## Collaborative **Engineering**

Cybersecurity by design — from research to industry conference

Gavin Ferris, CEO, lowRISC gferris@lowrisc.org







#### Introduction to lowRISC

**lowRISC** was founded in 2014 as a spin-out from the University of Cambridge Computer Lab in the UK

**UK regulated non-profit** with a mission to drive commercial adoption of open source silicon

**Full-stack engineering** capability including silicon design, verification and security analysis as well as firmware and toolchain development

**Rapidly expanding team** with 20+ engineering staff and 11 management/support staff with offices in Cambridge and Zürich

**Founding member** of the RISC-V Foundation (now RISC-V International) and the CHERI Alliance

Steward and maintainer of the OpenTitan® and Ibex® projects









#### What is Collaborative Engineering?



#### What is Collaborative Engineering?



#### What is Collaborative Engineering?

#### **Goals and Outcomes**

- Removing barriers to innovation
- Supporting startups / SMEs
- Reducing duplicated effort
- Boosting efficiency of companies using the commons
- Raising standards and skills
- Supporting research
- Guaranteeing long term access to technology and IP



#### How? Via the Silicon Commons® Approach:



Code review and approval process



Open development with clear IP provenance



Governance structure



Continuous Integration testing



Training for contributors



Accessible verification collateral



Extensive documentation



Permissive licensing to encourage re-use

#### Who? Major Players including Google:























# Proof: World's 1st Commercial-Grade Open Source Chip...



#### ... Now Going into Real Sockets

"Nuvoton Technology Corporation [...]
announced today that Google's
ChromeOS plans to use the first
commercial chip built on the
OpenTitan open source secure silicon
design as an evolution of its security
chip for Chromebooks."

Nuvoton, May 2024



"Hardware security is something we don't compromise on. We are excited to partner with the dream team of Nuvoton, a valued, historic, strategic partner, and lowRISC, a leader in secure silicon, to maintain this high bar of quality."

Prajakta Gudadhe Sr Director, ChromeOS Platform Engineering







#### Proof: World's Most Active Open Silicon Project

#### RTL · design verification collateral · documentation · low-level firmware · tests

25,000+

total commits

250+

contributors (lbex + OpenTitan)

7,200+

GitHub issues (Ibex + OpenTitan) 3,700+

GitHub stars (Ibex + OpenTitan)

440,000+

lines of SystemVerilog (Digital Design and Verification for Ibex + OpenTitan) 40,000+

test runs in nightly regressions (run multiple times per week)



#### Collaborative Eng. and the Sunburst Project

- Focused on enabling industry and academia to evaluate use of CHERIOT with the aim of driving commercial adoption
- Leveraging Silicon Commons methodology to create two engineering deliverables:
  - 'Sonata' Low cost FPGA board along with RTL (& bitstream) of complete CHERIOT system to run on it: CPU core, debug, peripherals
  - 'Symphony' Integration of the CHERIOT system from Sonata with an OpenTitan® Earl Grey root of trust, using a bridge interface
- Plus training events / dissemination
- All RTL, designs, schematics and outputs are Apache 2 / open source



Digital Security by Design



## IBEX + CHERI + RTOS = CHERIoT; TopLvl₁ = Sonata







"This is truly important foundational work, as it will help make CHERIOT-Ibex the world's first production grade, open-source CHERI-enabled microcontroller core. We're looking forward to seeing it broadly leveraged in commercial designs, bringing much-needed hardware security — in an efficient manner — to a broad swathe of critical applications."

> Tony Chen Partner Security Architect, Microsoft

https://github.com/microsoft/CherloT-ibex

#### Sonata Project includes FPGA Host Board

lowRISC and NewAE have worked on getting Sonata boards prepared over the last year

















Revision 8 / 9 boards are the final version of the board (0.9 has minor BOM modifications only)

#### **Sonata Board Features**

Some of the key items / features on the boards



#### Sonata — Complete System Overview



#### New! Sunburst Extension — CHERIOT SoC

- Based on success of Sonata to date, UKRI have agreed a project extension:
  - SCI Semi joining as project partners
  - lowRISC will provide open silicon IP and an open top level for integration by SCI into a commercial silicon design
  - Aim to migrate open repo to CHERI Alliance in time
  - SCI will manage proprietary IP, tapeout (22nm FDXSOI MPW)
- Will leverage formal verification work from Prof.
   Melham's group at the University of Oxford









Digital Security by Design

### **Engaging through Outreach Events**

Promoting collaboration with the wider community









#### **IowRISC's Role in Collaborative Silicon Design**

- Managed open IP development and maintenance
- Project hosting
- Silicon Commons training
- SCA/FI hardening
- Commercial-grade DV
- Supporting UK semiconductor design core competencies



