lowRISC is a not-for-profit engineering company that creates and maintains commercial-grade open-source silicon designs through its collaborative Silicon Commons approach. Pulse 2.0 interviewed lowRISC CEO Gavin Ferris to learn more about the company.
Gavin Ferris’ Background
What is Gavin Ferris’ background? Ferris said:
“I’m the CEO of lowRISC, a UK-based nonprofit focused on developing open-source silicon designs. We provide a home for collaborative engineering to create and maintain high-quality IPs such as OpenTitan, the world’s first open source silicon root of trust (RoT).”
“Before lowRISC, I co-founded a number of startups including RadioScape, a digital radio company, and Crescent Technology, a fintech business that was acquired by multi-billion dollar systematic hedge fund manager Aspect Capital. After serving as Aspect’s chief architect and, ultimately, chief investment officer (CIO), I co-founded lowRISC CIC.”
Core Technologies
What are the company’s core technologies? Ferris explained:
“lowRISC’s team of collaborators and partners (which includes Google, Winbond, Nuvoton, zeroRISC, Rivos, Western Digital, Seagate, ETH Zurich and Giesecke+Devrient) are together responsible for the creation of the Silicon Commons, the development of the RISC-V Ibex core, and the successful delivery of the world’s first commercial-grade open source chip, OpenTitan ‘Earl Grey.’”
“To ground these core technologies and give them relevance: we believe true security has to be anchored in trustworthy silicon, because once the lower levels of a system’s software stack is compromised by an attacker, defenses implemented within (or above) it, such as antivirus or firewalls, can be bypassed relatively easily.”
“Now, every system contains some sort of root of trust (RoT) – the part assumed to function reliably even when under attack – making it a critical component upon which the security of the rest of the platform ultimately depends. However, a major issue for many current systems is that their RoT is embedded in low-level software like the BIOS, which has become a direct and successful target for sophisticated cyber threats. And once this software is breached, there’s often no way for users or fleet managers to revert the system to a “known good” state, short of an RMA.”
“A silicon-based RoT (SiRoT), on the other hand, is a secure hardware module that operates below the operating system and BIOS, a ‘computer within your computer’ as it were. It ensures the system’s integrity by securing the boot process and verifying critical operations. And advanced SiRoTs, such as OpenTitan, offer additional security by providing a safe environment for storing cryptographic keys and managing them beyond the boot phase.”
“By anchoring the RoT in hardware, designers create a more robust and explicit security foundation, one that is far more resilient to attacks than software-based solutions.”
Challenges Faced
What challenges have Ferris and the team faced in building the company? Ferris acknowledged:
“Silicon development has much higher barriers to entry than software. There’s a physical supply chain to reckon with, far fewer skilled engineers, the high cost of EDA tools and mask sets, and the need for eye-watering levels of up-front testing — or design verification (DV) — because “release early, release often” doesn’t work for silicon. So projects have to be able to attract multi-year, significant funding and have the heavyweight governance to go along with that if they are to deliver commercially relevant outputs.”
“These differences are great enough that while we have learned from, and leveraged, the best parts of open source software development, we couldn’t just adopt it wholesale. Instead, with our partners we’ve evolved it into the Silicon Commons. This includes design guidelines, training and documentation, but also a rigorous governance process and infrastructure elements such as continuous integration (CI) and regression testing frameworks.”
What Organizations Bring To The Cybersecurity Discussion
Cybersecurity has become a business imperative. What does your organization bring to the cybersecurity discussion that business leaders either do not understand or get wrong? Ferris noted:
“As noted above, we put the need for an explicit silicon root of trust – as opposed to an (often implicit) software-based one – front and center. But we also emphasize transparency over obscurity in the design of that silicon.”
“Now, while open source projects foster rapid discovery and patching of vulnerabilities through collaboration, that same openness can create risks of its own. For example, an open design repository might inadvertently reveal vulnerabilities to potential attackers, and open source systems could be susceptible to sabotage if project maintainers aren’t vigilant and/or able to carry out the necessary in-depth code and security reviews on submissions.”
“Mitigating these risks – and allowing the benefits of open source design to be leveraged without compromise – means partnering with well-funded open source projects such as OpenTitan, that have robust governance, dedicated stewards (one of the roles lowRISC CIC plays within the project), and regular security reviews.”
Significant Milestones
What have been some of the company’s most significant milestones? Ferris cited:
“Our mission is to help make open-source silicon designs a reality, commercially relevant, and widely adopted throughout the industry. We reached a major milestone in that journey this year with the first commercial-grade fully open-source silicon, OpenTitan, successfully developed with our partners and heading into its first socket in Chromebooks.”
“The production version of this “Earl Grey” design is now in RTL freeze, with volume scheduled to ramp up in 2025. It’s very exciting to see an open silicon solution being produced, adopted by a mainstream platform, and paving the way for future use.”
“We’re also proud to say OpenTitan has become the world’s most active open-source silicon project! Moreover, the complete design being available has encouraged security researchers and academics to test and experiment with it, and this openness has allowed us to integrate many of their valuable insights, leading to significant improvements.”
“And that’s not all of our recent lowRISC milestones! To pick out a few other highlights:
— Microsoft independently selected Ibex, our CPU core, as the reference platform for their CHERIoT development – which makes the proven CHERI hardware security extensions available to users in power, area and cost-constrained applications
— We have subsequently worked with them to help bring the CHERIoT-Ibex core to production-grade
— Ibex’s flexibility, security, and excellent toolchain integration has led many companies/university users to adopt it and tape it out in many commercial designs already
— lowRISC became a founding member of the CHERI Alliance this year”
Customer Success Stories
When asking Ferris about customer success stories, he highlighted:
“The initial announced socket for the first OpenTitan ‘Earl Grey’ chip is Chromebooks, ultimately replacing their existing closed source silicon part. As part of the announcement about this, Google stated: ‘Hardware security is something we don’t compromise on. We are excited to partner with the dream team of Nuvoton, a valued, historical, strategic partner and low risk, a leader in secure silicon, to maintain this high bar of quality. Google is proud of taking an active role in helping build OpenTitan into a first-of-a-kind open-source project, and now we’re excited to see Nuvoton and lowRISC take the next big step and implement a first-of-its-kind open-source chip that will protect users all over the world.’ (Prajakta Gudadhe, Senior Director, ChromeOS Platform Engineering).”
“Also Rivos, an OpenTitan partner who raised a $250m funding round in April this year, have stated publicly that they’re integrating OpenTitan IP directly into their system silicon, and have been major contributors to the ‘Darjeeling’ variant of OpenTitan.”
Future Company Goals
What are some of the company’s future company goals? Ferris emphasized:
“With OpenTitan proving that commercial-grade, fully open-source silicon can be created and go into mainstream sockets — Chromebooks — we have, together with our partners, delivered both an existence proof for collaborative silicon engineering and an initial toolkit of high-quality, reusable IP blocks.”
“Naturally then, our first major goal is to build on this strong foundation as volumes of the production part ramp up in 2025, including providing support for the open-market version of the ‘Earl Grey’ part as it becomes available.”
“Our second target is to release the full version of the integrated OpenTitan variant, “Darjeeling” (designed for incorporation into third-party SoCs and chiplets, and first previewed in November last year), while also progressing the “Chai” variant of this IP (which includes a secure flash interface).”
“And our third target is to progress our work with the CHERI hardware security extension, with the aim of bringing the innovative CHERIoT-Ibex core to production silicon, leveraging our work with Microsoft, InnovateUK, and the Digital Security by Design (DSbD) program.”
“Fourth, we believe that there will soon be a more urgent requirement for post-quantum cryptography (PQC) than may perhaps be commonly appreciated. While OpenTitan already supports PQC signatures (SPHINCS+) out of the box, in the near future we plan to expand the algorithms it supports to include efficient implementations of NIST standards such as ML-DSA.”
“Through the course of 2025, we aim to help grow OpenTitan’s community of supporters and collaborators as we work steadfastly with our partners towards a more transparent, efficient, and cost-effective secure computing future.”
“And finally, zooming out to a slightly longer timeframe, our goal is to make high-quality, open-source foundational IP for security widely available — something we feel is critical in an era where cybersecurity threats (and potential liabilities!) are rapidly increasing.”
Differentiation From The Competition
What differentiates the company from its competition? Ferris affirmed:
“A key differentiator is our collaborative engineering approach, the Silicon Commons, developed together with our project partners and contributors. It helps make open-source silicon design work the same way as open-source software development. As a result, the Silicon Commons allows project partners to leverage a key benefit of open source working, namely getting better products to market faster, because they don’t have to “reinvent the wheel” every time. In other words, lowRISC helps provide companies with foundational silicon IP, so they can instead focus on the things that differentiate their products, their USPs.”
“A vital part of delivering this is our comprehensive open source design verification (DV) methodology, which ensures consistent quality across the entire OpenTitan family and has enabled OpenTitan to achieve design parity with commercial silicon solutions.”
“At a broader level, the open source nature of our work enhances security through transparent design and implementation, allowing early detection of issues, reducing reliance on blind trust, and the facilitation of thorough system audits. It also promotes innovation by encouraging collaborative contributions to the design, fostering a community-driven approach to development. And of course open source – when done properly as with OpenTitan – offers flexibility in implementation while maintaining a consistent set of interfaces and ensuring software compatibility through a shared, open reference design.”
Advancement In Technology As A Non-Profit Engineering Firm
What added value does a non-profit engineering firm bring to the advancement in technology that you might not find from a traditional, for-profit enterprise? Ferris commented:
“Creating silicon designs at the scale of OpenTitan – the world’s most active open silicon project and the world’s first fully open silicon design to reach commercial grade – has relied on the continued contribution and funding from our valued project partners. Success at this scale has only been possible because of lowRISC’s role as a trusted project steward, which in turn is fundamentally underpinned by our regulated, non-profit status, enabling us to act in an independent and even-handed manner at all times.”
“We believe it’s critical that we have engineering capability too, and are not merely acting as coordinators. Our full-stack development team actively engages with official partners, academic institutions, and the broader community daily, meaning we’re leveraging the contributions of a growing network of friends and colleagues who have generously shared their expertise and creativity with us throughout the years, as well as adding to the repository of foundational IP directly ourselves.”
“Our collaborative engineering approach has facilitated the growth of commits from 2,500 at launch to over 20,000 today. With more than 200 contributors, we’ve merged over 15,000 pull requests, resulting in more than a million lines of code.”
Additional Thoughts
Any other topics you would like to discuss? Ferris concluded:
“As organizations face increasing cybersecurity threats, particularly in the age of AI, it is more crucial than ever for the industry to unite against these by prioritizing the foundational security of our systems. We believe OpenTitan’s open source, commercially available silicon Root of Trust is integral to this effort.”
“OpenTitan has not only proven that commercial-grade fully open silicon can be built and go into mainstream sockets like Chromebooks. In the process, its development has also created a publicly available initial toolkit of high-quality IP blocks, with commercial strength DV and security hardening, which can be reused in many different designs.”
“So, in the end, it’s broader than RoTs – we’re entering a golden age of open-source silicon across the board. We strongly believe that the increasing availability of high-quality open silicon IP will complement – not endanger – commercial silicon vendors, allowing those that leverage it to get better products to market faster, better, and more securely.”
“And lastly, in line with our collaborative ethos, we welcome anyone involved in commissioning, developing, or securing critical systems to connect with us for further discussions – please reach out for more information!”
