Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-130 Root of Trust (formerly VaultIP) is a FIPS 140-2 CMVP certified hardware core that guards the most sensitive assets on chips and establishes the foundation for platform security.
Featuring a state-machine architecture with dedicated secure memories, the RT-130 hardware Root of Trust provides a variety of cryptographic accelerators including AES, SHA-2, 3DES and ECC. Ideal for power and space-sensitive applications like IoT servers, gateways and edge devices, the RT-130 Root of Trust offers the best balance of size and performance available on the market.
The RT-130 offers a series of key security use cases ‘out of the box’, including:
The RT-130 provides a secure asset store:
The RT-130 Root of Trust is a silicon IP core developed to protect an SoC platform and its operation. It allows the SoC to boot securely and protects sensitive key material and assets. At its heart, its Secure Asset Store secretly generates keys and securely stores them. Fully featured, its cryptographic data plane associated to its DMA offloads the main CPU while never exposing secret data to the OS or the applications. It is designed to provide secure, energy efficient and accelerated security functions.
Readily deployable, the RT-130 Root of Trust is offered in off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained and 3rd-party certification and standard compliance.
The RT-130 is part of the broad Rambus Root of Trust portfolio, which ranges from small, lightweight cores designed to protect IoT endpoints all the way to fully programmable Root of Trust cores designed to protect the most sensitive government/defense chips and automotive deployments requiring ISO-26262 certifications.
|FIPS 140 CAVP||FIPS 140-2 CAVP & FIPS 140-3 CAVP (2020)||Standard|
|FIPS 140 CMVP||FIPS 140-2 CMVP & FIPS 140-3 CMVP (2020)||Standard|
|AES HW||ECB, CBC, CTR Modes – Max Key Size (bits)||256|
|AES Modes||AES-CCM, AES-CMAC, AES-GCM/GMAC (standard)|
|HMAC-SHA2 HW||SHA-2 and HMAC-SHA2 – Max SHA-2 Mode (bits)||512|
|Public Key Engine||RSA, ECC Acceleration Core||32×32|
|ECC HW||Max Curve Size (bits)||521|
|RSA HW||Max Exponent Size (bits)||3096|
|Random Number Generator HW||NIST SP800 compliant TRNG||Standard|
|Optional Cryptography||ARIA, SHA-3, HMAC-SHA-3||Optional|
|I/O Performance||Throughput (Gbps)||2|
|Crypto Performance||Crypto/Hash Performance (Gbps) @500MHz||2|
|DMA||Standard (STD) or Multi-channel (MC)||STD or MC|
|I/O Bus||AMBA Bus Master/Slave||AXI/AHB|
|OTP Interface||Interface to 3rd-Party OTP||TCM|
|Multiple Roots of Trust||Roots/Key Splits||1|
File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.