The MACsec-IP-361 is a plug-and-play solution for adding MACsec on the xMII side of an Ethernet subsystem. It is ISO 26262 ASIL-B Ready certified and ideally positioned for designs where the MAC function is tightly integrated with the system-side, for example DMA-MAC Ethernet controllers or switch core IP with integrated MAC modules.
With the MACsec-IP-361, silicon vendors can add line-rate MACsec function using the industry-standard interfaces and achieve seamless operation with an existing Ethernet controller subsystem.
MACsec solution for integration between MAC and PCS side supporting 1GbE to 50GbE rates with optional TSN support (including IEEE803.2br).
For MACsec function integrates the MACsec-IP-161 with all IEEE MACsec standards supported. Optional Cisco ClearTags.
Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management
The MACsec-IP-361 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments (if preemption support is included). It contains a flexible classifier with a table of programmable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.
The MACsec-IP-361 engine operates as a fixed delay component at the xMII side, preserving accuracy of PTP timestamping and TSN scheduling created by the TSN MAC subsystem. Its operation is transparent for non-packet related information that is sent over the xMII bus.
The target integration would be instantiating the MACsec-IP-361 between an Ethernet MAC and a PCS. The PCS function may reside in a different device, for example, in the PHY. For egress direction, the MAC must be programmed to reserve space for MACsec expansion for example by stretching the IPG or managing the packet rate accordingly.
SA and Classification Scaling
Default Protocol Support
Automotive Functional Safety
NIST CAVP compliance for FIPS 140-3 validation
For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.