The CryptoManager Root of Trust RT-630 is a fully programmable hardware security core offering security-by-design for cloud, AI/ML as well as general purpose semiconductor applications. It protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.
As cloud and AI/ML applications evolve, device and system architects face a growing array of security threats. Across applications, one constant is the need for a hardware root of trust-based security implementation. The Rambus RT-630 is the ideal security co-processor for these markets. It employs a custom 32-bit RISC-V siloed and layered secure co-processor, along with dedicated secure memories. The RT-630 also features a number of high-capability cryptographic accelerators such as AES (all modes), HMAC, SHA-2 (all modes), RSA up to 4096 bits, ECC up to 521 bits, a NIST-compliant Random Bit Generator, AXI Multi Issue Out-of-Order, and Fast DMA capability. Additional algorithms such as SHA-3, Poly1305 & ChaCha and OSCCA SM2-3-4 are available as optional HW crypto accelerators. Satisfying use cases such as identity management, attestation, and secure boot, the RT-630 is ideally suited for cloud and AI/ML applications where FIPS 140-2 and 140-3 compliance is required and security is a priority.
The CryptoManager Root of Trust supports multi-tenant deployments by offering true multiple root of trust capabilities. Each individual secure application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. Secure applications are siloed from each other, ensuring the best approach to security. OEMs can determine access levels and permissions for each and all processes operating within the secure processor.
The RT-630 is available in a FPGA configuration, targeting to be synthesized in programmable logic. This configuration is designed to map optimally (for max utilization and max frequency) into FPGA fabric, and connect either to on-board or external CPUs. In addition, the design is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one-time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.
Included with the RT-630 Hardware Root of Trust are a series of standard secure applications (“containers”) to speed development, including secure boot, identity management, HSM reference, and others. A container development kit (CDSK) is also included to allow the development of custom containers for specific use cases.
File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.
Upcoming Webinar: AI Requires Tailored DRAM Solutions