At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.

Products
- - Chips
  - Memory Interface Chips
    - DDR5 Chipset
    - DDR4 Chipset
  - CXL Memory Initiative
- - Silicon IP
  - Interface IP
  - PCI Express
  - CXL
  - MIPI
  - HBM
  - GDDR
  - LPDDR
  - DDR
  - VESA Video Compression
  - Forward Error Correction
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Solutions
- - By Market
  - AI & Machine Learning
  - Automotive
  - Data Center
  - Edge
  - Government
  - IoT
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Resources
- - Resource Library
  - Our library of informational videos, papers, presentations, and more
  - Webinars
  - Check out our library of upcoming and on-demand webinars
- - Inventions
  - Explore innovations that enable the superior performance of Rambus solutions
  - Certifications
  - Certified silicon IP solutions tailored to the specific needs of some of the world’s most demanding applications
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Company
- - About
  - Corporate Overview
  - Leadership
  - Inventors
  - Careers
  - Locations
  - Investor Relations
- - News & Media
  - Newsroom
  - Blog
  - Events
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
- English

Secure Boot

Home > Security IP > Software Protocols > Secure Boot

The Rambus Secure Boot solution (formerly from Inside Secure) provides tools for integrating security into an embedded device’s system boot sequence. The Secure Boot solution uses strong cryptography to protect the boot process of SoCs and application processors.

Contact

Supports multiple flexible bootstrap stages

Support of third-party signing through certificates

Support for hardware acceleration, key storage and anti-rollback

How the Secure Boot works

The Secure Boot solution protects the device boot sequence by providing the following security layers:

Integrity + Authenticity:

This layer ensures that the system only boots images that are from a trusted source, without any changes introduced to the images. Thus, this layer protects against tampering.

Confidentiality + Anti-Cloning:

This layer protects images from being examined by encrypting the image using strong cryptography. By using product-line specific encryption keys, the protected images are also prevented from being used on other product lines.

Anti-Rollback:

This layer enforces a secure firmware update by protecting against installing of images that are revoked. It prevents a hacker to use an old image with known vulnerabilities, which have been fixed in maintenance updates.

Features

Included Components

Secure Boot ROM code libraries to embed in the boot loader(s)
The Secure Boot Image Generation Tool to sign and encrypt the images

Cryptographic Algorithms

Hash algorithms: SHA-244/SHA-256
Asymmetric Crypto algorithms: ECDSA (P224 & P256)
Symmetric Crypto algorithms: AES (128-256)

Support for Rambus Security Cores and Hardware Root of Trust

Asymmetric Crypto acceleration only:
– PKA-IP-28
– PKA-IP-150
Symmetric Crypto acceleration only:
– PacketEngine-IP-93
Asymmetric and Symmetric Crypto acceleration with strict Asset Protection and Rollback protection:
– VaultIP Platform Security Solutions

Support for Certificates

The Secure Boot solution supports use of certificates. The use of certificates allows the creator of the secure boot loader (the chip manufacturer) to delegate the secure boot image signing to device manufacturers. The alternative to using certificates is using multiple boot loader stages.

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.