Security IP icon


CryptoManager Root of Trust

The CryptoManager Root of Trust is a family of fully-programmable FIPS 140-2 compliant hardware security co-processors that offers layered security by design. They protect against a wide range of hardware and software attacks with state-of-the-art anti-tamper and security techniques.

Featuring a custom-designed RISC-V siloed and layered secure co-processor and dedicated secure memories, the CryptoManager Root of Trust family provides a variety of cryptographic accelerators, including AES (all modes), 3DES, HMAC, SHA-2/SHA-3 (all modes). Configuration-dependent, the hardware Root of Trust can also be offered as a DPA (Differential Power Analysis) protected solution, providing additional side channel attack resistance.

Ideal for security-sensitive applications like AI/ML, automotive, and government/military, the CryptoManager Root of Trust is the most secure hardware root of trust available on the market.

RT-630Download CryptoManager RT-630 Product BriefSemi/Cloud/AI/MLCloud, AI/ML security co-processor
RT-640Download CryptoManager RT-640 Product BriefAutomotiveISO26262 ASIL-B ready automotive security co-processor
RT-645Download CryptoManager RT-645 Product BriefAutomotiveISO26262 ASIL-D ready automotive security co-processor
RT-660Download CryptoManager RT-660 Product BriefGovernment/DPAHigh-security, government-application focused security co-processor
RT-630-FPGAFPGAFPGA implementations
CSDKDownload CryptoManager RT-660 Product BriefAllSoftware development toolkit for secure applications

How the Root of Trust Works

The CryptoManager Root of Trust is an independent hardware security co-processor design for integration into semiconductor devices, offering secure execution of authenticated user applications, tamper detection and protection, and secure storage and handling of keys and security assets. The Root of Trust offers chipmakers a siloed approach to security; while located on the same silicon as the main processor, the secure processing core is physically separated. A layered security approach enforces access to crypto modules, memory ranges, I/O pins, and other resources, and assures critical keys are available through hardware only with no access by software. The CryptoManager Root of Trust supports all common main processor architectures, including ARM, RISC-V, x86 and others.

CryptoManager Root of Trust

The CryptoManager Root of Trust supports multi-tenant deployments by offering true multiple root of trust capabilities. Each individual Secure Application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. Secure Applications are siloed from each other, ensuring the best approach to security. OEMs can determine access levels and permissions for each and all processes operating within the secure processor.

Readily deployable, the Root of Trust is offered in multiple off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained, 3rd-party certification and standard compliance, and levels of DPA resistance. Rambus also offers a series of fixed-function roots of trust, formerly the Inside Secure VaultIP products.

Dedicated FPGA configurations

The RT-630 and RT-660 are available in specific FPGA configurations, targeting to be synthesized in programmable logic. These are designed to map optimally (for max utilization and max frequency) into FPGA fabric, and connect either to on-board or external CPUs. In addition, the design is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.

Application FocusExample ApplicationsAI/ML/CloudAutomotiveAutomotiveFIPS/Gov
ProgrammableSecure Applications on embedded RISC-V CPUCheck IconCheck IconCheck IconCheck Icon
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Check IconCheck IconCheck IconCheck Icon
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Check IconCheck IconCheck IconCheck Icon
DPA ResistanceRSA & ECC PKI operationsCheck IconCheck IconCheck IconCheck Icon
DPA ResistanceAES – 3DES – HMAC crypto and hash operationsCheck Icon
Automotive StandardISO 26262 ASILASIL-BASIL-D
OTP ManagementOTP management coreCheck IconCheck IconCheck IconCheck Icon
Key DerivationSecure Key DeriveCheck IconCheck IconCheck IconCheck Icon
Anti-Tamper (Clock & Power)Canary Core Monitor – Glitch Detection LogicCheck IconCheck IconCheck IconCheck Icon
Secure Boot ManagementECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure DebugECDSA P256 with HMAC-SHA-2-256Check IconCheck IconCheck IconCheck Icon
Secure Lifecycle ManagementSecure lifecycle stages supportCheck IconCheck IconCheck IconCheck Icon
Secure Feature ManagementJust-in-time-SKU ManagementCheck IconCheck IconCheck IconCheck Icon
Memory ECCSupport for ECC or SECDED SRAMCheck IconCheck IconCheck IconCheck Icon
Crypto Accelerator coresAES-HMAC-RSA-ECC-TRNG HW coresCheck IconCheck IconCheck IconCheck Icon
I/0 PerformanceThroughput (Gbps)>8>8>8>8
Crypto & Hash PerformanceCrypto/Hash Performance (Gbps) @500MHz3331.5
Public Key EngineRSA, ECC Acceleration Core multiplier width32×32/64×6464×6464×6464×64
DMAStandard (STD) or Multi-channel (MC)MCMCMCMC
OTP InterfaceInterface to 3rd Party OTPAPBAPBAPBAPB
Multiple Roots of TrustRoots/Key Splits4/84/84/84/8

The CryptoManager Root of Trust cores offers various cryptographic accelerator options:

Application FocusExample ApplicationsAI/ML/CloudAutomotiveAutomotiveFIPS/Gov
Random Number GeneratorNIST SP800 compliant True Random Number GeneratorCheck IconCheck IconCheck IconCheck Icon
Public Key EngineRSA, ECC Acceleration Core32×32/64×6432×3232×3264×64
Public Key RSA HWMax Exponent Size (bits)4096409640964096
Public Key ECCMax Curve Size (bits)521521521521
Public Key ECCECDSA & ECDHCheck IconCheck IconCheck IconCheck Icon
Public Key ECCEdDSA Ed25519 & EdDH X25519Check IconCheck IconCheck IconCheck Icon
Public Key ECCBrainpool curvesOptionalOptionalOptionalOptional
Public Key DPA resistantSPA and DPA resistant asymmetric RSA/ECC coreCheck IconCheck IconCheck IconCheck Icon
AES HWECB, CBC, CFB, CTR Modes – max 256-bit key sizeCheck IconCheck IconCheck IconCheck Icon
AES-CMACAES-CMAC modeCheck IconCheck Icon
AES-GCMAES-GCM/GMAC modesCheck IconCheck IconCheck IconCheck Icon
AES DPA ResistantSPA and DPA resistant symmetric AES coreOptionalCheck Icon
3DES HW3DES CoreOptional
3DES DPA ResistantSPA and DPA resistant symmetric 3DES coreOptional
HMAC-SHA2 HWSHA-2 and HMAC-SHA2- Max 512-bit-modeCheck IconCheck IconCheck IconCheck Icon
HMAC-SHA3 HWSHA-3 and HMAC-SHA3- Max 512-bit-modeOptionalOptionalOptionalOptional
HMAC-SHA2 DPA ResistantSPA and DPA resistant HMAC-SHA-2Optional
Chinese algorithmsChinese SM2-3-4 algorithms OSCCA compliantOptionalOptionalOptional
Whirlpool HWWhirlpool Hash Core (SHE Algorithm)OptionalOptional
Poly1305/ChaCha 20Poly/ChaCha Hash and Cipher CoreOptional

The main use cases for the CryptoManager Root of Trust include:

  • Secure Boot
  • Secure Firmware Update
  • Authentication
  • Attestation
  • Secure Data Storage
  • Secure Key Storage
  • Device Personalization
  • Key and Data Provisioning
  • User Data Privacy
  • Secure Communication & Secure Protocol Implementation
  • Runtime Integrity Checking
  • Cryptographic Acceleration
  • Secure Debug
  • Feature/Configuration/SKU management


The CryptoManager Root of Trust is part of a broad portfolio of security IP solutions which provides end-to-end security of chips and devices over their entire lifecycle.

The Road to Post Quantum Cryptography cover

The Road to Post Quantum Cryptography

Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Work on Post Quantum Cryptography (PQC) is well under way, but implementation will come with its own set of challenges. Rambus has solutions and recommendations to ready customers for a post-quantum world.

Solution Offerings

Superior Security

  • Hardware root of trust built on a custom 32-bit RISC-V processor
  • Secure in-core processing and industry-leading anti-tamper protections
  • Built-in tamper detection and resistance to side-channel attacks (configuration-dependent)
  • Multi-layered security model provides protection of all components in the core
  • FIPS 140-2 & 140-3 CAVP certified
  • FIPS 140-2 & 140-3 CMVP certified

Enhanced Flexibility

  • 3rd-party applications run securely within trusted boundary, each with its own assigned security permissions
  • Complete development environment allows OEMs and users to easily develop secure applications (”containers”); standard use case application containers provided
  • Support for secure provisioning of keys and firmware at manufacturing or in the field
  • Support for multiple roots of trust within a single secure core

Security Models

  • Hierarchical privilege
  • Secure key management policy
  • Hardware-enforced isolation/access control/protection
  • Error management policy

Cryptographic Accelerators

  • Includes AES, HMAC, RSA, ECC, RBG (configuration-dependent)

Security Modules

  • Canary logic for protection against glitching and overclocking
  • Secure key derivation and key transport
  • Life cycle management
  • Secure test and debug
  • Feature management

Complete Documentation

  • Hardware integration guide
  • Hardware and software reference manuals
  • Programming guides

Tools and Scripts

  • Verilog for synthesis and simulation
  • All scripts and support files needed for standard EDA tool flows integration deliverables

Integration Deliverables

  • Complete verification test bench and comprehensive set of test vectors
  • Container-authoring software
  • Boot loader and firmware, including secure RTOS and security monitor
  • HLOS APIs for accessing capabilities
  • Complete development environment, including compiler, assembler, debugger, simulator, reference code
  • Available FGPA-based development board

Secure Applications Deliverables

  • QEMU implementation (source code)
  • Implementation of HLOS or ASIC components (source code)
  • Sample application demonstrating usage of Secure Application
  • Documentation
    • Software Architecture
    • HLOS Programmer’s Guide
    • Developer’s Guide
    • API Guide
    • Integration Guide
Secure ApplicationDescription
Linux Secure BootImplements secure boot for Linux OS, secured by the Root of Trust co-processor
Linux Secure FOTAImplements secure Firmware Over the Air (FOTA) updates for Linux OS
ASIC Secure BootUses the Root of Trust co-processor to assist in the secure boot process of ASICs and FPGAs
Secure Data StorageUses the Root of Trust co-processor to protect user credentials or biometric templates
Open SSL HardeningHardens the OpenSSL crypto operations via the Root of Trust secure co-processor
Reference HSMImplements a basic HSM supporting AES, HMAC, SHA256, ECDSA, X.509 certificates and secure storage
Unique ID GeneratorCreates a Root of Trust unique ID and stores it in the Root of Trust NVM (Non Volatile Memory)
CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.