How Open-Source Frameworks Are Quietly Displacing Proprietary Security IP Blocks in the Cloud

In October 2025, the CHIPS (Common Hardware for Interfaces, Processors and Systems) Alliance, established in 2019, released the latest RTL (version 2.1) for Caliptra, an open-source integrated Root of Trust (RoT) block that consists of Intellectual Property (IP) and firmware that is being leveraged in cloud infrastructure to secure workloads. The release integrates Adams Bridge 2.0, a Microsoft-developed open-source Post-Quantum Cryptography (PQC) accelerator IP core that can implement ML-KEM 1024 and ML-DSA 87, two of the recently National Institute of Standards and Technology (NIST) standardized PQC algorithms. This makes the algorithms available for use in cloud systems leveraging Caliptra 2.0, which includes side channel countermeasures to boot. Other additional features in the new release include ownership transfer of owner-endorsed code integrity, streaming book for resilient recovery and Open Compute Project (OCP) L.O.C.K. (Layered Open-source Cryptographic Key-management). The Caliptra RoT is being increasingly embedded by Cloud Service Providers (CSPs) and this latest future-proofing release reveals a long-term integration strategy for the open-sourced specification.

The Caliptra specification, originally born under the auspices of the OPC, is now run as a joint project with the CHIPS Alliance. The latter is focused on harmonizing hardware implementations in silicon, Application-Specific Integrated Circuits (ASICs), and Field Programmable Gate Arrays (FPGAs), including those leveraging RISC-V cores, through the development of IP blocks, both in hardware and software, under an open source (Apache 2) license. Most of the activity is largely focused on implementations for the cloud. Core members include AMD, Google, Intel, Microsoft, SiFive, Antmicro, Futurewei, VeriSilicon, Marvell, Cisco, Microchip, NVIDIA, Synopsys, and Western Digital, among others.

Caliptra itself was initiated by Microsoft, AMD, Google, and NVIDIA, and targeted for use on-die in Systems-on-Chip (SoCs) destined for data centers (e.g., Central Processing Units (CPUs), Graphics Processing Units (GPUs), Data Processing Units (DPUs), and Tensor Processing Units (TPUs)). The ultimate goal is for Caliptra to deliver identity, measured boot, authentication, and attestation capabilities to workloads via the SoC. This would enable workloads and the Virtual Machines (VMs) they run inside, for example, to make use of a hardware RoT, providing high-assurance guarantees on verifying code and establishing trust with the underlying platform, paving the way for cloud providers to offer sovereign workloads that can meet a high bar (i.e., federal-level security).

Effectively, Caliptra is performing functions that have, to date, been provided as proprietary IP built into SoCs. These proprietary IP blocks have traditionally been the prerogative of PC and server chip makers such as Intel (with its range of below the Operating System (OS) technologies, such as BIOS, Boot and Firmware Guard, PTT, TXT, System Security Report, System Resources Defenses, Fault Injection Detection, and, most recently, TDX) and AMD (through Secure Boot, SKINIT and Secure Loader, SMM Supervisor, SEV-SNP, and EPYC), among others. It’s an easy step to make it to cloud-based data centers for these technologies, and today they form the base of the secure hardware used by most CSPs. Typically, they help secure and isolate workloads across cloud compute assets (VMs, containers, etc.) where needed. Often, these functionalities are offered at a premium, but with increased cybersecurity and data protection regulations on the rise globally, and a trend toward sovereign clouds and confidential computing, there is growing demand for these to become more standardized offerings.

CSPs are keen to ensure they can provide these, and at cost. What better way to ensure that than by investing on efforts to control the bottom of the stack? Currently, the use of open-source RoT is uncommon in the PC and server space, but CSPs are highly invested in reversing that status quo. But building proprietary IP blocks to these ends is costly and will create significant friction with the hardware providers of their infrastructure. The open-source route presents a very interesting opportunity to advance their goals without ruffling too many of their OEM partners.

Toward this goal, AWS, Google, and Microsoft have all been working on custom security chips with open-source elements. AWS Nitro is a hardware RoT (while the Nitro System itself is proprietary, several Nitro Enclaves components and Software Development Kits (SDKs) are open source). Google Titan (based on OpenTitan) is another open source silicon RoT. Microsoft is heavily focused on Caliptra, and has further developed Azure Boost (a custom SoC that acts like a security controller) and Azure integrated Hardware Security Module (HSM) (for encryption/signing/verification of workloads). These are all focused on secure boot and attestation, initializing security chains for their broader confidential computing plays.

Conceptually, Caliptra is displacing the fragmented landscape of proprietary RoT designs with an open and reusable RoT IP that can be adopted by various hardware vendors (CPU, GPU, even Solid State Drive (SSD)). Caliptra, and similarly OpenTitan and AWS Nitro, stand as alternatives in high assurance cases where platforms lean heavily on hardware RoTs that are primarily served by proprietary offerings. These partially open-source silicon IP blocks are shaping up to be powerful and feature-rich contenders, especially if they are being integrated into the broader confidential compute and sovereign cloud offerings from the CSPs.

There is a clear threat to providers of proprietary security IP, though CSPs are careful to curate partnerships with OEMs in their open-source efforts, encouraging them to be active participants in this movement to ensure complementarity. Proprietary IP providers risk being pushed out in favor of other vendors that are embracing CSPs’ RoT efforts; this would be a mistake. The CSPs’ open-source elements still tie into proprietary technologies, whether at the silicon level or higher up the stack (above the OS, and in firmware).

NVIDIA, for example, offers a proprietary secure boot and RoT for each silicon family that goes into its GPUs and DPUs, but it is also a founding member of Caliptra, as is AMD. They are keen to ensure that both options remain available to them in the cloud play. Not every implementation may use Caliptra exclusively; flexibility and choice will be key competitive advantages. Marvell and Nuvoton, both providing security-focused semiconductors (HSM for cloud and Trusted Platform Modules (TPMs) for Personal Computers (PCs), respectively) are implied adopters of Caliptra. While no individual product lines have been announced yet from any of the vendors, ABI Research expects things to accelerate in 2026.

The open-source movement is infecting the broader cloud infrastructure movement, and that is not a bad thing. An RoT is just the start of a chain of trust from which other security services can be provided. Microsoft, for example, is working on Project Kirkland, another open-source effort to secure the link between a CPU’s RoT and a discrete TPM. The AMD driven OpenPRoT project is a platform RoT firmware stack meant to be layered over Caliptra for servers and accelerators. Other interesting projects from the CHIPS Alliance, OPC, and Confidential Computing Consortium (CCC) focus on TEE functionality, such as Open Enclave SDK, Enarx (encrypting data in use inside a TEE), Keystone (RISC-V TEE framework), Iselt (for Arm architectures), Confidential Containers (CNCF), and Kata Containers all aim to provide open-source attestation and TEE tooling (though most of these sit on top of vendor TEEs). There is a place for open source in the cloud market; it does not have to displace proprietary altogether. Security IP providers do not have much of a choice anyway; CSPs dictate the direction, so IP providers will need to fall in line. But there are plenty of ways they can leverage the movement to their advantage and provide complementary solutions that also work in their favor.