OpenPRoT: Building a Secure and Transparent Foundation for Platform Root of Trust

In today’s digital landscape, where cyber threats are increasingly sophisticated and pervasive, securing the foundational layers of computing systems has never been more critical. At the heart of this effort lies the concept of a Platform Root of Trust (PRoT)—a trusted component that serves as the cornerstone for all security operations within a system. From enabling secure boot processes to verifying firmware integrity and performing cryptographic functions, the PRoT acts as a trust anchor, enabling the rest of the system’s security measures to operate effectively.

Recognizing the importance of transparency, collaboration, and innovation in enhancing PRoT security, the OpenPRoT Project was born. OpenPRoT is an ambitious initiative aimed at defining and building an open-source firmware stack for PRoTs. This blog explores the vision, pillars, progress, and ecosystem of OpenPRoT, highlighting its transformative potential in the fight against evolving cyber threats.

The Vision of OpenPRoT

The OpenPRoT project is guided by a clear and forward-thinking vision:

• Create an OCP Specification: Develop a comprehensive Open Compute Project (OCP) specification for a Platform Root of Trust firmware stack.
• Open-Source Implementation: Build an open-source implementation of the specification to foster transparency and collaboration.
• Hardware Versatility: Target both existing and new root-of-trust hardware implementations, intended for broad applicability across diverse platforms.

By combining open standards with open-source principles, OpenPRoT aims to redefine how PRoTs are designed, implemented, and trusted.

Pillars of OpenPRoT

The foundation of OpenPRoT is built on four key pillars that reflect its commitment to security, transparency, and industry collaboration:

1. Implementation Consistency: OpenPRoT provides a functioning reference stack that demonstrates how to effectively use the firmware on a Platform Root of Trust device. This enables consistent implementation across hardware platforms.
2. Transparency & Openness: As a fully open-source project under the CHIPS Alliance, OpenPRoT invites contributions from the global community. This openness allows for rigorous code review, faster identification of vulnerabilities, and the elimination of hidden backdoors.
3. Reusability: By collaborating with standards bodies and other RoT projects, such as Caliptra, OpenPRoT aims to create modular and reusable firmware solutions. This approach fosters innovation and reduces duplication of effort across the industry.
4. Interoperability: OpenPRoT adheres to industry-standard specifications from OCP, DMTF, and PCI-SIG®, ensuring seamless integration with existing technologies and reducing vendor lock-in.

Open Standards and Hardware Abstraction Layer

A standout feature of OpenPRoT is its commitment to open standards and the implementation of a clear Hardware Abstraction Layer (HAL). This design choice is pivotal in enabling the firmware to run on a variety of hardware implementations, allowing developers to select hardware based on the specific needs of their products. The HAL is designed to ensure that while the underlying hardware may vary, the upper layers of the firmware maintain compatibility through industry-standard interfaces and protocols.

Key Open Standards Included:

• From OCP:
  • OCP Secure Boot: Provides a secure boot process to prevent unauthorized firmware from being loaded.
  • OCP Attestation: Helps ensure the integrity and authenticity of the platform by verifying its components.
  • OCP Recovery: Offers mechanisms for recovering systems to a known-good state in case of failure.
  • OCP Streaming Boot: A future standard aimed at enabling systems to boot directly from a network stream, enhancing flexibility and speed.

• From DMTF:
  • MCTP (Management Component Transport Protocol): Facilitates communication between different components in a platform, enabling efficient data transport.
  • SPDM (Security Protocol and Data Model): Focuses on security protocols for data exchange, crucial for maintaining secure communications.
  • PLDM (Platform Level Data Model): Provides a standard way to represent platform management data, enhancing interoperability.

• From PCI-SIG®:
  • PCIe® DOE (Data Object Exchange): Enables efficient data exchange over PCIe, supporting a wide range of applications and enhancing system flexibility.

These standards help ensure that OpenPRoT can seamlessly integrate with existing technologies, providing a robust and flexible foundation for platform security.

Project Updates: Progress and Milestones

The OpenPRoT project has made significant strides in its development, with several key updates:

• CHIPS Alliance Support: OpenPRoT is supported under the CHIPS Alliance and licensed under Apache License 2.0, for accessibility and openness.
• v0.5 Specification Draft: The initial draft of the specification is available on GitHub, inviting feedback and contributions from the community.
• Reference Stack Development: Work is already underway to prototype the firmware, visit the project on GitHub for updates.
  

A Growing Ecosystem

OpenPRoT is not just a project—it’s a movement. A growing ecosystem of companies has expressed interest in collaborating and building products that incorporate OpenPRoT technology. This collective effort underscores the industry’s recognition of the importance of securing the foundational layers of computing systems.

By fostering collaboration and innovation, OpenPRoT is creating a vibrant community dedicated to advancing platform security through transparency and interoperability.

Call to Action: Get Involved with OpenPRoT

OpenPRoT is a community-driven project, and your involvement can make a difference. Here’s how you can contribute:

• Contribute to the Project: Help develop new features or add support for your PRoT implementation.
• Provide Feedback: Share your insights on the code and documentation to improve the project.
  • Code Repository: GitHub
  • Documentation: OpenPRoT Documentation
• Adopt OpenPRoT: If your design includes a PRoT chip, consider integrating OpenPRoT to enhance security and transparency.

Conclusion

OpenPRoT represents a bold step forward in the quest for secure and trustworthy computing environments. By combining open standards, open-source principles, and industry collaboration, OpenPRoT is poised to become a cornerstone of platform security. As cyber threats continue to evolve, initiatives like OpenPRoT offer a powerful strategy for building trust and resilience in the foundational layers of technology.

Join the OpenPRoT movement today and be part of shaping the future of platform security.

© 2025 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective owners. Certain AMD technologies may require third-party enablement or activation. Supported features may vary by operating system. Please confirm with the system manufacturer for specific features. No technology or product can be completely secure.