Security IP icon

Security

Root of Trust RT-100

Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 Root of Trust (formerly VaultIP) is a FIPS 140-2 compliant hardware core that guards the most sensitive assets on chips and establishes the foundation for platform security.

Featuring a state-machine architecture with dedicated secure memories, the RT-100 hardware Root of Trust provides a variety of cryptographic accelerators including AES, SHA-2 and ECC. Ideal for power and space-sensitive applications like IoT, edge nodes, and sensors. The RT-100 Root of Trust offers the best balance of size and performance available on the market with optional FIPS 140 CAVP and CMVP.

The RT-100 offers a series of key security use cases ‘out of the box’, including:

  • Secure Boot assist to host CPU(s) and protection of key material
  • Manages secure firmware upgrade for Host CPU
  • Life-cycle management support
  • Secure Debug
  • Secure device authentication and identity protection
 

The RT-100 provides a secure asset store:

  • Only the RT-100 can manage, use and access the assets
  • The O/S and applications cannot access key values
  • Applications request asset use by reference through authorization
  • Enforces policies for access and use of keys and cryptographic functions
  • Key generation, derivation, storage and transport
Security in the ARM Ecosystem cover

Security in the ARM Ecosystem

Building security in an SoC aiming to meet the goals set by the ARM Platform Security Architecture (PSA) is a complex matter. This is compounded by the complexity of modern-day SoCs comprising multiple processors, security domains and security levels. The Rambus root of trust provides a solid foundation for the SoC security architecture ticking ‘all the boxes’ for reaching the security goals, while offering extensive support for effective integration into a complex TrustZone-based SoC infrastructure.

How the Root of Trust Works

The RT-100 Root of Trust is a silicon IP core developed to protect an SoC platform and its operation. It allows the SoC to boot securely and protects sensitive key material and assets. At its heart, its Secure Asset Store secretly generates keys and securely stores them. Fully featured, its cryptographic data plane associated to its DMA offloads the main CPU while never exposing secret data to the OS or the applications. It is designed to provide secure, energy efficient and accelerated security functions.

Root of Trust Engine

Readily deployable, the RT-100 Root of Trust is offered in off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained and 3rd-party certification and standard compliance.

The RT-100 is part of the broad Rambus Root of Trust portfolio, which ranges from small, lightweight cores designed to protect IoT endpoints all the way to fully programmable Root of Trust cores designed to protect the most sensitive government/defense chips and automotive deployments requiring ISO-26262 certifications.

The Road to Post Quantum Cryptography cover

The Road to Post Quantum Cryptography

Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.

Solution Offerings

FeatureDescriptionRT-100
FIPS 140 CAVPFIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)Optional
FIPS 140 CMVPFIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)Optional
OTP ManagementInterfaceStandard
AES HWECB, CBC, CTR Modes – Max Key Size (bits)256
HMAC-SHA2 HWSHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits)256
Public Key EngineRSA, ECC Acceleration Core16×16
ECC HWMax Curve Size (bits)521
RSA HWMax Exponent Size (bits)3096
Random Number Generator HWNIST SP800 compliant TRNGStandard
I/O PerformanceThroughput (Gbps)1
Crypto PerformanceCrypto/Hash Performance (Gbps) @500MHz1
DMAStandard (STD) or Multi-channel (MC)STD
I/O BusAMBA Bus Master/SlaveAXI/AHB
OTP InterfaceInterface to 3rd-Party OTPTCM
Multiple Roots of TrustRoots/Key Splits1
  • IoT (Internet of Things) devices
  • Industrial IoT
  • Sensors
  • Gateways
  • Edge nodes