The Root-of-Trust (ROT) concept has existed in cryptographic security for decades, but not till Nuvoton began fabrication of the first OpenTitan chips for Google last month has an open source ROT reached commercial viability – in a particular landmark for the RISC-V architecture set.
After years in development, the silicon will finally be included in Chromebooks delivered from late 2025, with Google touting a "new era" of transparency-based security after working closely with eight partners to develop the “commercial grade” RISC-V based hardware.
The milestone shows OpenTitan “really can compete with proprietary offerings right now,” says Dom Rizzo, CEO of silicon cloud security company ZeroRISC and a founder of the OpenTitan project.
“People keep saying silicon is different then software and you can’t really do open source, and now it’s ‘well, ok, but we did’…
“It’s very hard to refute the chip in your hand,” he tells The Stack.
Join peers following The Stack on LinkedIn
Rizzo first worked on the idea a decade ago while an employee at Google, seeing potential to work with the open-source RISC-V instruction set architecture (ISA) to “level up” security and feeling "very frustrated with the quality of open source implementations of silicon."
Since then, a wide range of collaborators have joined the project including its host, non-profit lowRISC, as well as G + D Mobile Security, ETH Zurich, Seagate, Winbond, and Nuvoton.
“It was quite natural for us to join the OpenTitan partnership,” says Ran Klier, Nuvoton’s Director of Product Marketing, OpenTitan and IoT Security. He tells The Stack that the Taiwanese manufacturer sees “a lot of potential in working with RISC-V on a completely open source, transparent, trustworthy solution, such as OpenTitan.”
Why make a security chip open source?
As an ROT, the OpenTitan chip first runs security checks on its own code base before checking the chiplet layer above it and kicking off a “trust chain” certifying the security of a device from the ground-up, explains Mark Hayter, Founder and CSO of RISC-V specialist Rivos; a project partner.
The main idea is the same as any ROT, but by making the chip open source, “everyone can examine down to the register-transfer level (RTL), everything is auditable, and everything can have security reviewers review it,” he tells The Stack.
The matter of open source security software/hardware has been contentious as developers debate the benefits of essentially giving would-be attackers part of their homework, but Hayter says “if you can’t look at [source code], how can you have any trust in its security?”
Rizzo goes one step further, citing Kerckhoff's principle, a cryptography tenet emphasising the assumption of transparency as key to creating a secure code, to support his belief in the importance of open source for ROTs.
“There's this almost ideological point of - ‘no, we don't do closed source cryptography’. And you'll see [through programmes] like open SSL and boring SSL, this is a pretty standard, well accepted principle by serious cryptographers and security people that it should just be open." - Dom Rizzo
More eyes on OpenTitan’s coding should also improve its durability, Hayter says on a call with The Stack, adding that when a bug is spotted on proprietary chips, developers often have to wait for a manufacturer fix and “just have to leave [their] users unprotected” until it arrives.
See also: Jeff Bezos backs RISC-V chipmaker at $2.6 billion valuation
“Whereas with an open source [chip]... you can say, okay we may not have the correct fix that the manufacturer will eventually put out, but we can put a fix in right now that will address the problem… so we can protect our users.”
Figuring out how to build an open source ROT to “some of the absolute highest certification standards” was also, as Rizzo discovered, a compelling problem for much of the tech industry. As a result, the academic community “flocked” to the project, he says, giving potential flaws in the code “nowhere to hide” – OpenTitan’s contributors had reached 176, as of February 2025, and its committers number 26.
Spotlighting one committer, ZeroRISC employee Jane Philipoom, Rizzo says “the reason that we were able to get post quantum secure boot in the very first versions of this chip, is just because of her very strong collaboration with folks like Peter Schwabe at the Max Planck Institute… and primary authors of all the post quantum crypto algorithms.”
“There are security countermeasures in [OpenTitan] that are the absolute latest and greatest, just published last year… People like working on it because they think ‘well, my work might go into this real thing and have impact,’” Rizzo adds.
Fab, but what next?
The production launch for OpenTitan may seem like the end of a long road but its impact on the industry may only just be beginning if the industry-wide vision of its founder is to be realised.
“We've got it now, so let's use this to start getting security and integrity into the entire ecosystem, into the supply chain. Basically, leveraging this technology to decouple the security of your devices from the point of manufacture,” Rizzo says.
While tech giants like Apple, Intel and Qualcomm are already able to do security like this, an open source solution could “bring that capability to everyone else," and "amortize" the long-term maintenance costs.
To realise this, ZeroRISC is working on further commercialisation of the technology with Nuvoton, but Klier says the idea will take time to come to fruition.
“In order to sell this to the open market, it will require much more attention to solutions, definition, services, [and] support for a wider market… We consider it a long term product.” - Ran Klier
Work is also underway to level up the chip from its first use as a device ROT, with Rivos (which raised $250 million in in April 2024 to build RISC-V based chips for AI workloads) eyeing ways in which OpenTitan could go from “just being a discrete chip implementation” to one that can potentially be embedded in a bigger SOC for use in data servers.
“What we've done [at Rivos] is we've taken it and tweaked it so that it can sit inside, actually on the die of our chip, and provide the same features, but built in… So when we have multiple chiplets, OpenTitan is built into them and they can talk to each other to say ‘I can trust you’”, he explains.
Google, meanwhile, has already claimed data centre integrations of the chip are coming later this year and said OpenTitan could “be used across the Google ecosystem.” Devices outside the Chromebook family are also likely to integrate the ROT say coalition members, though Klier would not be drawn on any discussions Nuvoton may have already had.
Development could also go even further, with Rizzo sharing plans for preparing OpenTitan for a post-quantum world and Hayter envisioning even smaller versions of the chip expanding its capabilities to address issues like deepfakes. As he puts it: “If your camera sensor were to have a secure element in it, and could basically sign every picture it took… we maybe have a way of saying, ‘okay, if I can see the attestation chain all the way back to the pixel sensor, then I'll start trusting photos again.’”
