Security
Root of Trust Solutions
Providing a hardware-based foundation for security, Rambus offers a catalog of robust Root of Trust solutions, ranging from feature-rich military-grade security co-processors to highly compact Root of Trust designs. With a breadth of solutions applicable from the data center to Internet of Things (IoT) devices, Rambus has a Root of Trust solution for almost every application. Rambus Root of Trust designs protect devices and valuable assets (identities, keys, code and data) belonging to different stakeholders across the ecosystem, including silicon vendors, OEMs, service providers and users.
Contact
Product BriefSecure Programmable Root of Trust Security Solutions
| Product | Brief | Applications |
|---|---|---|
| RT-630 |  |
Cloud and AI/ML applications |
| RT-640 | |
Automotive ISO-26262 ASIL-B embedded Hardware Security Module |
| RT-641 | |
Automotive ISO-26262 ASIL-B embedded Hardware Security Module for the Chinese market |
| RT-645 | |
Automotive ISO-26262 ASIL-D embedded Hardware Security Module |
| RT-650 | |
Highly-secure government applications requiring DPA resistance |
| RT-660 | |
Highly-secure data center applications requiring DPA & FIA resistance |
| RT-1660 | |
Highly-secure defense applications requiring DPA & FIA resistance |
| RT-630-FPGA | |
FPGA-specific implementation of the RT-630 |
| RT-660-FPGA | |
FPGA-specific implementation of the RT-660 |
| RT-600 SDK | |
SDK for RT-6xx secure application development |
Arm® CryptoCell™ and CryptoIsland™ Root of Trust Security Solutions
| Product | Brief | Applications |
|---|---|---|
| CC-312 | |
Arm Cortex®-M TrustZone®-based IoT edge devices and sensors |
| CC-712 | |
Arm Cortex-A TrustZone-based IoT servers and gateways |
| CC-713 | |
Arm Cortex-A TrustZone-based IoT servers and gateways for the Chinese market |
| CI-300P-C | Contact Rambus for product information | Secure Element devices such as iSIM, 5G modems, mobile app processors |
Firmware-Controlled Root of Trust Security Solutions
Superior Security
Provide a robust hardware foundation for security
Protect valuable secret keys, credentials and other sensitive data
Adapt to an evolving threat environment
Design Flexibility
Select a solution tailored to specific application needs
Programmable and fixed function architectures
Varying crypto and DPA protection capabilities
Improve Profitability
Reduce NRE and operating costs
Eliminate costs of compromised devices
Offer new services through programmability
Secure Programmable Root of Trust Security Solutions
The Rambus Root of Trust RT-600 family of fully programmable FIPS 140-2 certified and FIPS 140-3 compliant hardware security cores offers security by design for cloud, AI/ML, automotive, government, defense, data center, as well as general purpose semiconductor applications. The RT-600 family protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.
| Feature | Description | RT-630 | RT-640 | RT-641 | RT-645 | RT-645 | RT-660 | RT-1660 |
|---|---|---|---|---|---|---|---|---|
| Application Focus | Example Applications | AI/ML/Cloud | Automotive | Automotive | Automotive | Government | Data Center | Defense |
| FIPS 140 CAVP | FIPS 140-2 & FIPS 140-3 CAVP |  |
|
|
|
|
|
|
| FIPS 140 CMVP | FIPS 140-2 & FIPS 140-3 CMVP | |
|
|
|
|
|
|
| DPA | DPA Resistance | RSA/ECC | RSA/ECC | RSA/ECC | RSA/ECC | |
|
|
| FIA | FIA Resistance | — | — | — | — | — | |
|
| Automotive | ISO26262 ASIL Level | — | ASIL-B | ASIL-B | ASIL-D | — | ||
| Key Derive | Secure Key Derivation | |
|
|
|
|
|
|
| Key Agreement | ECDH, DH | |
|
|
|
|
|
|
| Key Transport | Key Wrap Mechanisms | |
|
|
|
|
|
|
| Roots | Multiple Roots/Key Splits | 4/8 | 4/8 | 4/8 | 4/8 | 8/8 | 8/8 | 8/8 |
| Secure Boot | Secure Boot Assist P-512 | |
|
|
|
|
|
|
| Secure Debug | Secure Debug P-512 | |
|
|
|
|
|
|
| Secure Lifecycle | Lifecycle Stage Management | |
|
|
|
|
|
|
| Secure Feature | Feature and SKU Management | |
|
|
|
|
|
|
| Anti Tamper | Power and Clock Glitch Monitor | |
|
|
|
|
|
|
| Memory ECC | Memory Error Correction | |
|
|
|
|
|
|
| Crypto Accelerators | TRNG-RSA-ECC-AES-SHA2-SHA3 | |
|
|
|
|
|
|
| Crypto Accelerators | — | — | Optional | — | — | — | — | |
| Performance | Crypto & Hash Performance Gbps | 6 | 6 | 6 | 6 | 3 | 6 | 6 |
| I/O bus | AXI or AHB AMBA Interface | |
|
|
|
|
|
|
| OTP | APB OTP Management Interface | |
|
|
|
|
|
|
| PUF | PUF Interface | |
|
|
|
|
|
|
| DPA | RSA & ECC DPA Resistances | |
|
|
|
|
|
|
| DPA | AES DPA Resistance | — | — | — | — | |
|
|
| DPA | HMAC-SHA-2 DPA Resistance | — | — | — | — | — | |
|
| FIA | RSA & ECC & AES FIA Resistance | — | — | — | — | — | |
|
| TRNG | True Random Number Generator SP800-90 | |
|
|
|
|
|
|
| RSA | HW Accelerators 4K (up to 8K) | |
|
|
|
|
|
|
| ECC | HW Accelerators 521 | |
|
|
|
|
|
|
| ECC Curves | NIST – Brainpool – 25519 – 448 | |
|
|
|
|
|
|
| AES | HW Accelerators | |
|
|
|
|
|
|
| AES | CBC-CTR-CCM-CMAC-CFB-OFB Mode | |
|
|
|
|
|
|
| AES | GCM-GMAC Mode | |
|
|
|
|
|
|
| AES | XTS Mode | |
— | — | — | |
|
|
| SM2-3-4 | HW Accelerators | — | — | |
— | — | — | — |
| SHA-2 | (HMAC-)SHA-2 Accelerators | |
|
|
|
|
|
|
| SHA-2 | (HMAC-)SHA-2 Max Mode | 512 | 512 | 512 | 512 | 512 | 512 | 512 |
| SHA-3 | (HMAC-)SHA-3 Accelerators | |
— | — | — | |
|
|
| SHA-3 | (HMAC-)SHA-3 Max Mode | 512 | 512 | 512 | 512 | 512 | 512 | 512 |
| CPP | ChaCha Poly Accelerators | Optional | — | — | — | Optional | Optional | — |
| Whirlpool | HW Accelerators | — | Optional | Optional | Optional | — | — | Optional |
| 3DES | HW Accelerators | — | — | — | — | — | — | Optional |
Going Beyond the Requirements of a Root of Trust for Measurement with the Silicon-Proven RT-660 Root of Trust
The continuously evolving technology landscape and security requirements for systems present many challenges for device and silicon manufacturers. Nowhere is this truer than in data centers. Rambus has long recognized the need for security designs in data centers, and the Caliptra initiative discussed in this white paper is a welcome step towards a widespread adoption of Root of Trust designs in SoCs. Read this white paper to learn key features of the Rambus RT-660 Root of Trust and how it can be used for Caliptra use case scenariosArm CryptoCell and CryptoIsland Root of Trust Security Solutions
Designed to be integrated in Arm TrustZone-based power and space-constrained SoCs or FPGAs, the CC-312, CC-712, and CC-713 Root of Trust solutions (formerly Arm CryptoCell and CryptoIsland) are FIPS 140-3 certifiable hardware security modules that guard the most sensitive assets on chips and establish the foundation for the Arm Platform Security Architecture (PSA). The CC-312 targets integration on Cortex-M platforms running embedTLS, and the CC-71x targets integration on Cortex-A platforms running Linux or OP-TEE.
Featuring a hard-wired control logic-based architecture with dedicated secure memories, the CryptoCell Hardware Root of Trust cores provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC, and optionally ChaCha20/Poly1305 and the Chinese SM-2/3/4 algorithms. Ideal for power and space-sensitive applications like secure MCUs, IoT servers, gateways and edge devices, the CryptoCell Root of Trust designs offer the best balance of size and performance available on the market.
The CryptoIsland CI-300P-C is a secure programmable Root of Trust targeting Secure Element designs for iSIM, payment, DRM, and 5G modems. It is comprised of an embedded Cortex-M0+ processor and a tailored CryptoCell engine. The CryptoIsland is suitable for designs that target evaluation against Common Criteria PP-0084 or PP-0117.
| Feature | Description | CC-312 | CC-712 | CC-713 | CI-300P-C |
|---|---|---|---|---|---|
| Application Focus | Example Applications | IoT Sensor | IoT Gateway | IoT Gateway (CN) | Secure MCU |
| FIPS 140 CAVP | FIPS 140-2 & FIPS 140-3 CAVP | |
|
|
|
| FIPS 140 CMVP | FIPS 140-2 & FIPS 140-3 CMVP | |
|
|
|
| Common Criteria | CC EAL4+ PP-0084 / PP0117 | – | – | – | |
| DPA | RSA & ECC & AES DPA Resistance | — | — | — | |
| Key Derive | Secure Key Derivation | |
|
|
|
| Key Agreement | ECDH, DH | |
|
|
|
| Roots | Multiple Roots/Key Splits | 2 | 2 | 2 | 1 |
| Secure Boot | Secure Boot Verify RSA3K P256 | |
|
|
|
| Secure Boot | Secure Boot Verify ECDSA P-384/P-512 | — | |
|
— |
| Secure Debug | Secure Debug | |
|
|
|
| TRNG | True Random Number Generator SP800-90 | |
|
|
|
| RSA-ECC | HW Accelerators | |
|
|
|
| AES | HW Accelerators | |
|
|
|
| AES | CBC-CTR-CCM-CMAC Mode | |
|
|
|
| AES | GCM-GMAC Mode | Optional | |
|
— |
| AES | XTS Mode | – | |
|
— |
| SM2-3-4 | HW Accelerators | – | – | |
— |
| SHA-2 | (HMAC-)SHA-2 Accelerators | |
|
|
|
| SHA-2 | (HMAC-)SHA-2 Max Mode | 512 | 512 | 512 | 512 |
| SHA-3 | (HMAC-)SHA-3 Accelerators | – | – | – | – |
| SHA-3 | (HMAC-)SHA-3 Max Mode | – | – | – | – |
| CPP | ChaCha Poly Accelerators | Optional | – | – | – |
| ARIA | HW Accelerators | – | – | – | – |
| 3DES | HW Accelerators | – | Optional | Optional | – |
| Performance | Crypto & Hash Performance Gbps | 1 | 2 | 2 | 1 |
| I/O Bus | AXI or AHB AMBA Interface | |
|
|
|
| OTP | TCM OTP Management Interface | |
|
|
|
Firmware-Controlled Root of Trust Security Solutions
Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-200 Root of Trust families (formerly VaultIP) are FIPS 140-2 certified and FIPS 140-3 compliant hardware security modules that guard the most sensitive assets on chips and establish the foundation for platform security.
Featuring a firmware-controlled architecture with dedicated secure memories, the RT-100/200 families provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. Ideal for power and space-sensitive applications like Secure MCUs, IoT servers, gateways and edge devices, the RT-100/200 families offer the best balance of size and performance available on the market.”
| Feature | Description | RT-120 | RT-130 | RT-131 | RT-260 |
|---|---|---|---|---|---|
| Application Focus | Example Applications | IoT Sensor | IoT Gateway | IoT Gateway (CN) | Secure MCU |
| FIPS 140 CAVP | FIPS 140-2 & FIPS 140-3 CAVP | |
|
|
|
| FIPS 140 CMVP | FIPS 140-2 & FIPS 140-3 CMVP | |
|
|
|
| DPA | RSA & ECC & AES DPA Resistance | — | — | — | |
| Key Derive | Secure Key Derivation | |
|
|
|
| Key Agreement | ECDH, DH | |
|
|
|
| Key Transport | Key Wrap Mechanisms | |
|
|
|
| Roots | Multiple Roots/Key Splits | 1 | 1 | 1 | 1 |
| Secure Boot | Secure Boot Assist P-256 | |
|
|
|
| Secure Debug | Secure Debug P-256 | |
|
|
|
| TRNG | True Random Number Generator SP800-90 | |
|
|
|
| RSA-ECC | HW Accelerators | |
|
|
|
| AES | HW Accelerators | |
|
|
|
| AES | CBC-CTR-CCM-CMAC Mode | |
|
|
|
| AES | GCM-GMAC-XTS Mode | – | |
|
|
| SM2-3-4 | HW Accelerators | – | – | |
|
| SHA-2 | (HMAC-)SHA-2 Accelerators | |
|
|
|
| SHA-2 | (HMAC-)SHA-2 Max Mode | 256 | 512 | 512 | 512 |
| SHA-3 | (HMAC-)SHA-3 Accelerators | – | Optional | Optional | Optional |
| SHA-3 | (HMAC-)SHA-3 Max Mode | – | 512 | 512 | 512 |
| CPP | ChaCha Poly Accelerators | – | Optional | Optional | – |
| ARIA | HW Accelerators | – | Optional | Optional | – |
| 3DES | HW Accelerators | – | Optional | Optional | – |
| Performance | Crypto & Hash Performance Gbps | 1 | 2 | 2 | 2 |
| I/O Bus | AXI or AHB AMBA Interface | |
|
|
|
| OTP | TCM OTP Management Interface | |
|
|
|
The Road to Post Quantum Cryptography
Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.
