Axiado’s Trusted Control/Compute Unit (TCU) product family, which offers best-in-class platform root-of-trust (RoT) functions, now provides an option to leverage the open-source Caliptra specification from the Open Compute Project (OCP). TCUs integrated with Caliptra version 1.0 offer the following benefits:
- On-chip Caliptra integration helps IT teams reduce extensive code reviews, pen testing and audits. With contributions from multiple CHIPS Alliance consortium members, the open-source Caliptra specification has gone through comprehensive scrutiny and extensive testing to minimize common pitfalls and mistakes.
- TCUs with Caliptra enhance operational technology (OT) by creating consistent platforms that simplify security operations across infrastructure deployments as more platform components with integrated Caliptra become available.
- The homogeneity in security operations enabled by Caliptra-integrated components simplifies compliance efforts. Security operations teams can establish standardized processes and controls aligned with industry regulations and best practices, reducing complexity and ensuring consistent adherence to security requirements. This streamlines audit processes and enhances the ability of organizations to demonstrate compliance to regulators and stakeholders.
Axiado’s TCU offers RoT functions for measurements, updates, and recovery. Furthermore, Caliptra 1.0 offers Silicon RoT for measurements, which is critical for the attested-boot process for each platform. Caliptra offers a measurement mechanism that anchors hardware attestation. It measures the mutable code it loads, measures and controls non-volatile bits in the SoC, and reports these measurements with signed attestations rooted in unique per-asset cryptographic entropy.
Axiado’s TCU offers additional essential SoC ingredients to Caliptra:
- Physically unclonable function (PUF)
- One-time programmable memory (OTP)
- True random number generator (TRNG)
- Advanced network on chip (NOC) firewalls for access control
- DRAM encrypted regions with respective hardware-managed keys
- Partitioning of secure trusted components running Caliptra and other trust services with the rest of the SoC, offering unique capabilities to address today’s RoT needs and grow them to platform services related to key generation, vaulting, attestation, confidential containers and other security functions
Axiado will demo TCU solutions with integrated Caliptra in OCP GS Oct 2023 with a market launch planned in 2024.