Chip giants finalize specifications to build security into silicon

A consortium of major chipmakers has finalized the first version of Caliptra, a specification for adding zero-trust security features directly inside the silicon.

The Caliptra 1.0 specification has hardware and software blocks that provide multiple layers of protection for data encrypted on the chips.

“We believe Caliptra is critical to the future of confidential computing, and we couldn’t be more excited to reach our 1.0 milestone,” says Andrés Lagar-Cavilla, a distinguished engineer at Google. Caliptra is currently integrated into chips by companies across the ecosystem which will begin to appear on the market in 2026.

Security-focused hardware exists, but usually as separate components on the hardware. Currently, chips typically access security features available as separate hardware components on the motherboard. The Caliptra specification provides a model for embedding security features into the chip instead of accessing those hardware cores.

For example, the Trusted Platform Module (TPM), which is required on all machines running Windows 11, is a secure processor that performs cryptographic functions, such as Windows Hello authentication and BitLocker drive encryption. Caliptra could make a silicon version of TPM possible.

The specification was built around the concept of confidential information technology, an emerging technology focused on building walls to protect data and programs during storage, transport, and execution. Users and code are verified before they can access the secure area, after which they can run programs.

Caliptra-Spec chip coming soon?

The Caliptra specification aims to repel cyber attacks and protect against vulnerabilities, such as Meltdown and Spectre, that have exposed sensitive user data to hackers.

Caliptra’s protective layers on the silicon include a root of trust block, where code, users and firmware are isolated, verified and authenticated. The specifications extend to protecting firmware and ROMs. The root-of-trust layer also detects and recovers data that may be corrupted.

The specs are now available for tape-in, which means they’re also ready for testing on chips that may go into production. Google’s Lagar-Cavilla says the company is actively integrating Caliptra into first-party silicon designs and working with vendors to ensure that their system-on-chips – including CPUs, GPUs, DPUs, BMCs, SSDs and more – include Calyptra.

Caliptra is an open source technology, so chipmakers can adopt and modify it for free.

A company called Antmicro is developing a Caliptra-based security core for an emerging chip architecture called RISC-V. The technology is an alternative to the dominant x86 and ARM instruction set architectures. RISC-V has a modular design that makes it easy to include technologies like Caliptra into silicon at the production level.

Google is a lead developer of Calyptra, collaborating with Advanced Micro Devices, Microsoft, Marvell and NVIDIA. The Linux Foundation’s CHIPS Alliance manages development of the specification.

Intel is one of the big names of the missing chips in the group of companies developing Caliptra. Intel is pushing on its own security on chip technology to protect users’ data and chips from hackers.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *