RISC-V open-source systems are emerging in deployment scenarios where safety and security are critical. OpenTitan is an open-source silicon root-of-trust designed to be deployed in a wide range of systems, from high-end to deeply embedded secure environments. Despite the availability of various cryptographic hardware accelerators that make OpenTitan suitable for offloading cryptographic workloads from the main processor, there has been no accurate and quantitative establishment of the benefits derived from using OpenTitan as a secure accelerator. This paper addresses this gap by thoroughly analysing strengths and inefficiencies when offloading cryptographic workloads to OpenTitan. The focus is on three key IPs - HMAC, AES, and OpenTitan Big Number accelerator (OTBN) - which can accelerate four security workloads: Secure Hash Functions, Message Authentication Codes, Symmetric cryptography, and Asymmetric cryptography. For every workload, we develop a bare-metal driver for the OpenTitan accelerator and analyze its efficiency when computation is offloaded from a RISC-V application core within a System-on-Chip designed for secure Cyber-Physical Systems applications. Finally, we assess it against a software implementation on the application core. The characterization was conducted on a cycle-accurate RTL simulator of the System-on-Chip (SoC). Our study demonstrates that OpenTitan significantly outperforms software implementations, with speedups ranging from 4.3x to 12.5x. However, there is potential for even greater gains as the current OpenTitan utilizes a fraction of the accelerator bandwidths, which ranges from 16% to 61%, depending on the memory being accessed and the accelerator used. Our results open the way to the optimization of OpenTitan-based secure platforms, providing design guidelines to unlock the full potential of its accelerators in secure applications.

翻译：RISC-V开源系统正逐渐应用于安全关键场景。OpenTitan作为开源硅信任根，专为高端到深度嵌入式安全环境中的各类系统而设计。尽管OpenTitan配备了多种密码硬件加速器，使其能够分担主处理器的密码计算负载，但目前尚无精确量化研究证明将其用作安全加速器的实际效益。本文通过深入分析密码计算负载卸载到OpenTitan时的优势与效率不足，填补了这一空白。研究聚焦于三个关键知识产权模块——HMAC（哈希消息认证码）、AES（高级加密标准）和OpenTitan大数加速器（OTBN），这些模块可加速四种安全负载：安全哈希函数、消息认证码、对称密码学和非对称密码学。针对每种负载，我们为OpenTitan加速器开发了裸机驱动程序，并分析了当计算任务从面向安全信息物理系统应用的片上系统RISC-V应用核心卸载到加速器时的效率。最后，我们将其与应用核心上的软件实现进行了对比评估。表征工作在片上系统的周期精确RTL模拟器上进行。研究表明，OpenTitan显著优于软件实现，加速比达到4.3倍至12.5倍。然而，当前OpenTitan仅使用了加速器带宽的16%至61%（取决于访问的内存和使用的加速器），表明仍有巨大优化潜力。我们的研究结果为基于OpenTitan的安全平台优化开辟了新路径，并提供了设计指南以释放其加速器在安全应用中的全部潜力。