OpenTitan Darjeeling (Integrated Admissible Architecture) Datasheet

Overview

OpenTitan Darjeeling is a system-on-a-chip Secure Execution Environment, capable of serving as a root of trust (RoT) for measurement and attestation among other applications, for instantiation within a larger system. It can serve as the SoC root of trust, a platform root of trust, or even be integrated and leveraged for individual chiplet RoTs.

Top Level Block Diagram

Darjeeling’s block diagram shows the system configuration, including the RISC-V Ibex processor and all of the memories and comportable peripheral IPs. The system is split into a high speed domain (e.g. 1 GHz clock in a recent process node) and a peripheral domain (e.g. 250 MHz). The system has support for light sleep only, since the entire root-of-trust is expected to be always-on in an integrated context.

The SoC integration wrapper contains shared infrastructure that can be adapted based on the integrator’s needs. It contains a control network (CTN) crossbar for attaching shared SoC-level peripherals, as well as a large, shared CTN SRAM.

Communication with the SoC is mainly via the mailboxes, DMA and SoC proxy module. The SoC proxy module serves as a comportable IP frontend for incoming IRQs, reset requests, wake up requests, alerts and the TL-UL egress port into the CTN network. Egress TL-UL requests go through base address translation and range-based access control checks, which provides flexibility and isolation in the CTN space. Code can be executed from both internal memories (ROM partitions 1 and 2, main SRAM) and CTN SRAM.

Debug access is established via the JTAG TAP attached to a debug TL-UL crossbar. Through that, a JTAG mailbox, the RISC-V debug module, the SoC debug controller, and the life cycle controller can be accessed. The JTAG mailbox can be used to implement firmware-driven SoC-level debug authorization. Infrastructure signals such as clocks, resets and the entropy source are provided by the analog sensor top (AST) block, which is connected to the Darjeeling-internal power, clock and reset manager blocks. The sensor control block provides a comportable IP front-end for the AST block that the Ibex processor can interact with.

The following table provides a more detailed summary of the supported features:

OpenTitan Darjeeling Features
  • RV32IMCB RISC-V "Ibex" core:
    • 3-stage pipeline, single-cycle multiplier
    • Support for the full ratified bit manipulation extension and some unratified subsets
    • 4 KiB instruction cache with 2 ways
    • RISC-V compliant JTAG DM (debug module)
    • PLIC (platform level interrupt controller)
    • U/M (user/machine) execution modes
    • Enhanced Physical Memory Protection (ePMP) with 16 regions
    • Address translation with 32 regions
    • Security features:
      • Low-latency memory scrambling on the icache
      • Dual-core lockstep configuration
      • Data independent timing
      • Dummy instruction insertion
      • Bus and register file integrity
      • Hardened PC


  • Security peripherals:
    • AES-128/192/256 with ECB/CBC/CFB/OFB/CTR modes
    • HMAC / SHA2-256, 384, 512
    • KMAC / SHA3-224, 256, 384, 512, [c]SHAKE-128, 256
    • Programmable big number accelerator for RSA and ECC (OTBN)
    • NIST-compliant cryptographically secure random number generator (CSRNG)
    • Entropy source, with FIPS- and CC-compliant health checks, which can be bypassed depending on the properties of the connected digital noise source
    • Key manager with DICE & DPE support
    • Manufacturing life cycle manager
    • Alert handler for handling critical security events
    • OTP controller with access controls and memory scrambling
    • Flash controller with access controls and memory scrambling
    • ROM and SRAM controllers with low-latency memory scrambling
    • SoC Debug Controller
    • Register-Access Control List (RACL) Controller
    • Access Control Range Check
  • Memory:
    • 1 MiB shared CTN SRAM (in wrapper)
    • 64 KiB main SRAM
    • 4 KiB retention SRAM
    • 4 KiB shared mailbox SRAM
    • 32 KiB ROM partition 1
    • 64 KiB ROM partition 2
    • 16 KiB (=128 Kibit) OTP


  • I/O peripherals:
    • 32 bit GPIO with 8 input period counters
    • 1x UART
    • 1x I2C with host and device modes
    • 1x SPI host with 1 chip select
    • 1x SPI device
    • 9x DOE Mailboxes
    • 1x JTAG Mailbox
    • 1x DMA Controller with support for inline hashing of transferred data with SHA-256, SHA-384, or SHA-512
    • 1x SoC Proxy module for external alerts and interrupt requests


  • Other peripherals:
    • Clock, reset and power management
    • Fixed-frequency timer
    • Watchdog (always-on timer)


  • Software:
    • Boot ROM code implementing secure boot, including owner-approved second signing, and chip configuration
    • Bare metal top-level tests
    • OpenTitan Crypto Library with OTBN accelerated standard algorithms for
      • RSA 2K, 3K, 4K
      • ECC with NIST P256/P384, Brainpool P256r1 or X25519/Ed25519
      • SHA2-256, 384, 512
    • SPHINCS+ PQ-secure boot using a stateless hash-based signatures scheme
    • SPDM responder application

Discrete Earl Grey Differences

The Darjeeling configuration derived from the OpenTitan’s discrete “Earl Grey” has been extended to meet the requirements for an SoC-integrated RoT. The main processing elements and cryptographic features are significantly similar, while several unneeded IO peripherals in an integrated context have been removed. A set of new IP blocks have been developed to enable integration into a larger SoC:

  • An extended key manager block with support for TCG’s DICE Protection Environment (DPE)
  • A DMA controller facilitating data exchange between the OpenTitan IP and the SoC
  • A mailbox with TL-UL bus interface, configurable shared memory regions, and support for the PCIe Data Object Exchange (DOE) protocol
  • A SoC proxy module that serves as a comportable fronted for external interrupts, alerts and the like
  • An SoC debug controller, which controls debug and test access to the SoC
  • An access control range check module that ensures that Darjeeling can access only authorized addresses in the SoC
  • A register-access control list controller that defines role-based access permissions to Darjeeling’s registers