Security IP icon

Security

Root of Trust Solutions

Providing a hardware-based foundation for security, Rambus offers a catalog of robust Root of Trust solutions, ranging from richly featured military-grade co-processors to highly compact state machines. With a breadth of solutions applicable from the data center to Internet of Things (IoT) devices, Rambus has a Root of Trust solution for almost every application.

SolutionBriefApplications
RT-100Download the Root of Trust RT-100 Product BriefIoT and IIoT devices, sensors, gateways
RT-121Download the Root of Trust RT-121 Product BriefIoT and IIoT devices, sensors, gateways for China market
RT-130Download the Root of Trust RT-130 Product BriefIoT devices, IoT servers, gateways, edge devices
RT-131Download the Root of Trust RT-131 Product BriefIoT devices, IoT servers, gateways, edge devices for China market
RT-140Download the Root of Trust RT-140 Product BriefIoT, IIoT and cloud-connected devices, sensors, gateways
RT-260Download the Root of Trust RT-260 Product BriefIoT, IIoT and cloud-connected devices, sensors, gateways
RT-630Download the Root of Trust RT-630 Product BriefSemiconductor, Cloud, AI/ML
RT-640Download the Root of Trust RT-640 Product BriefAutomotive ISO26262 ASIL-B
RT-645Download the Root of Trust RT-645 Product BriefAutomotive ISO26262 ASIL-D
RT-660Download the Root of Trust RT-660 Product BriefGovernment/DPA
RT-630-FPGADownload the Root of Trust for FPGAs Product BriefFPGA implementations
CSDKDownload the Root of Trust CSDK Product BriefSoftware development toolkit for secure applications
superior security icon

Superior Security

Provide a robust hardware foundation for security

Protect valuable secret keys, credentials and other sensitive data

Adapt to an evolving threat environment

Design Flexibility - Root of Trust benefit

Design Flexibility

Select a solution tailored to specific application needs

Programmable and fixed function architectures

Varying crypto and DPA protection capabilities

improved profitability icon

Improve Profitability

Reduce NRE and operating costs

Eliminate costs of compromised devices

Offer new services through programmability

State-Machine Root of Trust Solutions: RT-100 and RT-200 Series

Designed to be integrated in power and space-constrained microcontrollers or SoCs, the RT-100 and RT-200 Root of Trust cores are a family of FIPS 140-2 compliant hardware solutions that guard the most sensitive assets on chips and establish the foundation for platform security.

Featuring a state-machine architecture with dedicated secure memories, this Root of Trust family provides a variety of cryptographic accelerators, including AES, SHA-2 and ECC. Ideal for power and space-sensitive applications like IoT, edge, and industrial use, these Root of Trust cores offer the best balance of size and performance available on the market.

Configuration Options

FeatureDescriptionRT-100RT-121RT-130RT-131RT-140RT-260
Application FocusExample ApplicationsIoTIoT (CN)IoT/EdgeIoT/Edge (CN)IoT/CloudIoT/Cloud
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Check IconCheck IconCheck IconCheck IconCheck IconCheck Icon
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Check IconCheck IconCheck IconCheck IconCheck IconCheck Icon
OTP ManagementInterfaceCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
AES HWECB, CBC, CTR Modes – Max Key Size: 256 bitsCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
AES ModesAES-CCM, AES-CMAC, AES-GCM/GMAC (standard) AES-XTS (optional)Check IconCheck IconCheck IconCheck IconCheck Icon
Regional CryptoSM2/SM3/SM4Check IconCheck Icon
HMAC-SHA2 HWSHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits)256256512512512512
Public Key EngineRSA, ECC Acceleration Core16×1616×1632×3232×3232×3232×32
ECC HWMax Curve Size: 521 bitsCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
RSA HWMax Exponent Size: 3096 bitsCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
Random Number Generator HWNIST SP800 compliant TRNGCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
Optional CryptographyARIA, 3DES*, SHA-3, HMAC-SHA-3
*3DES is standard on RT-130, 131, 140
Check IconCheck IconCheck IconCheck Icon
I/O PerformanceThroughput (Gbps)112222
Crypto PerformanceCrypto/Hash Performance (Gbps) @500MHz112222
DMAStandard (STD) or Multi-channel (MC)Check IconCheck IconCheck IconCheck IconCheck IconCheck Icon
I/O BusAMBA Bus Master/Slave: AXI/AHBCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
OTP InterfaceInterface to 3rd-Party OTP: TCMCheck IconCheck IconCheck IconCheck IconCheck IconCheck Icon
Multiple Roots of TrustRoots/Key Splits111111
Security in the ARM Ecosystem cover

Security in the ARM Ecosystem

Building security in an SoC aiming to meet the goals set by the ARM Platform Security Architecture (PSA) is a complex matter. This is compounded by the complexity of modern-day SoCs comprising multiple processors, security domains and security levels. The Rambus root of trust provides a solid foundation for the SoC security architecture ticking ‘all the boxes’ for reaching the security goals, while offering extensive support for effective integration into a complex TrustZone-based SoC infrastructure.

Secure Co-Processor Root of Trust Solutions: RT-600 Series

The RT-600 series Root of Trust solutions are integrated as independent hardware security blocks in semiconductor devices to provide a hardware-based foundation for security. Once integrated into a semiconductor device, an RT-600 series core provides a secure environment for performing a wide range of security functions in a simple and cost-effective manner, providing enhanced security functionality while providing faster time-to-market and significant differentiation.

Configuration Options

FeatureDescriptionRT-630RT-640RT-645RT-660
Application FocusExample ApplicationsAI/ML/CloudAutomotiveAutomotiveFIPS/Gov
ProgrammableSecure Applications on embedded RISC-V CPUCheck IconCheck IconCheck IconCheck Icon
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Check IconCheck IconCheck IconCheck Icon
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Check IconCheck IconCheck IconCheck Icon
DPA ResistanceRSA & ECC PKI operationsCheck IconCheck IconCheck IconCheck Icon
DPA ResistanceAES – 3DES – HMAC crypto and hash operationsCheck Icon
Automotive StandardISO 26262 ASILASIL-BASIL-D
OTP ManagementOTP management coreCheck IconCheck IconCheck IconCheck Icon
Key DerivationSecure Key DeriveCheck IconCheck IconCheck IconCheck Icon
Anti-Tamper (Clock & Power)Canary Core Monitor – Glitch Detection LogicCheck IconCheck IconCheck IconCheck Icon
Secure Boot ManagementECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure DebugECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure Lifecycle ManagementSecure lifecycle stages supportCheck IconCheck IconCheck IconCheck Icon
Secure Feature ManagementJust-in-time-SKU ManagementCheck IconCheck IconCheck IconCheck Icon
Memory ECCSupport for ECC or SECDED SRAMCheck IconCheck IconCheck IconCheck Icon
Crypto Accelerator coresAES-HMAC-RSA-ECC-TRNG HW coresCheck IconCheck IconCheck IconCheck Icon
I/0 PerformanceThroughput (Gbps)>8>8>8>8
Crypto & Hash PerformanceCrypto/Hash Performance (Gbps) @500MHz3331.5
Public Key EngineRSA, ECC Acceleration Core multiplier width32×32/64×6464×6464×6464×64
DMAStandard (STD) or Multi-channel (MC)MCMCMCMC
I/O BusAMBA Bus Master/SlaveAXI/AHBAXI/AHBAXI/AHBAXI/AHB
OTP InterfaceInterface to 3rd Party OTPAPBAPBAPBAPB
Multiple Roots of TrustRoots/Key Splits4/84/84/84/8

The RT-600 Series Root of Trust cores offer various cryptographic accelerator options:

FeatureDescriptionRT-630RT-640RT-645RT-660
Application FocusExample ApplicationsAI/ML/CloudAutomotiveAutomotiveFIPS/Gov
Random Number GeneratorNIST SP800 compliant True Random Number GeneratorCheck IconCheck IconCheck IconCheck Icon
Public Key EngineRSA, ECC Acceleration Core32×32/64×6432×3232×3264×64
Public Key RSA HWMax Exponent Size (bits)4096409640964096
Public Key RSARSAAES-OAEP & RSASSA-PSS PKCS#1 support2.22.22.22.2
Public Key ECCMax Curve Size (bits)521521521521
Public Key ECCECDSA & ECDHCheck IconCheck IconCheck IconCheck Icon
Public Key ECCEdDSA Ed25519 & EdDH X25519Check IconCheck IconCheck IconCheck Icon
Public Key ECCBrainpool curvesOptionalOptionalOptionalOptional
Public Key DPA resistantSPA and DPA resistant asymmetric RSA/ECC coreCheck IconCheck IconCheck IconCheck Icon
AES HWECB, CBC, CFB, CTR Modes – max 256-bit key sizeCheck IconCheck IconCheck IconCheck Icon
AES-CMACAES-CMAC modeCheck IconCheck Icon
AES-GCMAES-GCM/GMAC modesCheck IconCheck IconCheck IconCheck Icon
AES DPA ResistantSPA and DPA resistant symmetric AES coreOptionalCheck Icon
3DES HW3DES CoreOptional
3DES DPA ResistantSPA and DPA resistant symmetric 3DES coreOptional
HMAC-SHA2 HWSHA-2 and HMAC-SHA2- Max 512-bit-modeCheck IconCheck IconCheck IconCheck Icon
HMAC-SHA3 HWSHA-3 and HMAC-SHA3- Max 512-bit-modeOptionalOptionalOptionalOptional
HMAC-SHA2 DPA ResistantSPA and DPA resistant HMAC-SHA-2Optional
Chinese algorithmsChinese SM2-3-4 algorithms OSCCA compliantOptionalOptionalOptional
Whirlpool HWWhirlpool Hash Core (SHE Algorithm)OptionalOptional
Poly1305/ChaCha 20Poly/ChaCha Hash and Cipher CoreOptional

Dedicated FPGA configurations

The RT-630 and RT-660 are available in specific FPGA configurations, targeting to be synthesized in programmable logic. These are designed to map optimally (for max utilization and max frequency) into FPGA fabric, and connect either to on-board or external CPUs. In addition, the design is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.

The main use cases for the RT-600 Series Root of Trust include:

  • Secure Boot
  • Secure Firmware Update
  • Authentication
  • Attestation
  • Secure Data Storage
  • Secure Key Storage
  • Device Personalization
  • Key and Data Provisioning
  • User Data Privacy
  • Secure Communication & Secure Protocol Implementation
  • Runtime Integrity Checking
  • Cryptographic Acceleration
  • Secure Debug
  • Feature/Configuration/SKU management

Rambus Root of Trust solutions are part of a broad portfolio of security IP solutions which provides end-to-end security of chips and devices over their entire lifecycle.

The Road to Post Quantum Cryptography cover

The Road to Post Quantum Cryptography

Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.