Root of Trust IP

Protecting data at rest

Secure Programmable and Firmware-Controlled Root of Trust IP

Providing a hardware-based foundation for security, Rambus offers a portfolio of robust Root of Trust eHSM solutions, ranging from feature-rich programmable security co-processors with Quantum Safe Cryptography and side-channel attack (SCA) protection to highly compact, firmware-controlled designs. With a breadth of solutions applicable from the data center to Internet of Things (IoT) devices, Rambus has a Root of Trust IP solution for almost every application.

Secure Programmable Root of Trust IP

Solution Product Brief Applications
RT-630 Download the Root of Trust RT-63x family Product Brief Semiconductor, cloud and edge AI security
RT-631 Download the Root of Trust RT-63x family Product Brief Semiconductor, cloud and edge AI security, requiring Chinese Cryptography
RT-632 Download the Root of Trust RT-63x family Product Brief Semiconductor, cloud and edge AI security, requiring IoT Cryptography
RT-634 Download the Root of Trust RT-63x family Product Brief Semiconductor, cloud and edge AI security, requiring Quantum Safe Cryptography
RT-640 Download the Root of Trust RT-64x family Product Brief Automotive ISO-26262 ASIL-B embedded Hardware Security Module
RT-641 Download the Root of Trust RT-64x family Product Brief Automotive ISO-26262 ASIL-B embedded Hardware Security Module requiring Chinese Cryptography
RT-645 Download the Root of Trust RT-64x family Product Brief Automotive ISO-26262 ASIL-D embedded Hardware Security Module
RT-650 Download the Root of Trust RT-65x family Product Brief Highly-secure government applications requiring DPA resistance
RT-651 Download the Root of Trust RT-65x family Product Brief Highly-secure applications requiring DPA resistance with Chinese encryption
RT-654 Download the Root of Trust RT-65x family Product Brief Highly-secure government applications requiring DPA resistance with Quantum Safe Cryptography
RT-660 Download the Root of Trust RT-66x family Product Brief Data center and highly-secure applications requiring DPA & FIA resistance
RT-661 Download the Root of Trust RT-66x family Product Brief Data center and highly-secure applications requiring DPA & FIA resistance with Chinese Cryptography
RT-664 Download the Root of Trust RT-66x family Product Brief Data center and highly-secure applications requiring DPA & FIA resistance with Quantum Safe Cryptography
RT-1660 Download the Root of Trust RT-1660 Product Brief Highly-secure defense applications requiring DPA & FIA resistance
RT-630-FPGA Download the Root of Trust for FPGAs Product Brief FPGA-specific implementation of the RT-630
RT-660-FPGA Download the Root of Trust for FPGAs Product Brief FPGA-specific implementation of the RT-660
RT-600 SDK Download the Root of Trust CSDK Product Brief SDK for RT-6xx secure application development

CryptoCell™ and CryptoIsland™ Root of Trust IP

SolutionProduct BriefApplications
CC-312Download the Root of Trust CC-312 Product BriefArm Cortex®-M TrustZone®-based IoT edge devices and sensors
CC-712Download the Root of Trust CC-712 Product BriefArm Cortex-A TrustZone-based IoT servers and gateways
CC-713Download the Root of Trust CC-713 Product BriefArm Cortex-A TrustZone-based IoT servers and gateways for the Chinese market
CI-300P-CContact Rambus for product informationSecure Element devices such as iSIM, 5G modems, mobile app processors

Firmware-Controlled Root of Trust IP

SolutionBriefApplications
RT-120Download the Root of Trust RT-100 Product BriefIoT clients and sensors
RT-121Download the Root of Trust RT-121 Product BriefIoT clients and sensors for the Chinese market
RT-130Download the Root of Trust RT-130 Product BriefIoT servers, gateways, edge devices and sensors
RT-131Download the Root of Trust RT-131 Product BriefIoT servers, gateways, edge devices and sensors for the Chinese market
RT-260Download the Root of Trust RT-260 Product BriefSecure MCU-based devices and sensors

Secure Programmable Root of Trust IP

The Rambus Root of Trust RT-600 family of fully programmable FIPS 140-3 compliant hardware security cores offers security by design for data center, AI/ML, automotive, government, defense, as well as general purpose semiconductor applications. The RT-600 family protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques, as well as Quantum Safe Cryptography to protect hardware and data in the quantum computing era.

FeatureDescriptionRT-63xRT-64xRT-65xRT-66xRT-1660
Application FocusExample ApplicationsData Center/AI/MLAutomotiveGovernmentHighly Secure ApplicationsDefense
FIPS 140-3NIST CAVP CompliantCheck IconCheck IconCheck IconCheck IconCheck Icon
FIPS 140-3NIST CMVP CompliantCheck IconCheck IconCheck IconCheck IconCheck Icon
FIPS 140-3NIST CMVP In ProcessCheck Icon
FIPS 140-2NIST CMVP CertifiedCheck Icon 
DPADPA ResistanceRSA/ECCRSA/ECCCheck IconCheck IconCheck Icon
FIAFIA ResistanceCheck IconCheck Icon
AutomotiveISO26262 ASIL LevelRT-640 & RT-641: ASIL-B
RT-645: ASIL-D
Key DeriveSecure Key DerivationCheck IconCheck IconCheck IconCheck IconCheck Icon
Key AgreementECDH, DHCheck IconCheck IconCheck IconCheck IconCheck Icon
Key TransportKey Wrap MechanismsCheck IconCheck IconCheck IconCheck IconCheck Icon
RootsMultiple Roots/Key Splits4/84/88/88/88/8
Caliptra RoTMWith DICE and X.509 SupportOptionalOptionalOptional
Secure BootSecure Boot Assist P-512Check IconP-256Check IconCheck IconCheck Icon
Secure DebugSecure Debug P-512Check IconP-256Check IconCheck IconCheck Icon
Secure LifecycleLifecycle Stage ManagementCheck IconCheck IconCheck IconCheck IconCheck Icon
Secure FeatureFeature and SKU ManagementCheck IconCheck IconCheck IconCheck IconCheck Icon
Secure Data StoreSecure Data StoreCheck IconCheck IconCheck Icon
Anti TamperPower and Clock Glitch MonitorCheck IconCheck IconCheck IconCheck IconCheck Icon
Memory ECCMemory Error CorrectionCheck IconCheck IconCheck IconCheck IconCheck Icon
Quantum Safe CryptoCRYSTALS-Kyber/-Dilithium
XMSS/LMS Stateful Hash Signature
RT-634 onlyRT-654 onlyRT-664 only
Quantum Safe CryptoXMSS/LMS Stateful Hash SignatureOptional for RT-630Optional for RT-650Optional for RT-660
PerformanceCrypto & Hash Performance Gbps66366
I/O busAXI or AHB AMBA InterfaceCheck IconCheck IconCheck IconCheck IconCheck Icon
OTPAPB OTP Management InterfaceCheck IconCheck IconCheck IconCheck IconCheck Icon
PUFPUF InterfaceCheck IconCheck IconCheck IconCheck IconCheck Icon
DPARSA & ECC DPA ResistancesCheck IconCheck IconCheck IconCheck IconCheck Icon
DPAAES DPA ResistanceCheck IconCheck IconCheck Icon
DPAHMAC-SHA-2 DPA ResistanceCheck IconCheck Icon
FIARSA & ECC & AES FIA ResistanceCheck IconCheck Icon
TRNGTrue Random Number Generator
SP800-90A/B/C
Check IconCheck IconCheck IconCheck IconCheck Icon
RSAHW Accelerators 4K (up to 8K)Check IconCheck IconCheck IconCheck IconCheck Icon
ECCHW Accelerators 521Check IconCheck IconCheck IconCheck IconCheck Icon
ECC CurvesNIST-Brainpool-(Ed)25519-(Ed)448Check IconCheck IconCheck IconCheck IconCheck Icon
AESHW AcceleratorsCheck IconCheck IconCheck IconCheck IconCheck Icon
AESCBC-CTR-CCM-CMAC-CFB-OFB
GCM-GMAC Mode
Check IconCheck IconCheck IconCheck IconCheck Icon
AESXTS ModeCheck IconCheck IconCheck IconCheck Icon
SM2-3-4HW Accelerators
SHA-2(HMAC-)SHA-2 AcceleratorsCheck IconCheck IconCheck IconCheck IconCheck Icon
SHA-2(HMAC-)SHA-2 Max Mode512512512512512
SHA-3(HMAC-)SHA-3 AcceleratorsCheck IconCheck IconCheck IconCheck Icon
SHA-3(HMAC-)SHA-3 Max Mode512512512512512
CPPChaCha Poly AcceleratorsRT-632 onlyOptionalRT-662 only
WhirlpoolHW AcceleratorsOptionalOptional
3DESHW AcceleratorsOptional

CryptoCell and CryptoIsland Root of Trust IP

Designed to be integrated in Arm TrustZone-based power and space-constrained SoCs or FPGAs, the CC-312, CC-712, and CC-713 Root of Trust solutions (formerly Arm CryptoCell) are FIPS 140-3 certifiable hardware security modules that establish the foundation for the Arm Platform Security Architecture (PSA). The CC-312 targets integration on Cortex-M platforms running embedTLS, and the CC-71x targets integration on Cortex-A platforms running Linux or OP-TEE. 

The CryptoIsland CI-300P-C (formerly Arm CryptoIsland) is a secure programmable Root of Trust targeting Secure Element designs for iSIM, payment, DRM, and 5G modems. It is comprised of an embedded Cortex-M0+ processor and a tailored CryptoCell engine. The CryptoIsland is suitable for designs that target evaluation against Common Criteria PP-0084 or PP-0117. 

FeatureDescriptionCC-312CC-712CC-713CI-300P-C
Application FocusExample ApplicationsIoT SensorIoT GatewayIoT Gateway (CN)Secure MCU
FIPS 140 140-2NIST CAVP CompliantCheck IconCheck IconCheck IconCheck Icon
FIPS 140 140-2NIST CMVP Compliant Check IconCheck IconCheck Icon
Common CriteriaCC EAL4+ PP-0084 / PP0117Check Icon
DPARSA & ECC & AES DPA ResistanceCheck Icon
Key DeriveSecure Key DerivationCheck IconCheck IconCheck IconCheck Icon
Key AgreementECDH, DHCheck IconCheck IconCheck IconCheck Icon
RootsMultiple Roots/Key Splits2221
Secure BootSecure Boot Verify RSA3K P256Check IconCheck IconCheck IconCheck Icon
Secure BootSecure Boot Verify ECDSA P-384/P-512Check IconCheck Icon
Secure DebugSecure DebugCheck IconCheck IconCheck IconCheck Icon
TRNGTrue Random Number Generator
SP800-90A/B/C
Check IconCheck IconCheck IconCheck Icon
RSA-ECCHW AcceleratorsCheck IconCheck IconCheck IconCheck Icon
AESHW AcceleratorsCheck IconCheck IconCheck IconCheck Icon
AESCBC-CTR-CCM-CMAC ModeCheck IconCheck IconCheck IconCheck Icon
AESGCM-GMAC ModeOptionalCheck IconCheck Icon
AESXTS ModeCheck IconCheck Icon
SM2-3-4HW AcceleratorsCheck Icon
SHA-2(HMAC-)SHA-2 AcceleratorsCheck IconCheck IconCheck IconCheck Icon
SHA-2(HMAC-)SHA-2 Max Mode512512512512
SHA-3(HMAC-)SHA-3 Accelerators
SHA-3(HMAC-)SHA-3 Max Mode
CPPChaCha Poly AcceleratorsOptional
ARIAHW Accelerators
3DESHW AcceleratorsOptionalOptional
PerformanceCrypto & Hash Performance Gbps1221
I/O BusAXI or AHB AMBA InterfaceCheck IconCheck IconCheck IconCheck Icon
OTPTCM OTP Management InterfaceCheck IconCheck IconCheck IconCheck Icon

Firmware-Controlled Root of Trust IP

Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-200 Root of Trust families (formerly VaultIP) include SESIP and PSA certified, FIPS 140-2 certified, and FIPS 140-3 compliant hardware security modules that guard the most sensitive assets on chips and establish the foundation for platform security.

Featuring a firmware-controlled architecture with dedicated secure memories, the RT-100/200 families provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. Ideal for power and space-sensitive applications like Secure MCUs, IoT servers, gateways and edge devices, the RT-100/200 families offer the best balance of size and performance available on the market.

Feature Description RT-120 RT-130 RT-131 RT-260
Application Focus Example Applications IoT Sensor IoT Gateway IoT Gateway (CN) Secure MCU
FIPS 140-3 NIST CAVP Compliant Check Icon Check Icon Check Icon Check Icon
FIPS 140-3 NIST CMVP Compliant Check Icon Check Icon Check Icon Check Icon
FIPS 140-2 NIST CAVP and CMVP Certified Check Icon
SESIP Level 2 Certified Check Icon
PSA Certified Level 2 RoT Component Check Icon
DPA RSA & ECC & AES DPA Resistance Check Icon
Key Derive Secure Key Derivation Check Icon Check Icon Check Icon Check Icon
Key Agreement ECDH, DH Check Icon Check Icon Check Icon Check Icon
Key Transport Key Wrap Mechanisms Check Icon Check Icon Check Icon Check Icon
Roots Multiple Roots/Key Splits 1 1 1 1
Secure Boot Secure Boot Assist P-256 Check Icon Check Icon Check Icon Check Icon
Secure Debug Secure Debug P-256 Check Icon Check Icon Check Icon Check Icon
TRNG True Random Number Generator SP800-90A/B/C Check Icon Check Icon Check Icon Check Icon
RSA-ECC HW Accelerators Check Icon Check Icon Check Icon Check Icon
AES HW Accelerators Check Icon Check Icon Check Icon Check Icon
AES CBC-CTR-CCM-CMAC Mode Check Icon Check Icon Check Icon Check Icon
AES GCM-GMAC-XTS Mode Check Icon Check Icon Check Icon
SM2-3-4 HW Accelerators Check Icon
SHA-2 (HMAC-)SHA-2 Accelerators Check Icon Check Icon Check Icon Check Icon
SHA-2 (HMAC-)SHA-2 Max Mode 256 512 512 512
SHA-3 (HMAC-)SHA-3 Accelerators Optional Optional Optional
SHA-3 (HMAC-)SHA-3 Max Mode 512 512 512
CPP ChaCha Poly Accelerators Optional Optional
ARIA HW Accelerators Optional Optional
3DES HW Accelerators Optional Optional
Performance Crypto & Hash Performance Gbps 1 2 2 2
I/O Bus AXI or AHB AMBA Interface Check Icon Check Icon Check Icon Check Icon
OTP TCM OTP Management Interface Check Icon Check Icon Check Icon Check Icon

RT-600 Root of Trust Series A New Generation of Security Anchored in Hardware

Download RT-600 Root of Trust Series: A New Generation of Security Anchored in Hardware

This latest generation of the Rambus RT-600 Root of Trust IP offers many new features designed to support the security needs of customers today and into the future. These features include Quantum Safe Cryptography, Caliptra Root of Trust for Measurement (RoTM) emulation, an embedded physical unclonable function (PUF), as well as many architectural improvements, such as larger memory space and 64-bit addressing support.

Rambus logo