Security Icon

Security

CryptoManager Root of Trust

The CryptoManager Root of Trust is a family of fully-programmable hardware security co-processors that offers security by design. It protects against a wide range of attacks with state-of-the-art anti-tamper and security techniques.

ModelConfigurationDescription
RT-610CompactMost space-efficient CMRT co-processor
RT-620FullSecurity capability and space-efficient balanced co-processor
RT-630Cloud/AI/MLCloud, Artificial Intelligence and Machine Learning security co-processor
RT-650FIPS 140-2FIPS 140-2 compliant security co-processor
RT-660GovernmentHigh-security, government-application focused
RT-670MilitaryHighest-grade security co-processor for military use cases
RT-730AutomotiveISO-26262 ASIL-D automotive security co-processor

How the Root of Trust Works

The CryptoManager Root of Trust is an independent hardware security co-processor for integration into semiconductor devices, offering secure execution of user applications, tamper detection and protection, and secure storage and handling of keys and security assets. The Root of Trust offers chipmakers a siloed approach to security; while located on the same silicon as the main processor, the secure processing core is physically separated. A layered security approach enforces access to crypto modules, memory ranges, I/O pins, and other resources, and assures critical keys are available through hardware only with no access by software.

CryptoManager Root of Trust diagram

Offering true multiple root of trust capabilities, each individual application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. OEMs can determine access levels and permissions for each and all processes operating within the secure processor. Applications are siloed from each other, ensuring the best approach to security.

Readily deployable, the Root of Trust is offered in multiple off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained, 3rd party certification and standard compliance, and levels of DPA resistance.

FeatureDescriptionRT-610RT-620RT-630RT-650RT-660RT-670RT-730
Application FocusExample ApplicationsIoTSoCAI/CloudFIPS SoCGov.MilitaryAutomotive
FIPS CAVPFIPS 140-2 CAVP       
DPA ResistanceAsymmetric RSA/ECC       
DPA ResistanceAES – 3DES – HMAC  
OTPInterface – APB       
FMCFeature Management Core      
CCCanary Core Monitor     
3DES HW3DES Core, ECP Mode  
Suite A PlaceholdersSuite A Placeholders 
Automotive StandardISO 26262 ASIL-D 
Whirlpool HWWhirlpool Hash Core 
Public KeyPublic Key Core16×1632×3264×6464×6464×6464×6432×32
AES HWECB, CBC, CTR Modes – Max Key Size (bits)128256256256256256256
AES-GCM HWECB, CBC, CTR GCM Modes – Max Key Size (bits)256256256256256
HMAC-SHA2 HWSHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits)256256512512512512512
ECC HWMax Curve Size (bits)256256521521521521521
RSA HWMax Exponent Size (bits)2048204840964096409640964096
RBG HWStandard (STD) or NISTSTDSTDNISTNISTNISTNISTNIST
I/O PerformanceThroughput (Gbps)1288888
Crypto PerformanceCrypto/Hash Performance (Gbps)0.4122222
DMAStandard (STD) or Multi-channel (MC)STDMCMCMCMCMCMC
I/O BusAMBA Bus Master/Slave (32b AHB or AXI)AHBAHBAXIAXIAXIAXIAXI
Multiple Roots of TrustRoots/Key Splits2/23/34/84/84/84/84/8

Included with the Root of Trust are a series of standard secure applications (“containers”) to speed development, including secure boot, identity management, HSM reference, and others.

Part of the comprehensive CryptoManager Security Platform that includes embedded cores, key provisioning infrastructure and infield services, the Root of Trust provides the highest level of end-to-end security at all stages of the chip lifecycle for applications spanning defense, automotive, artificial intelligence/machine learning, cloud, and general-purpose semiconductor.

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.
Download White Paper

Solution Offerings

Superior Security

  • Hardware root of trust featuring a custom 32-bit RISC-V processor
  • Secure in-core processing and industry-leading anti-tamper protections
  • Built-in tamper detection and resistance to side-channel attacks (configuration-dependent)
  • Multi-layered security model provides protection of all components in the core
  • FIPS 140-2 CAVP certified
 

Enhanced Flexibility

  • 3rd-party applications run securely within trusted boundary, each with its own assigned security permissions
  • Complete development environment allows OEMs and users to easily develop secure applications (”containers”); standard use case application containers provided
  • Support for secure provisioning of keys and firmware at manufacturing or in the field
  • Support for multiple roots of trust within a single secure core
 

Security Models

  • Hierarchical privilege
  • Secure key management policy
  • Hardware-enforced isolation/access control/protection
  • Error management policy
 

Cryptographic Accelerators

  • Includes AES, HMAC, RSA, ECC, RBG (configuration-dependent)
 

Security Modules

  • Canary logic for protection against glitching and overclocking
  • Secure key derivation and key transport
  • Life cycle management
  • Secure test and debug
  • Feature management

Complete Documentation

  • Hardware integration guide
  • Hardware and software reference manuals
  • Programming guides
 

Tools and Scripts

  • Verilog for synthesis and simulation
  • All scripts and support files needed for standard EDA tool flows integration deliverables
 

Integration Deliverables

  • Complete verification test bench and comprehensive set of test vectors
  • Container-authoring software
  • Boot loader and firmware, including secure RTOS and security monitor
  • HLOS APIs for accessing capabilities
  • Complete development environment, including compiler, assembler, debugger, simulator, reference code
  • Available FGPA-based development board
 

Secure Applications Deliverables

  • QEMU implementation (source code)
  • Implementation of HLOS or ASIC components (source code)
  • Sample application demonstrating usage of Secure Application
  • Documentation
    • Software Architecture
    • HLOS Programmer’s Guide
    • Developer’s Guide
    • API Guide
    • Integration Guide
Secure ApplicationDescription
Linux Secure BootImplements secure boot for Linux OS, secured by the Root of Trust co-processor
Linux Secure FOTAImplements secure Firmware Over the Air (FOTA) updates for Linux OS
ASIC Secure BootUses the Root of Trust co-processor to assist in the secure boot process of ASICs and FPGAs
Secure Data StorageUses the Root of Trust co-processor to protect user credentials or biometric templates
Open SSL HardeningHardens the OpenSSL crypto operations via the Root of Trust secure co-processor
Reference HSMImplements a basic HSM supporting AES, HMAC, SHA256, ECDSA, X.509 certificates and secure storage
Unique ID GeneratorCreates a Root of Trust unique ID and stores it in the Root of Trust NVM (Non Volatile Memory)

Related Markets & Applications

FREE Webinar: Secure Silicon IP Series: Complexity vs. Security