hardware ke beech ka contract, jaise RISC-V ya OpenRISC), RTL/microarchitecture (asli core, jaise Ibex ya mor1kx), aur toolchain (compiler, simulator). Ek common galti: log samajhte hain "open ISA matlab chip bhi open" — nahi bhai, ISA sirf ek specification hai; usko use karke koi bhi closed, proprietary chip bana sakta hai.

OpenRISC ek purana (~2000) open CPU family hai, iska main ISA ORBIS hai. Ye RISC-V se pehle aaya aur prove kiya ki open ISA pe GCC aur Linux chal sakte hain. OpenTitan naya aur zyada important hai — ye ek open Root of Trust chip hai, jo RISC-V wala Ibex core use karta hai. Root of Trust matlab woh chip jo sabse pehle boot hota hai aur baaki sab ko verify karta hai. Agar isme backdoor ho to upar ka kuch bhi trust nahi kar sakte.

Ab asli baat: security ke liye design chhupana zaroori nahi. Real security secret keys me hoti hai jo chip ke fuses me burn hoti hain, design ke chhupane me nahi. Isko Kerckhoffs's principle kehte hain. Secure boot ek hash chain hai: har stage ka hash mi=H(Ii)m_i = H(I_i) nikalte hain aur signature σi\sigma_i se verify karte hain. Signature isliye chahiye (sirf hash nahi) kyunki hash sirf integrity deta hai, lekin authenticity (yaani "ye vendor ne hi banaya") signature deta hai. SHA-256 todna lagbhag 21282^{128} tries maangta hai (birthday bound) — practically impossible. Isliye open hone ke baad bhi OpenTitan surakshit rehta hai, aur bonus me duniya bhar ke log iska code audit karke bugs pakad sakte hain.

Go deeper — visual, from zero

Test yourself — Advanced & Emerging Architectures