OpenTitan Earl Grey 2 to support CHERI and PQC
The Earl Grey 2 hardware root-of-trust (RoT) is designed to withstand AI-accelerated and quantum computer attacks for a more secure future.
CAMBRIDGE, UK – 14th July 2026 – OpenTitan®, the world’s leading open-source project for secure hardware, has published its engineering roadmap. Following the success of the discrete RoT Earl Grey (shipping in Chromebooks) and the integrated RoT Darjeeling, OpenTitan is addressing the new security challenges introduced by Artificial Intelligence and future quantum computers.
Earl Grey 2 introduces four key benefits:
- Support for Capability Hardware Enhanced RISC Instructions (CHERI), which provides scalable memory isolation and memory safety embedded in hardware
- Security-hardened and optimized Post-Quantum Cryptography (PQC) compatible with CNSA 2.0, through extensions to its crypto accelerators
- Advanced control plane I/O with the addition of an I3C controller and target to address peripheral bottlenecks
- Greater efficiency, reducing area and power consumption through process node updates, compressed instructions, IP block optimizations and power domain splitting
Scalable memory isolation and hardware memory safety with CHERI
Recent improvements in AI technology are being leveraged to find and exploit new vulnerabilities in existing and new software stacks, with more than half of such vulnerabilities relating to spatial and temporal memory safety.
CHERI technology brings a revolutionary, preventive approach to silicon security by enabling fine-grained memory protection and highly scalable software compartmentalization. CHERI replaces traditional, easily manipulated pointers with hardware-protected capabilities augmented with bounds and permissions, eliminating entire classes of memory vulnerabilities directly at the hardware layer, and greatly constraining the impact of any successful attacks.
OpenTitan is implementing a CHERIoT configuration in its Ibex® processor, a specific derivative tailored for highly constrained embedded devices. A CHERIoT-Ibex implementation has been available on the Sonata Platform since 2023, which has fostered the maturity of the CHERI software ecosystem.
By implementing optional CHERI support, OpenTitan enables users to adopt CHERI technology at their own pace. Existing users who already have certified software relying on traditional ePMP can take advantage of the other features in Earl Grey 2 without software changes, while new users can benefit from CHERI’s advantages from the start.
Post-quantum cryptography
Because future quantum machines are expected to easily solve the mathematical problems underpinning traditional asymmetric cryptographic algorithms, standards bodies like NIST have approved quantum-resistant alternatives such as ML-DSA and ML-KEM. Legislative organizations are now urging entities to transition to these new algorithms to ensure continued digital security.
Implementing new PQC algorithms presents optimization and hardening challenges. These new methods require larger keys and more computational cycles, making them difficult to fit on resource-constrained devices. Furthermore, protecting these implementations from physical vulnerabilities like side-channel and fault-injection attacks requires additional expertise and effort. To meet CNSA 2.0 compliance, OpenTitan is overhauling its dedicated programmable cryptographic coprocessor and implementing security hardened PQC algorithms.
I3C controller and target
As modern electronic devices pack more sensors, memory chips, and complex peripherals into smaller spaces, traditional interfaces like I2C and SPI can create bottlenecks. I3C was specifically designed to solve these issues by consolidating the benefits from these two standards into a new specification.
The OpenTitan project is implementing a new combined I3C controller and target, which will enable it to connect to a new range of peripherals, particularly in data centers.
Earl Grey 2 discrete hardware root of trust
OpenTitan partners are working on a new top-level, Earl Grey 2, as the first vehicle to bring the benefits of the roadmap to market. This first commercial deployment will be critical to prove the quality and maturity of the IP.
Earl Grey 2 is an evolution of the existing discrete RoT design Earl Grey, which is already in mass production. Thanks to a change in process node, together with code size and IP block area optimizations, OpenTitan will deliver the greatly enhanced Earl Grey 2 in a similar die size.
Earl Grey 2 design is being upstreamed now, and expected to continue in the open throughout H2 2026 and H1 2027.
About OpenTitan and lowRISC
Hosted by lowRISC C.I.C., a not-for-profit company based in Cambridge, UK, OpenTitan provides a transparent and trustworthy secure silicon platform. OpenTitan® is the world’s most active and widely adopted open-source silicon project, containing commercial-grade IP blocks and security certified hardware Root of Trust designs.
FAQs
Does Earl Grey 2 render the original Earl Grey obsolete?
Earl Grey 2 is intended as a replacement for Earl Grey, since it provides a superset of its capability. When there is a technology upgrade you expect two (sometimes more) generations to co-exist for a period of time. Once Earl Grey 2 is proven in the market, it will be recommended for new integrations.
Why is it necessary to upgrade the OpenTitan hardware to implement PQC?
OpenTitan implements accelerators to handle encryption and decryption in hardware. This makes those operations faster and less energy intensive, and it ensures that the encryption key is not accessible by software. PQC algorithms are larger and more complex, so OpenTitan has been updated not only to implement larger memories, but also to have faster accelerators.
Why did the original Earl Grey not implement full PQC support?
Some of the PQC algorithms supported in Earl Grey 2 only became a standard as recently as August 2024. Since the original Earl Grey implemented some PQC support in the form of SLH-DSA, it made sense to wait until PQC standards settled before making a major upgrade in the silicon.
Can existing quantum computers hack my online transactions today?
No current quantum computers are too small to break modern cryptography. The introduction of PQC is to prevent problems caused by potentially very large future quantum computers. The main risk today is one of data harvesting, where transactions are recorded today to try to decrypt them in the future (with future quantum computers).
Why is it necessary to add further memory safety protection in a hardware RoT?
The software stack in a hardware root of trust is small and heavily tested, which means that it already offers good protection against software attacks. However, threats continue to increase, particularly with hackers now being able to use AI to be more effective. Adding extra protection in the hardware, and finer grain compartmentalization in the code, greatly increases the protection against software attacks and reduces the impact of a successful attack.
Where can I access the Earl Grey 2 design?
The Earl Grey 2 top level design is part of the OpenTitan repository, hosted in GitHub, and is released under a business friendly Apache 2.0 license.
Who should I contact to find out more?
lowRISC are the stewards and maintainers of OpenTitan, and can be contacted on info@lowrisc.org.
Related Semiconductor IP
- PUF-based Post-Quantum Cryptography (PQC) Solution
- Highly configurable HW PQC acceleration with RISC-V processor for full CPU offload
- Agile PQC Public Key Accelerator
- Highly configurable HW Lattice PQC ultra acceleration in AXI4 & PCIe systems
- Single instance HW Lattice PQC ultra accelerator
Related News
- ASIC Architect Announces the Availability of PCI Express Gen 2 Controller Cores
- Lattice Announces ispLEVER 7.0 Service Pack 2 FPGA Design Tool Suite
- PLDA Announces Immediate Availability of PCIe Gen 2 FPGA IP Design for Altera's Stratix II GX
- GCT Semiconductor Announces the Industry's First Single-Chip Solution Supporting Both Mobile WiMAX IEEE 802.16e Wave 2 and WiFi 802.11 b/g
Latest News
- OpenTitan Earl Grey 2 to support CHERI and PQC
- TSMC June 2026 Revenue Report
- Quadric Extends Series C to $46M with Second Close led by World Bank's IFC
- ESD Alliance Reports Electronic System Design Industry Posts $5.7 Billion in Revenue in Q1 2026
- New JEDEC® SPHBM4 Standard Enables HBM4-Class Bandwidth on Organic Substrates