Security Icon


CryptoManager Root of Trust

The CryptoManager Root of Trust is a fully-programmable hardware security core that protects against a wide range of attacks with state-of-the-art anti-tamper and security techniques to offer vendors security by design.

How the Root of Trust Works

The CryptoManager Root of Trust is an independent hardware security block for integration into semiconductor devices, offering secure execution of user applications, tamper detection and protection, secure storage and handling of keys and security assets, and resistance to side-channel attacks. The Root of Trust offers chipmakers a siloed approach to security; while located on the same silicon as the main processor, the secure processing core is physically separated. A layered security approach enforces access to crypto modules, memory ranges, I/O pins, and other resources, and assures critical keys are available through hardware only with no access by software. Readily deployable, the Root of Trust is easily integrated with industry-standard interfaces and system architectures. It includes hardware cryptographic accelerators for standard algorithms such as AES, SHA, RSA, ECDSA and ECDH, and can be customized for an OEMs unique requirements.

CryptoManager Root of Trust diagram

Offering true multiple root of trust capabilities, each individual application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. OEMs can determine access levels and permissions for each and all processes operating within the secure processor. Applications are siloed from each other, ensuring the best approach to security.

Part of the comprehensive CryptoManager Security Platform that includes embedded cores, key provisioning infrastructure and infield services, the Root of Trust provides the highest level of end-to-end security at all stages of the chip lifecycle for applications like IoT, automotive, sensors, and connectivity.

The CryptoManager Root of Trust

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.
Download White Paper

Solution Offerings

Superior Security

  • Hardware root of trust featuring a custom 32-bit RISC-V processor
  • Secure in-core processing and industry-leading anti-tamper
  • Built-in tamper detection and resistance to side-channel attacks
  • Multi-layered security model provides protection of all components in the core

Enhanced Flexibility

  • 3rd-party applications run securely within trusted boundary, each with its own assigned security permissions
  • Complete development environment allows OEMs and users to easily develop secure applications leveraging all capabilities of the core
  • Support for secure provisioning of keys and firmware at manufacturing or in the field
  • Support multiple roots of trust within a single secure core

Security Models

  • Hierarchical privilege
  • Secure key management policy
  • Hardware-enforced isolation/access control/protection
  • Error management policy

Cryptographic Accelerators

  • Standard AES, SHA, Public Key Engine (implementing RSA & ECC)
  • Optional 3DES, ChaCha20, Whirlpool, DPA-resistant crypto engines and proprietary entropic array logic

Security Modules

  • True Random Number Generator
  • Canary logic for protection against glitching and overclocking
  • Secure key derivation and key transport
  • Life cycle management
  • Secure test and debug
  • Feature management

Complete Documentation

  • Hardware integration guide
  • Hardware and software reference manuals
  • Programming guides

Tools and Scripts

  • Verilog for synthesis and simulation
  • All scripts and support files needed for standard EDA tool flows Integration Deliverables

Integration Deliverables

  • Complete verification test bench and comprehensive set of test vectors
  • Container-authoring software
  • Boot loader and firmware, including secure RTOS and security monitor
  • HLOS APIs for accessing capabilities
  • Complete development environment, including compiler, assembler, debugger, simulator, reference code
  • Available FGPA-based development board

Use Cases

Security Icon


Large OEM customers requesting personalization, customer specific data preparation and feature customization of standard parts challenge the chipmakers ability to minimize inventory overhead and improve operating efficiencies.

Security Icon

Secure Key Provisioning

With mobile devices housing more and more sensitive data that is utilized in a wide variety of applications, chip and device companies must meet the complex security requirements for each potential use case or capability.
Security Icon

Debug Access Control

The CryptoManager solution provides a method for chip and device companies to authenticate the device and authorize the provisioning of the debug enable/disable operation for each device.

Related Markets & Applications