Frequently Asked Questions

What makes OpenTitan different from other open-source hardware security projects?

OpenTitan is the world's first open-source silicon Root of Trust (RoT) to reach high-volume commercial production, notably shipping as the plan-of-record hardware security chip in Google Chromebooks. Unlike projects that remain purely at the specification or simulation stage, our codebase has been fully realized in physical silicon, proving that collaborative open-source hardware can meet the rigorous quality, supply chain, and security requirements of high-volume consumer and enterprise markets.

Who governs and maintains the OpenTitan project?

Technical roadmaps and overall strategies are guided by our Governing Board, Technical Committee, and specialized Working Groups drawn from our member organisations. OpenTitan is independently stewarded and maintained by lowRISC C.I.C., a UK-based, not-for-profit Community Interest Company that employs a full-stack, dedicated in-house engineering team to ensure stable, long-term support and cohesive design quality.

Under what license is the OpenTitan IP distributed?

All hardware designs, software libraries, and tooling within the OpenTitan repository are distributed under the highly permissive and business-friendly Apache License, Version 2.0. This licensing model places minimal obligations on users, allowing commercial adopters to integrate, modify, and manufacture the IP in proprietary designs without being forced to open-source their own custom additions.

All code contributions are strictly governed by formal Contributor License Agreements (CLAs) at both corporate and individual level. This governance framework ensures clean IP provenance and robust copyright and patent protections, drastically minimizing the legal risks of infringement for commercial vendors and system integrators taking OpenTitan to market.

Can OpenTitan be integrated directly into a System-on-Chip (SoC) or is it only available as a discrete chip?

OpenTitan is designed for maximum structural flexibility and is available as both a discrete microcontroller and an integratable SoC subsystem. Current top-level systems include the "Earl Grey" discrete Root of Trust layout and the "Darjeeling" Secure Execution Environment, which is specifically optimized to be integrated as a hardware security block within larger SoC, ASIC, and multi-die chiplet architectures.

Is it possible to extract and reuse individual IP blocks from the OpenTitan repository?

Yes, all hardware blocks are designed as modular, parameterized IP components, while OpenTitan utilizes a monolithic repository structure to streamline global continuous integration and top-level verification. Block-level register specifications, programmer's guides, and standalone configurations are fully documented, allowing chip designers to extract and reuse individual cryptographic or peripheral blocks in their own custom silicon layouts.

What bus interfaces and inter-die communication protocols does OpenTitan support?

OpenTitan natively utilizes the high-performance, low-latency TileLink-UL bus interface for all internal IP communications. For complex system integration, OpenTitan configurations support advanced SoC proxy modules, direct memory access (DMA) controllers, and dedicated PCIe Data Object Exchange (DOE) mailboxes, enabling seamless, secure inter-die communications in modern multi-chiplet and multi-die packaging topologies.

How is OpenTitan's physical hardware hardened against physical attacks?

OpenTitan incorporates industry-grade countermeasures directly into its physical layout, covering memory, buses, registers, and cryptographic accelerators. Hardware blocks like our Big Number Accelerator (OTBN) and AES engines are specifically hardened with side-channel analysis (SCA) resilience, dual-core lockstep configurations, address translation, and fault-injection (FI) countermeasures to prevent unauthorized access and protect sensitive cryptographic secrets.

Does OpenTitan support Post-Quantum Cryptography (PQC)?

Yes, OpenTitan is a pioneer in hardware-rooted post-quantum security, with our first-generation production silicon natively supporting quantum-resistant secure boot using stateful hash-based signatures (SLH-DSA). We are delivering high-performance, hardware-accelerated support for lattice-based PQC algorithms such as ML-KEM and ML-DSA.

How does the OpenTitan Big Number Accelerator (OTBN) handle the computational overhead of new PQC standards?

To mitigate the severe processing and memory footprint challenges of lattice-based cryptography, OpenTitan features a programmable, specialized cryptographic coprocessor called OTBN. Our upcoming hardware roadmap introduces 32-bit single instruction, multiple data (SIMD) vector extensions to OTBN, which accelerate polynomial arithmetic and achieve a six- to nine-fold increase in processing efficiency for advanced algorithms like ML-DSA and ML-KEM.

What classical cryptographic algorithms are natively supported by OpenTitan's hardware accelerators?

Alongside our post-quantum roadmap, OpenTitan features native hardware accelerators for a complete suite of classical cryptographic primitives. The on-chip crypto library offloads heavy processing from the host core, providing dedicated acceleration for RSA (up to 4K), elliptic curve cryptography (NIST P256/P384, Brainpool, and X25519/Ed25519), AES, SHA-2, SHA-3, and KMAC/HMAC.

How thorough is the design verification (DV) of the OpenTitan codebase?

To meet the highest industrial sign-off standards, all OpenTitan designs undergo exhaustive, commercial-grade verification. Our automated continuous integration (CI) pipelines run over 40,000 regression tests nightly, consistently ensuring that individual IP blocks and top-level designs maintain functional, code, and assertion coverage metrics above 90%.

Can I inspect the real-time quality and verification status of the project?

In keeping with our commitment to absolute security through transparency, we publish our live Design Verification (DV) dashboard directly on our website. Anyone can inspect the real-time nightly test results, passing percentages, and detailed coverage telemetry (including code, toggle, and functional coverage) for every IP block in our repository.

How does OpenTitan coordinate the disclosure of security vulnerabilities?

OpenTitan operates under a professional, structured >Coordinated Vulnerability Disclosure (CVD) policy managed directly by the lowRISC security team. Security researchers can utilize our public, verified PGP-encrypted reporting channels to submit discovered vulnerabilities, which are then thoroughly investigated, verified, and patched in collaboration with the open-source community before public release.

What software tools and build systems are required to work with the OpenTitan codebase?

OpenTitan utilizes the >modern Bazel build system to manage its software, firmware, and hardware compilation flows, providing a highly automated and reproducible developer experience. Bazel coordinates all external toolchains, including the RISC-V compiler, FPGA synthesis scripts, and advanced static sign-off EDA tools (such as FuseSoC and Vivado) seamlessly within our development containers.

Can developers evaluate OpenTitan without purchasing physical ASIC silicon?

Yes, developers can fully evaluate, simulate, and prototype OpenTitan using entirely virtual or FPGA-targeted environments. The codebase is optimized for open-source software simulators like Verilator and Antmicro's Renode framework, and we provide pre-compiled bitstreams that can be flashed directly onto commercially available FPGA development boards for physical hardware evaluation.

How can independent developers or research groups contribute to the OpenTitan project?

Independent developers, academic institutions, and non-profit organizations are highly encouraged to participate in OpenTitan through our free, accessible membership tier. This tier allows research teams to join our technical Working Groups, collaborate on academic papers, and safely contribute code, design verification, or documentation to the public repository.

What are the benefits of commercial membership for corporate adopters?

While OpenTitan is open-source, corporate membership tiers offer substantial advantages for organizations deploying custom SoCs. Commercial members gain seats on the Technical Committee and Governing Board, early visibility into internal project roadmaps, and immediate access to productized private deliverables, which include advanced integration guides, custom checklists, and comprehensive documentation for Common Criteria certification.

Does lowRISC offer professional services or engineering consultancy for custom OpenTitan integrations?

Yes, lowRISC offers formal, professional engineering consultancy services to assist commercial partners with custom OpenTitan deployments. Under standard framework services agreements, our full-stack engineering team provides expert support for secure hardware design, support and maintenance tailored to your specific certification goals.