Security IP icon

Security

VaultIP Root of Trust

Designed to be integrated in power and space-constrained microcontrollers or SoCs, the VaultIP Root of Trust Engine is a family of FIPS 140-2 compliant hardware cores that guard the most sensitive assets on chips and establishes the foundation for platform security.

Featuring a state-machine architecture with dedicated secure memories, the VaultIP Root of Trust family provides a variety of cryptographic accelerators, including AES, SHA-2 and ECC. Ideal for power and space-sensitive applications like IoT, edge, and industrial use, the VaultIP Root of Trust offers the best balance of size and performance available on the market.

ModelConfigurationDescription
VaultIP-IoTIoT, EdgeState-machine (fixed function) for high-volume applications
VaultIP-SMChinaState-machine (fixed function) for Chinese high-volume applications

How the VaultIP Root of Trust works

The VaultIP Root of Trust is a silicon IP core developed to protect an SoC platform and its operation. It allows the SoC to boot securely and protects sensitive key material and assets. At its heart, its Secure Asset Store secretly generates keys and securely stores them. Fully featured, its cryptographic data plane associated to its DMA offloads the main CPU while never exposing secret data to the OS or the applications. It is designed to provide secure, energy efficient and accelerated security functions.
VaultIP Root of Trust Engine
VaultIP Root of Trust Engine

Readily deployable, the VaultIP Root of Trust is offered in off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained and 3rd-party certification and standard compliance. Rambus also offers a series of programmable secure co-processors in its CryptoManager Root of Trust solutions.

FeatureDescriptionVaultIP-IoTVaultIP-SM
Application FocusExample ApplicationsIoTChina
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Check IconCheck Icon
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Check Icon
DPA ResistanceAsymmetric RSA/ECCCheck IconCheck Icon
OTP ManagementInterfaceCheck IconCheck Icon
Feature Management CoreJust-in-time – SKU ManagementCheck Icon
3DES HW3DES Coreoptional
Chinese AlgorithmsChinese SM2-3-4 AlgorithmsCheck Icon
AES HWECB, CBC, CTR Modes – Max Key Size (bits)256256
AES-GCM HWECB, CBC, CTR, GCM modes – Max Key Size (bits)optionaloptional
HMAC-SHA2 HWSHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits)256256
Public Key EngineRSA, ECC Acceleration Core16×1616×16
ECC HWMax Curve Size (bits)521521
RSA HWMax Exponent Size (bits)30963096
Random Number Generator HWNIST SP800 compliant TRNGCheck IconCheck Icon
I/O PerformanceThroughput (Gbps)11
Crypto PerformanceCrypto/Hash Performance (Gbps) @500MHz0.40.4
DMAStandard (STD) or Multi-channel (MC)STDSTD
I/O BusAMBA Bus Master/SlaveAHB/APBAHB/APB
OTP InterfaceInterface to 3rd-Party OTPTCMTCM
Multiple Roots of TrustRoots/Key Splits11

Features & Benefits

  • Platform security enforcement and control
    • Secure boot assist to host CPU(s) and protection of key material used
    • Host secure boot access control
    • Life-cycle management support
  • Secure key management and use
    • Fixed function root of trust with built-in sequencer
    • Flexible OTP root and key storage
    • Secure asset store, no external access to key values
    • Secure key distribution through dedicated interface
    • Flexible crypto options and high quality TRNG
    • FIPS 140-2 level 2
    • Secure provisioning
  • Integration with ARM TZ hardware
  • Low footprint, low power
CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.