End-to-end Integration of OpenTitan Security Features in a Pure RISC-V SoC

The RISC-V open-source instruction set architecture (ISA) is gaining popularity in the realm of new processor development. Its maturity allows implementation even in scenarios where security plays a key role. OpenTitan (OT), an open-source silicon Root of Trust (RoT) designed specifically for secure embedded environments is a significant example of this adoption. This study focuses on integrating OT into a System-on-Chip (SoC) exclusively featuring RISC-V architectures. In this configuration, OT serves as a secure co-processor, leveraging its cryptographic accelerators to enhance the performance of cryptographic workloads. A noteworthy aspect of this implementation is the intentional preservation of strong isolation in computation and memory, an essential feature to protect sensitive data, including cryptographic keys and intermediate results of cryptographic tasks. The integration of OT into a complete RISC-V SoC was executed and characterized on an FPGA. The FPGA runs the entire SoC which leverages a specialized communication system between two domains: a Host domain and a Safe domain. The Host domain features a CVA6 processor running Linux, while the Safe domain houses the OT system. During system characterization, the delays introduced by the communication and synchronization system between the Host and Safe domains were measured, along with the performance of cryptographic operations conducted in the Safe domain. Results demonstrate the effectiveness of OT HW/SW integration, compensating for the overhead introduced by the communication and synchronization system between the two domains. This makes the proposed implementation sustainable for various application cases and facilitates its integration into embedded and cyber-physical systems based on secure open-hardware architectures.