Caliptra: Building Cloud Security from the Chip up
When you think about cloud security — and who doesn’t these days? — chip-level security is probably not even on your radar. But, perhaps, it should be. The Open Compute Project (OCP), which brings open source methods and collaboration to the data center, thinks so. In its latest program, Caliptra, the OCP is introducing an open specification for a silicon Root-of-Trust (RoT).
Caliptra, which is Spanish for “root cap,” the deepest part of the root, is an open specification for a reusable, silicon-level intellectual property (IP) block. This is meant to be integrated into system-on-a-chip (SOC)s and application-specific integrated circuits (ASICs). Caliptra is fully open source all the way down to the register-transfer level (RTL).
Verifiable Cryptographic Assurances
What that means for those of us who aren’t chip fabricators is that it provides verifiable cryptographic assurances of the SOC’s security configuration and workload protection mechanisms. This, in turn, ensures that only trusted firmware can execute on the SOC. Thus, Caliptra’s main job is to provide verifiable cryptographic assurances of an ASIC or SoC’s security configuration, with an in-chip mechanism to ensure the boot code is trustworthy. After all, no one wants to see a hypercloud rootkit attack.
Microsoft Azure, a major Caliptra supporter, states it will provide “foundational security properties that underpin the integrity of higher-level security protection for confidential workloads.” It will provide such essential security properties as Identity; hardware security compartmentalization; and verification of all mutable firmware ownership
Historically, this has been done on the motherboard with ROT chips. On these, developers could build a “Tower of Trust” to ensure that only the correct firmware could run on their devices. This then ensures that a server or a device can only boot with the correct firmware. It also provides the foundation for a cryptographically unique machine identity; protects secrets like encryption keys, and delivers authoritative, tamper-evident audit records and other runtime security services.
For the most part, this has been done with proprietary silicon, such as the Rambus RT-600 series and the Intel FPGA PAC D5005 BMC. Needless to say, there have been other open source efforts to address RoT. The most well-known of these is Google’s OpenTitan.
But the OCP decided it wanted a ROT just for hyperscale cloud data centers. They also wanted a universal design that would “not be a landing pad for vendor ‘value adds.'” This way, all major cloud vendors could rely on Caliptra without worrying about being painted into a corner. Another reason for this was that edge computing business models, and cloud confidentiality demanded higher levels of security, interoperability, and transparency.
Or, as Partha Ranganathan, Google Cloud’s VP, Engineering Fellow, and OCP Board Member, said, “With Caliptra, we are bringing the velocity of open source development to infrastructure security, enabling the Community to collectively harden a robust IP block that all of us can trust across a diverse set of silicon offerings.”
The Caliptra 0.5 specifications are already available. The firmware collaboration will be done with the open source hardware CHIPS Alliance. Caliptra is being backed by OCP members, AMD, Google, Nvidia, and Microsoft. It’s worth noting, however, that OCP Platinum member Intel has not thrown its support behind this project.
Be that as it may, it seems clear already that with both Google and Microsoft behind it, Caliptra will be an important substratum to foundational cloud security.