News, news analysis, and commentary on the latest trends in cybersecurity technology.
Chip Giants Finalize Specs Baking Security Into Silicon
Caliptra 1.0 offers a blueprint for integrating security features directly into microprocessors.
April 25, 2024
A consortium of top chip makers have finalized the first version of Caliptra, a specification to add zero-trust security features directly inside silicon.
The Caliptra 1.0 specification has hardware and software blocks providing multiple protection layers for encrypted data on chips.
"We believe Caliptra is a foundational aspect to the future of confidential computing and couldn't be more excited to reach our 1.0 milestone," says Andrés Lagar-Cavilla, a distinguished engineer at Google. Caliptra is currently being integrated by companies across the ecosystem into chips that will start to appear in the market in 2026.
Security-focused hardware exists, but usually as separate components on the hardware. At the moment, chips typically access security features that are available as separate hardware components on the motherboard. The Caliptra specification provides a blueprint to embed the security features into the chip instead of accessing those hardware cores.
For example, the Trusted Platform Module (TPM), which is required on all machines running Windows 11, is a secure processor carrying out cryptographic functions, such as Windows Hello authentication and BitLocker drive encryption. Caliptra could make possible an on-silicon version of TPM.
The specification was built around the concept of confidential computing, an emerging technology focused on building walls to protect data and programs during storage, transport, and execution. Users and code are verified before being allowed to enter the secure area, after which they can run programs.
Caliptra-Spec Chips on the Way?
The Caliptra specification aims to fend off cyberattacks and protect from vulnerabilities, such as Meltdown and Spectre, which exposed confidential user data to hackers.
Caliptra's protection layers on silicon include a root-of-trust block, in which code, users, and firmware are isolated, verified, and authenticated. The spec extends to protecting firmware and ROMs. The root-of-trust layer also detects and recovers data that may be corrupted.
The specification is now available for tape-in, which means it is also ready for testing for chips that may be going into production. Google's Lagar-Cavilla says the company is actively integrating Caliptra in first-party silicon designs and collaborating with suppliers to ensure their system-on-chips — across CPUs, GPUs, DPUs, BMCs, SSDs, and more — include Caliptra.
Caliptra is an open source technology, so chip makers can adopt and modify it for free.
A company called Antmicro is developing a Caliptra-based security core for an emerging chip architecture called RISC-V. The technology is an alternative to the dominant x86 and ARM instruction set architectures. RISC-V has a modular design that makes it easier to include technologies like Caliptra in production-level silicon.
Google is a lead developer of Caliptra, working alongside Advanced Micro Devices, Microsoft, Marvell, and NVIDIA. The Linux Foundation's CHIPS Alliance is managing the development of the specification.
Intel is one of the big names in chips missing from the group of companies developing Caliptra. Intel is pushing its own on-chip security technology to protect user data and chips from hackers.
About the Author
You May Also Like