At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
Foundational security for SoCs, secure MCU devices and sensors
Designed to be integrated in secure MCUs (microcontrollers), the RT-260 Root of Trust (formerly VaultIP) is a FIPS 140-3 CMVP compliant hardware core that guards the most sensitive assets on chips and establishes the foundation for platform security.
Featuring a firmware-controlled architecture with dedicated secure memories, the RT-260 hardware Root of Trust provides a variety of cryptographic accelerators including DPA protection for AES, RSA, and ECC. Ideal as a secure services and key manager for MCU (microcontroller) devices, the RT-260 Root of Trust offers the best balance of size and performance available on the market.
The RT-260 offers a series of key security use cases ‘out of the box’, including:
The RT-260 provides a secure asset store:
The RT-260 Root of Trust is a silicon IP core developed to protect an SoC platform and its operation. It allows the SoC to boot securely and protects sensitive key material and assets. At its heart, its Secure Asset Store allows import, negotiation, and creation of secret and private key material. Safe use of key material is enforced through a flexible key use and access policy. Keys can be securely stored in off-chip NVM. Fully featured, its cryptographic data plane associated to its DMA offloads the main CPU while never exposing secret data to the OS or the applications. It is designed to provide secure, energy efficient and accelerated security functions.
Readily deployable, the RT-260 Root of Trust is offered in off-the-shelf configurations, allowing a choice tailored to the needs of your application. Configurations differ by cryptographic accelerators contained and 3rd-party certification and standard compliance.
The RT-260 is part of the broad Rambus Root of Trust portfolio, which ranges from small, lightweight cores designed to protect IoT endpoints all the way to fully programmable Root of Trust cores designed to protect the most sensitive government/defense chips and automotive deployments requiring ISO-26262 certifications.
Rambus offers dedicated FIPS 140-3 support packages to its licensees that provide FIPS 140-3 related certification documentation, FIPS test scripts, and dedicated FIPS support.
Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.
|FIPS 140 CMVP||FIPS 140-2 CMVP & FIPS 140-3 CMVP||Includes CAVP certificates for NIST approved algorithms and TRNG|
|DPA Resistance||Simple and differential power analysis resistant cores||RSA, ECC, AES|
|Cipher Algorithm Support||AES (all key sizes) Optional: ChaCha20, ARIA||Modes: CBC, CTR, CCM, CMAC, GCM, XTS ARIA Modes: CBC, CTR, CMAC, CCM, GCM|
|Hash Algorithms||SHA-1, SHA-2 Optional: SHA-3||SHA-2 224-256-384-512 SHA-3 224-256-384-512|
|Message Authentication Code Algorithms||HMAC-SHA-1, HMAC-SHA-2 Optional: HMAC-SHA3||SHA-2 224-256-384-512 SHA-3 224-256-384-512|
|AEAD Algorithms||AES-GCM, AES-GMAC, AES-CCM Optional: ChaCha20/Poly1305, ARIA-CCM||Modes: GCM, GMAC, CCM|
|Sign/Verify Algorithms||ECDSA EdDSA||NIST P-224, P-256, P-384, P-521 Ed25519|
|Key Agreement Algorithms||ECDH DH EdDH||NIST P-224, P-256, P-384, P-521 Up to 3096 bits Curve25519|
|Key Transport Algorithms||ECIES RSA Wrap/Unwrap (RSA-OAEP) AES-WRAP||128- and 256-bit strength Up to 3096 bits 128- and 256-bit strength|
|Random Number Generator HW||NIST SP800-90 compliant TRNG||NIST ENT certificate|
|Crypto Performance||Cipher/Hash Performance (Gbps) @500MHz||Scalable, ~2 Gbps|
|I/O Bus||AMBA Bus Master/Slave||AXI/AHB Master, AXI/AHB/APB Slave|
|OTP Interface||Interface to 3rd-Party OTP||TCM|
File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.