Security IP icon

Security

Root of Trust Solutions

Providing a hardware-based foundation for security, Rambus offers a catalog of robust Root of Trust solutions, ranging from richly featured military-grade co-processors to highly compact state machines-based designs. With a breadth of solutions applicable from the data center to Internet of Things (IoT) devices, Rambus has a Root of Trust solution for almost every application.

Solution Brief Applications
RT-120 Download the Root of Trust RT-100 Product Brief IoT and IIoT devices, sensors, gateways
RT-121 Download the Root of Trust RT-121 Product Brief IoT and IIoT devices, sensors, gateways for China market
RT-130 Download the Root of Trust RT-130 Product Brief IoT devices, IoT servers, gateways, edge devices
RT-131 Download the Root of Trust RT-131 Product Brief IoT devices, IoT servers, gateways, edge devices for China market
RT-140 Download the Root of Trust RT-140 Product Brief IoT, IIoT and cloud-connected devices, sensors, gateways
RT-260 Download the Root of Trust RT-260 Product Brief Secure MCUs and connected devices that require DPA protection
RT-630 Download the Root of Trust RT-630 Product Brief Semiconductor, Cloud, AI/ML
RT-640 Download the Root of Trust RT-640 Product Brief Automotive ISO26262 ASIL-B
RT-641 Download the Root of Trust RT-641 Product Brief Automotive ISO26262 ASIL-B for China market
RT-645 Download the Root of Trust RT-645 Product Brief Automotive ISO26262 ASIL-D
RT-650 Download the Root of Trust RT-650 Product Brief Government/DPA
RT-660 Download the Root of Trust RT-660 Product Brief Government/DPA & FIA
RT-1660 Download the Root of Trust RT-1660 Product Brief US Defense/DPA & FIA
RT-630-FPGA Download the Root of Trust for FPGAs Product Brief FPGA implementations
CSDK Download the Root of Trust CSDK Product Brief Software development toolkit for secure applications
superior protection icon

Superior Security

Provide a robust hardware foundation for security

Protect valuable secret keys, credentials and other sensitive data

Adapt to an evolving threat environment

Design Flexibility

Select a solution tailored to specific application needs

Programmable and fixed function architectures

Varying crypto and DPA protection capabilities

improved profitability icon

Improve Profitability

Reduce NRE and operating costs

Eliminate costs of compromised devices

Offer new services through programmability

State-Machine Root of Trust Solutions: RT-100 and RT-200 Series

Designed to be integrated in power and space-constrained microcontrollers or SoCs, the RT-100 and RT-200 Root of Trust cores are a family of FIPS 140-2 compliant hardware solutions that guard the most sensitive assets on chips and establish the foundation for platform security.

Featuring a state-machine architecture with dedicated secure memories, this Root of Trust family provides a variety of cryptographic accelerators, including AES, SHA-2 and ECC. Ideal for power and space-sensitive applications like IoT, edge, and industrial use, these Root of Trust cores offer the best balance of size and performance available on the market.

Configuration Options

Feature Description RT-100 RT-121 RT-130 RT-131 RT-140 RT-260
Application Focus Example Applications IoT IoT (CN) IoT/Edge IoT/Edge (CN) IoT/Cloud IoT/Cloud
FIPS 140 CAVP FIPS 140-2 CAVP & FIPS 140-3 CAVP (2020) Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
FIPS 140 CMVP FIPS 140-2 CMVP & FIPS 140-3 CMVP (2020) Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
OTP Management Interface Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
AES HW ECB, CBC, CTR Modes – Max Key Size: 256 bits Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
AES Modes AES-CCM, AES-CMAC, AES-GCM/GMAC (standard) AES-XTS (optional) Check Icon Check Icon Check Icon Check Icon Check Icon
Regional Crypto SM2/SM3/SM4 Check Icon Check Icon
HMAC-SHA2 HW SHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits) 256 256 512 512 512 512
Public Key Engine RSA, ECC Acceleration Core 16×16 16×16 32×32 32×32 32×32 32×32
ECC HW Max Curve Size: 521 bits Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
RSA HW Max Exponent Size: 3096 bits Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
Random Number Generator HW NIST SP800 compliant TRNG Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
Optional Cryptography ARIA, 3DES*, SHA-3, HMAC-SHA-3
*3DES is standard on RT-130, 131, 140
Check Icon Check Icon Check Icon Check Icon
I/O Performance Throughput (Gbps) 1 1 2 2 2 2
Crypto Performance Crypto/Hash Performance (Gbps) @500MHz 1 1 2 2 2 2
DMA Standard (STD) or Multi-channel (MC) Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
I/O Bus AMBA Bus Master/Slave: AXI/AHB Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
OTP Interface Interface to 3rd-Party OTP: TCM Check Icon Check Icon Check Icon Check Icon Check Icon Check Icon
Multiple Roots of Trust Roots/Key Splits 1 1 1 1 1 1
Download Going Beyond the Requirements of a Root of Trust for Measurement with the Silicon-Proven RT-660 Root of Trust

Going Beyond the Requirements of a Root of Trust for Measurement with the Silicon-Proven RT-660 Root of Trust

The continuously evolving technology landscape and security requirements for systems present many challenges for device and silicon manufacturers. Nowhere is this truer than in data centers. Rambus has long recognized the need for security designs in data centers, and the Caliptra initiative discussed in this white paper is a welcome step towards a widespread adoption of Root of Trust designs in SoCs. Read this white paper to learn key features of the Rambus RT-660 Root of Trust and how it can be used for Caliptra use case scenarios

Secure Co-Processor Root of Trust Solutions: RT-600 Series

The RT-600 series Root of Trust solutions are integrated as independent hardware security blocks in semiconductor devices to provide a hardware-based foundation for security. Once integrated into a semiconductor device, an RT-600 series core provides a secure environment for performing a wide range of security functions in a simple and cost-effective manner, providing enhanced security functionality while providing faster time-to-market and significant differentiation.

Configuration Options

FeatureDescriptionRT-630RT-640RT-645RT-660
Application FocusExample ApplicationsAI/ML/CloudAutomotiveAutomotiveFIPS/Gov
ProgrammableSecure Applications on embedded RISC-V CPUCheck IconCheck IconCheck IconCheck Icon
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Check IconCheck IconCheck IconCheck Icon
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Check IconCheck IconCheck IconCheck Icon
DPA ResistanceRSA & ECC PKI operationsCheck IconCheck IconCheck IconCheck Icon
DPA ResistanceAES – 3DES – HMAC crypto and hash operationsCheck Icon
Automotive StandardISO 26262 ASILASIL-BASIL-D
OTP ManagementOTP management coreCheck IconCheck IconCheck IconCheck Icon
Key DerivationSecure Key DeriveCheck IconCheck IconCheck IconCheck Icon
Anti-Tamper (Clock & Power)Canary Core Monitor – Glitch Detection LogicCheck IconCheck IconCheck IconCheck Icon
Secure Boot ManagementECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure DebugECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure Lifecycle ManagementSecure lifecycle stages supportCheck IconCheck IconCheck IconCheck Icon
Secure Feature ManagementJust-in-time-SKU ManagementCheck IconCheck IconCheck IconCheck Icon
Memory ECCSupport for ECC or SECDED SRAMCheck IconCheck IconCheck IconCheck Icon
Crypto Accelerator coresAES-HMAC-RSA-ECC-TRNG HW coresCheck IconCheck IconCheck IconCheck Icon
I/0 PerformanceThroughput (Gbps)>8>8>8>8
Crypto & Hash PerformanceCrypto/Hash Performance (Gbps) @500MHz3331.5
Public Key EngineRSA, ECC Acceleration Core multiplier width32×32/64×6464×6464×6464×64
DMAStandard (STD) or Multi-channel (MC)MCMCMCMC
I/O BusAMBA Bus Master/SlaveAXI/AHBAXI/AHBAXI/AHBAXI/AHB
OTP InterfaceInterface to 3rd Party OTPAPBAPBAPBAPB
Multiple Roots of TrustRoots/Key Splits4/84/84/84/8

The RT-600 Series Root of Trust cores offer various cryptographic accelerator options:

Feature Description RT-630 RT-640 RT-645 RT-660
Application Focus Example Applications AI/ML/Cloud Automotive Automotive FIPS/Gov
Random Number Generator NIST SP800 compliant True Random Number Generator Check Icon Check Icon Check Icon Check Icon
Public Key Engine RSA, ECC Acceleration Core 32×32/64×64 32×32 32×32 64×64
Public Key RSA HW Max Exponent Size (bits) 4096 4096 4096 4096
Public Key RSA RSAAES-OAEP & RSASSA-PSS PKCS#1 support 2.2 2.2 2.2 2.2
Public Key ECC Max Curve Size (bits) 521 521 521 521
Public Key ECC ECDSA & ECDH Check Icon Check Icon Check Icon Check Icon
Public Key ECC EdDSA Ed25519 & EdDH X25519 Check Icon Check Icon Check Icon Check Icon
Public Key ECC Brainpool curves Optional Optional Optional Optional
Public Key DPA resistant SPA and DPA resistant asymmetric RSA/ECC core Check Icon Check Icon Check Icon Check Icon
AES HW ECB, CBC, CFB, CTR Modes – max 256-bit key size Check Icon Check Icon Check Icon Check Icon
AES-CMAC AES-CMAC mode Check Icon Check Icon
AES-GCM AES-GCM/GMAC modes Check Icon Check Icon Check Icon Check Icon
AES DPA Resistant SPA and DPA resistant symmetric AES core Optional Check Icon
3DES HW 3DES Core Optional
3DES DPA Resistant SPA and DPA resistant symmetric 3DES core Optional
HMAC-SHA2 HW SHA-2 and HMAC-SHA2- Max 512-bit-mode Check Icon Check Icon Check Icon Check Icon
HMAC-SHA3 HW SHA-3 and HMAC-SHA3- Max 512-bit-mode Optional Optional Optional Optional
HMAC-SHA2 DPA Resistant SPA and DPA resistant HMAC-SHA-2 Optional
Chinese algorithms Chinese SM2-3-4 algorithms OSCCA compliant Optional Optional Optional
Whirlpool HW Whirlpool Hash Core (SHE Algorithm) Optional Optional
Poly1305/ChaCha 20 Poly/ChaCha Hash and Cipher Core Optional

Dedicated FPGA configurations

The RT-630 and RT-660 are available in specific FPGA configurations, targeting to be synthesized in programmable logic. These are designed to map optimally (for max utilization and max frequency) into FPGA fabric, and connect either to on-board or external CPUs. In addition, the design is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.

The main use cases for the RT-600 Series Root of Trust include:

  • Secure Boot
  • Secure Firmware Update
  • Authentication
  • Attestation
  • Secure Data Storage
  • Secure Key Storage
  • Device Personalization
  • Key and Data Provisioning
  • User Data Privacy
  • Secure Communication & Secure Protocol Implementation
  • Runtime Integrity Checking
  • Cryptographic Acceleration
  • Secure Debug
  • Feature/Configuration/SKU management

Rambus Root of Trust solutions are part of a broad portfolio of security IP solutions which provides end-to-end security of chips and devices over their entire lifecycle.

The Road to Post Quantum Cryptography cover

The Road to Post Quantum Cryptography

Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.