Open hardware ecosystem (OpenRISC, OpenTitan)
WHAT is "open hardware"?
Three things can each be "open", and people confuse them:
| Layer | What it is | Open example |
|---|---|---|
| ISA (Instruction Set Architecture) | the contract between SW and HW | RISC-V, OpenRISC ORBIS |
| Microarchitecture / RTL | the actual gate-level implementation | mor1kx, Ibex |
| Toolchain | compiler, simulator, EDA flow | GCC port, Verilator, OpenROAD |
WHY does open hardware matter? (the 80/20 core)
The four big WHYs:
- Auditability — anyone can look for backdoors/bugs (crucial for a Root of Trust).
- No vendor lock-in / no per-unit royalties — the RTL is free to reuse.
- Longevity — the design outlives any single company.
- Community fixes — bugs get found and patched by many eyes (Linus's Law for hardware).
OpenRISC — the early open CPU
OpenTitan — the open Root of Trust

HOW the pieces fit (mental model)
OPEN ISA (spec) ──▶ OPEN RTL (core) ──▶ OPEN SoC (chip)
RISC-V / ORBIS Ibex / mor1kx OpenTitan
│
open toolchain
(GCC, Verilator, OpenROAD)
Flashcards
What are the three independent layers that can each be "open" in hardware?
Does an open ISA imply the chip is open?
What is a hardware Root of Trust?
Why must a Root of Trust be auditable / open?
What CPU core and ISA does OpenTitan use?
What is OpenRISC and its main ISA?
Why does a fixed 32-bit instruction width simplify the CPU?
Why use a signature and not just a hash in secure boot?
Roughly how hard is finding a SHA-256 collision, and why?
State Kerckhoffs's principle for silicon.
Recall Feynman: explain to a 12-year-old
A Root of Trust is like the security guard who arrives first and unlocks the building. If that guard is secretly a burglar, it doesn't matter how good the locks are inside — the whole building is unsafe. Now: would you rather have a guard whose training manual is secret, or one whose manual is published so the whole town can check it's honest? Open hardware publishes the manual. The guard still has a secret key nobody can copy (burned into the chip), but the design is open so everyone can make sure there's no hidden trapdoor. OpenTitan is that open guard-chip; OpenRISC was an early open brain (CPU) that showed the idea could work.
Connections
- RISC-V ISA — the ISA OpenTitan's Ibex core implements
- Secure Boot & Chain of Trust — the hash-signature mechanism above
- Cryptographic Hash Functions — collision resistance & the birthday bound
- Digital Signatures — authenticity vs integrity
- One-Time-Programmable Fuses (eFuse) — where the root key lives
- Kerckhoffs's Principle — security by keys, not obscurity
- FPGA & RTL Verification — Verilator/formal methods used on Ibex
Concept Map
Hinglish (regional understanding)
Intuition Hinglish mein samjho
Socho ki kisi chip ke andar ka design — matlab uska RTL (Verilog/VHDL wala hardware "source code") — sabke liye khula ho, jaise open-source software hota hai. Yahi open hardware hai. Isme teen alag layers open ho sakti hain: ISA (software aur hardware ke beech ka contract, jaise RISC-V ya OpenRISC), RTL/microarchitecture (asli core, jaise Ibex ya mor1kx), aur toolchain (compiler, simulator). Ek common galti: log samajhte hain "open ISA matlab chip bhi open" — nahi bhai, ISA sirf ek specification hai; usko use karke koi bhi closed, proprietary chip bana sakta hai.
OpenRISC ek purana (~2000) open CPU family hai, iska main ISA ORBIS hai. Ye RISC-V se pehle aaya aur prove kiya ki open ISA pe GCC aur Linux chal sakte hain. OpenTitan naya aur zyada important hai — ye ek open Root of Trust chip hai, jo RISC-V wala Ibex core use karta hai. Root of Trust matlab woh chip jo sabse pehle boot hota hai aur baaki sab ko verify karta hai. Agar isme backdoor ho to upar ka kuch bhi trust nahi kar sakte.
Ab asli baat: security ke liye design chhupana zaroori nahi. Real security secret keys me hoti hai jo chip ke fuses me burn hoti hain, design ke chhupane me nahi. Isko Kerckhoffs's principle kehte hain. Secure boot ek hash chain hai: har stage ka hash nikalte hain aur signature se verify karte hain. Signature isliye chahiye (sirf hash nahi) kyunki hash sirf integrity deta hai, lekin authenticity (yaani "ye vendor ne hi banaya") signature deta hai. SHA-256 todna lagbhag tries maangta hai (birthday bound) — practically impossible. Isliye open hone ke baad bhi OpenTitan surakshit rehta hai, aur bonus me duniya bhar ke log iska code audit karke bugs pakad sakte hain.