When we discuss the security of silicon, and are calling it open silicon, is this because the design specs and libraries are all open source, or is it due to being able to do research on chip attacks without fear of being sued?
The hardware IP is Apache-licensed, https://github.com/lowRISC/opentitan. Ideally, it will be possible to buy commercial hardware that incorporates an open silicon RoT, perform a reproducible build of open firmware for the device RoT, then sign and install firmware with the device owner's key.
From OP:
> Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers.. assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.
research on chip attacks without fear of being sued
If a commercial SoC is marketing their usage of an open-source silicon IP block with transparent high assurance, one can only hope they would welcome open security research, ideally via a bug bounty program.
