Last updated on: October 29, 2021 As explained in our “Secure Silicon IP Webinar Series“, a root of trust is the security foundation for an SoC, other semiconductor device or electronic system. However, its meaning differs depending on who you ask. For example, the hardware root of trust contains the keys for cryptographic functions and is usually a part of the secure boot process providing the foundation for the software chain of trust.
In this article:
- What is hardware root of trust?
- What are the types of a silicon-based hardware root of trust?
- What are the benefits of a programmable hardware root of trust?
- What features should a programmable hardware root of trust offer?
- What is the Rambus Root of Trust?
- How is the Rambus Root of Trust architected for security?
- Is there a Root of Trust configured for my application?
What is hardware root of trust?
A hardware root of trust is the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted, and therefore must be secure by design. The most secure implementation of a root of trust is in hardware making it immune from malware attacks. As such, it can be a stand-alone security module or implemented as security module within a processor or system on chip (SoC).
What are the types of a silicon-based hardware root of trust?
A silicon-based hardware root of trust falls into two categories: fixed function and programmable. Essentially, a fixed-function root of trust is a state machine. These are typically compact and designed to perform a specific set of functions like data encryption, certificate validation and key management. These compact, state machine-based root of trust solutions are particularly well suited for Internet of Things (IoT) devices.
In contrast, a hardware-based programmable root of trust is built around a CPU. Performing all the functions of a state machine-based solution, a programmable root of trust can also execute a more complex set of security functions. A programmable root of trust is versatile and upgradable, enabling it to run entirely new cryptographic algorithms and secure applications to meet evolving attack vectors.
What are the benefits of a programmable hardware root of trust?
The cybersecurity threat landscape is dynamic and rapidly evolving. Fortunately, a programmable hardware-based root of trust can be continuously updated to contend with an ever-increasing range of threats. Indeed, attackers are constantly finding new ways to exploit critical vulnerabilities across a wide range of applications and devices. Computers and network equipment are obvious targets for cyberattack, but in the highly interconnected world of the Internet of Things (IoT), devices such as connected door locks, home security systems, smart thermostats, security cameras, baby video monitors and smart appliances are all vulnerable.
Compromised IoT devices can be easily reprogrammed to stealthily violate consumer privacy, while connected appliances controlled by a remote attacker can potentially cause serious property damage. Moreover, compromised devices are susceptible to hijacking by botnets and can be exploited to attack other devices as well as critical internet infrastructure. As such, a programmable hardware-based root of trust should be considered for all connected devices to protect from current and future threats.
Keep reading: Learn about the important role a hardware root-of-trust plays in an anti-counterfeiting IC »
What features should a programmable hardware root of trust offer?
A programmable hardware root of trust should be purpose-built; specifically designed from the ground up to provide a robust level of security. Since the root of trust is a logical target for an attacker, it should be made as secure as possible to safeguard it from compromise. Capabilities should include:
Ensures that sensitive security functions are only performed within a dedicated security domain that is physically separated from the general-purpose processor. This paradigm allows the primary CPU to be optimized for architectural complexity and performance – with security functionality safely isolated in a physically separated root of trust.
Comprehensive Anti-Tamper and Side-Channel Resistance:
Protects against multiple fault injection and side-channel attacks.
Provides multiple layers of robust defense to avoid a single point of failure. Access to cryptographic hardware modules and other sensitive security resources are enforced in hardware, while critical keys are only available to hardware. Software security can be layered on top of a hardware-based root of trust, thereby providing additional flexibility and security.
Multiple Roots of Trust:
Ensures isolation of resources, keys and security assets. In real-world terms, this means each entity – such as a chip vendor, OEM or service provider – has access to its own ‘virtual’ security core and performs secure functions without having to ‘trust’ other entities. This allows individual entities to possess unique root and derived keys, as well as access only to specified features and resources such as OTP, debug and control bits. Moreover, support for multiple roots of trust enables the security core to assign or delegate permissions to other entities at any point in the device life cycle, while isolating (in hardware) unique signed apps that are siloed away from other programs.
Watch our ‘Secure Silicon IP Webinar Series’ : When One is Not Enough: Multiple Roots of Trust »
Keep on reading: That’s why I need Multiple Roots of Trust (+Examples) »
What is the Rambus Root of Trust?
Rambus offers a catalog of robust Root of Trust solutions, ranging from richly featured military-grade co-processors to highly compact state machines. With a breadth of solutions applicable from the data center to IoT devices, Rambus has a Root of Trust solution for almost every application.
Jump to: Root of trust solutions »
How is the Rambus Root of Trust architected for security?
The Rambus RT-600 series of Root of Trust hardware IP cores is built around Verilog RTL, which enables the customizable and modular root of trust to be easily integrated in any chip or FPGA design. Perhaps most importantly, the Rambus RT-600’s layered architecture provides the security of a hardware design with the flexibility of software.
Simplified Rambus RT-600 Series Root of Trust Block Diagram
The diagram above illustrates the basic architecture of the Rambus RT-600 series Root of Trust, including:
Purpose-built 32-bit CPU:
The CPU is a security optimized, configurable and multistage 32-bit RISC-V processor.
Multiple Bus Fabrics:
Connects various hardware modules within the Rambus Root of Trust. Note: There is a single bus that is completely dedicated to transporting and protecting sensitive keys from unauthorized software access.
Features multiple interfaces and a hardened memory protection unit. The Rambus Root of Trust’s SRAM – which stores secure assets in a memory region isolated from the rest of the system – also includes a small amount of read-only memory.
Key Transport Core:
Manages keys that may be used externally.
True Random Number Generator:
Generates true random numbers for multiple cryptographic algorithms and protocols.
Moves data in and out of the core.
Key Derivation Core:
Allows multiple keys to be derived for different applications – while keeping keys cryptographically isolated.
Includes three (by default) cryptographic engines: one for public key algorithms, elliptic curve and RSA; a hash engine; and an AES engine.
OTP Management Core:
Manages one-time programmable memory that is used for storing keys and other security assets.
As noted above, the versatile Rambus RT-600 series Root of Trust can be easily integrated into a wide range of silicon. Its standard interfaces include AMBA interface buses for communicating with registers (the control plane interface into the core), as well as an AHB bus that interfaces with system memory (data plane access). The Rambus RT-600 series Root of Trust also offers easy-to-use test interfaces of key buses for supplying keys to external logic, as well as I/O pins for managing various functions like chip features and alerts (controlling and monitoring external logic).
Additional key Rambus Root of Trust security features and capabilities include:
Self-Contained Secure Boot Mechanism:
Starts with a first-stage boot ROM that is synthesized into gates.
Offers comprehensive protection against various side-channel attacks such as Differential Power Analysis (DPA), Simple Power Analysis (SPA), Simple Electromagnetic Analysis (SEMA), Differential Electromagnetic Analysis (DEMA), Correlation Power Analysis (CPA) and Correlation Electromagnetic Analysis (CEMA). These side-channel countermeasures are present throughout the Rambus Root of Trust, including in the execution pipeline of the CPU itself.
Glitch and Fault Injection Attack Protection:
Protects against a full range of glitch and fault injection attacks.
Memory Protection Unit:
Locks at boot time and cannot be altered by malicious code.
Private SRAM and Isolated CPU Bus:
Prevents modification of the call stack and ensures control flow integrity.
The Rambus RT-600 series Root of Trust – which includes a complete firmware stack – also employs a layered security model for software utilizing privilege levels that are part of the RISC-V ISA. Put simply, these privilege levels are enforced on a hardware level, thereby effectively separating data between their respective layers. More specifically, the least privileged (least secure) layer is the user level, which is where user-written secure applications run. These applications can also be referred to as containers.
The next level is the supervisor level, where a Zephyr-based microkernel customized for security resides and runs. As expected, the highest privilege level is where the most secure code runs, with a security monitor overseeing the microkernel and containers, as well as their interaction with hardware. Although lower levels are more flexible, they are considered less secure. As such, the security monitor is specifically designed to provide a robust level of security protection for the software stack.
Is there a Rambus Root of Trust configured for my application?
There are Rambus Root of Trust solutions tailored to address the specific security requirements and certification standards of nearly every application:
- The RT-100 series of Root of Trust solutions are designed for use in power and space-constrained applications as in IoT devices. Featuring a state-machine architecture with dedicated secure memories, the RT-100 hardware Root of Trust cores provides a variety of cryptographic accelerators including AES, SHA-2 and ECC. There are versions which include SM2, SM3 and SM4 accelerators for the China market.
- The RT-630 is a fully programmable hardware security core offering security-by-design for cloud, AI/ML as well as general purpose semiconductor applications. It protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.
- The RT-640 and RT-645 are tailored for the automotive market offering ISO-26262 ASIL-B and ASIL-D implementations respectively. These support vehicle-to-vehicle and vehicle-to-infrastructure (V2X), advanced driver-assistance systems (ADAS) and infotainment uses.
- For government-focused chip designs, the RT-660 provides the highest level of protection for designs requiring FIPS 140-2 Cryptographic Module Validation Program (CMVP) certification.
Explore more primers:
– Compute Express link: All you need to know
– PCI Express 5 vs. 4: What’s New?
– Side-channel attacks: explained
– DDR5 vs DDR4 – All the Design Challenges & Advantages
– MACsec Explained: From A to Z
– The Ultimate Guide to HBM2E Implementation & Selection
Leave a Reply