To clarify this is just open source fpga code. It's not an open chip. Yet. It does however get us one step towards open silicon. An open source root of trust would be the most useful application for open silicon initiatives. I'd argue anything that touches key material should be auditable.<p>Put another way, you wouldn't trust a proprietary cryptographic algorithm, why would you trust a black box chip?<p>Current chips (including OpenTitan) still need to be fabricated at third party foundries using that foundry's proprietary process design kits ('PDKs') and signing two layers of NDA's. As multiple talks at CHES showcase every year there are a number of shenanigans that can be pulled off between a company like Google releasing verilog code for tapeout and the foundry handing back a 'compiled' chip.<p>The state of open silicon is somewhat analogous to GNU's efforts to create an open source operating system prior to Linux coming along and implementing an open kernel. We still lack open pdk's though it looks like there have been some recent breakthroughs with two foundries in the US and one in Hong Kong.<p>Recent advances in open FPGA toolchain environments at least let us simulate open solutions here like OpenTitan even if we can't yet tape them out transparently.
What application does a hardware-backed root of trust have for more consumer/non-server products like laptops/phones?<p>Dos this differ substantially from a TPM? Could it be used to verify integrity of a system from power-on to finishing booting say a Linux distro?
I see no mention of the ability to use it in one's own designs, which seems like an oversight to me ("source available" vs "free software/hardware"). However, the repository's license seems to be Apache 2.0.