Robust security starts with the design of the SoC and continues with the manufacturing supply chain. Our CryptoManager™ Security Engine is a high-security silicon IP core that is integrated into the SoC of an intelligent device, such as the application processor of a smartphone or a tablet. It includes a hardware root-of-trust, providing the device with a secure endpoint. The Security Engine addresses critical device security needs, including the provisioning and management of cryptographic keys, authorization of debug modes, and programming across manufacturing stages, including wafer test, package test, device assembly, and return authorization.
Related to the inherent complexities and costs associated with building a brand new chip, fabless chip manufacturers are under constant pressure to improve operating efficiencies while, at the same time, satisfying OEM customer requirements. As such, large OEM customers requesting personalization, customer specific data preparation and feature customization of standard parts challenge the chipmakers ability to minimize inventory overhead and improve operating efficiencies.
Customer specific personalization services may be accomplished with a high degree of visibility and audit tracking controls that are secured by the CryptoManager solution for each step in the manufacturing supply chain.
For example (see Figure 1), if three OEM customers of a SoC manufacturer each request different feature configurations and/or data preparations for a standard SoC product, the SoC manufacturer needs to figure out how to support three customerspecific part types without creating three different SKUs.
Device personalization creates complexity in manufacturing and in inventory management. With multiple SKUs for standard products, managing inventory for each step requires accurate forecasts and discrepancies can result in wasted silicon or delays in fulfilling orders (see Figure 2)
In this case, pushing the personalization processing step to the end of the manufacturing flow just prior to or, in some cases after delivery to the customer, mitigates the impact on inventory and operations (See 3).
With mobile devices housing more and more sensitive data that is utilized in a wide variety of applications, chip and device companies must meet the complex security requirements for each potential use case or capability. Most security measures require the injection of secret identity data and cryptographic keys. Currently, cryptographic keys are provisioned in the open without encryption on test equipment which is operated by third party contract manufacturers. These current provisioning methods expose chip manufacturers to liability and risks for any security breach that occurs within their supply chain.
Utilizing the CryptoManager Root of Trust hardware IP Core, SoC architects have a built-in design for the secure provisioning of cryptographic keys during chip manufacturing. For OEM device manufacturing, this feature also enables remote secure key provisioning at the ODM (Original Device Manufacturer).
When chips are shipped into the field, it is required that test features, needed to test the chip during manufacturing, must be securely disabled (see Figure 1 below). If left enabled in the field, these test and debug ports could provide a back door into the device that could be used maliciously to read sensitive keys and other sensitive data from the device. These test features must be disabled when the part ships into the field, but must also be securely enabled later when defective parts are returned through the RMA (Return Merchandise Authorization) channel for failure analysis.
To prevent misuse of debug modes (e.g. BIST, scan, JTAG), the CryptoManager Root of Trust can be connected to the debug mode enable, which defaults to an off (safe) setting. The Root of Trust can selectively enable debug features as needed, for example:
- At specified manufacturing stages (wafer test, package test), necessary debug capabilities can be temporarily enabled
- In the case of a defective chip or device, debug capability can be re-enabled for Return Merchandise Authorization (RMA) and Failure Analysis (FA)
Once the debug is completed, the Root of Trust will disable the debug mode. The CryptoManager solution provides a method for chip and device companies to authenticate the device and authorize the provisioning of the debug enable/disable operation for each device.