Google has spent years talking about open source silicon. Now the search giant is finally putting that idea into real shipping hardware.
The company announced that OpenTitan is now shipping in commercially available Chromebooks. That may not sound flashy at first, but it is actually a pretty big deal for both security and open source.
OpenTitan is designed to be a hardware Root of Trust. In simple terms, it is the tiny chip responsible for verifying that a device is running authorized firmware and software. If that foundation fails, the entire security model of the device falls apart. That is why these components are normally implemented directly in silicon rather than software.
The difference here is transparency. Security chips are usually closed designs that nobody outside the manufacturer can inspect. With OpenTitan, the design, verification process, and code are all open source. Anyone can review how it works, test it, or even build it themselves.
Google began developing OpenTitan about seven years ago with help from the open source community. The goal was to build the first open source silicon Root of Trust that could actually ship in real products.
That goal has now been reached.
The first OpenTitan chip is being manufactured by Nuvoton, a company known for producing secure silicon components. Those chips are now making their way into some Chromebooks, bringing an open source security foundation into consumer devices.
Because the project is open source, hardware vendors are not tied to a single supplier. Companies can buy chips from a commercial partner, manufacture their own version, or adapt the design for specific systems. That flexibility is unusual in the world of security hardware, which is normally tightly controlled by vendors.
Another interesting part of OpenTitan is that it already supports post quantum cryptography secure boot using SLH DSA. Quantum computers are still developing, but researchers widely expect them to eventually break traditional public key cryptography such as RSA. Preparing hardware now for that possibility could help devices remain secure well into the future.
Google says the engineering process behind OpenTitan has been extensive. The design includes more than 40,000 nightly tests to catch problems early, and both individual hardware blocks and the overall design exceed 90 percent verification coverage. Those are the kinds of numbers you expect from commercial silicon development, but it is unusual to see that work happening out in the open.
The project itself is maintained by lowRISC CIC, an independent nonprofit organization helping coordinate development across companies and contributors. Since launching publicly in 2019, the project has grown steadily, reaching more than 29,000 commits and over 275 contributors.
Shipping in Chromebooks is only the first step.
Google says bringup for OpenTitan inside its datacenter infrastructure is already underway and expected later this year. That could expand the open source root of trust concept beyond laptops and into large scale cloud systems.
A second generation OpenTitan chip is also already being planned. Future versions are expected to support lattice based post quantum cryptography algorithms such as ML DSA and ML KEM for secure boot and attestation.
For people who care about open hardware, this milestone matters. Software went open source a long time ago. Hardware has been slower to follow. OpenTitan suggests that even something as sensitive as a security chip can be developed in the open and still end up in real shipping devices.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz