At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
RT-631 Root of Trust
The Rambus RT-631 Root of Trust is a fully-programmable FIPS 140-2 compliant hardware security core offering security by design for cloud, AI/ML as well as general purpose semiconductor applications. The RT-631 complements the RT-630 with Chinese cipher algorithms SM2, SM3 and SM4, offering security by design for applications that require Chinese crypto-based security support. The RT-631 protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques. As cloud and AI/ML applications evolve, device and system architects face a growing array of security threats. Across applications, one constant is the need for a hardware root of trust-based security implementation.
The Rambus RT-631 is the ideal security co- processor for these markets. It features a custom 32-bit RISC-V siloed and layered secure core, along with dedicated secure memories. The RT-631 also features high-capability cryptographic accelerators like AES and SM4 (all modes), HMAC, SHA-2 and SM3 (all modes), RSA up to 8192 bits, ECC and SM2DSA up to 521 bits, and a NIST-compliant Random Bit Generator. For use cases such as identity management, attestation, and secure boot, the RT-631 is ideally suited for cloud and AI/ ML where security is a priority.Â
Contact
Product BriefHow the Root of Trust RT-631 Works
The Root of Trust RT-631 is a siloed hardware security block for integration into semiconductors, offering secure execution of authenticated user applications, tamper detection and protection, secure storage and handling of keys and security assets, and resistance to side-channel attacks. The Root of Trust is easily integrated with industry-standard interfaces and system architectures and includes standard hardware cryptographic cores. Access to crypto modules, keys, memory ranges, I/O, and other resources is enforced in hardware. Critical operations, including key derivation and storage, are performed in hardware with no access by software.
The Root of Trust is based on a custom 32-bit CPU designed specifically to provide a trusted foundation for secure processing in the core and system. It supports all common main processor architectures including ARM, RISC-V, x86 and others. The secure CPU runs signed code modules called containers, which include permissions and security-related metadata. These containers can implement standard security functionality provided by Rambus, or complete customer-specific security applications, including key and data provisioning, security protocols, biometric applications, secure boot, secure firmware update, and many more.
The Road to Post Quantum Cryptography
Quantum computing offers the promise of tremendous leaps in processing power over current digital computers. But for the public-key cryptography algorithms used today for e-commerce, mobile payments, media streaming, digital signatures and more, quantum computing represents an existential event. Quantum computers may be able to break the widely used RSA and ECC (Elliptic-Curve Cryptography) algorithms in as little as days. Learn about our solutions and recommendations to ready customers for a post-quantum world.
Solution Offerings
- Hardware root of trust
- Custom RISC-V security processor
- Multi-layered security model provides protection of all components in the core
- FIPS 140-2 and 140-3 CAVP compliant
- FIPS 140-2 and 140-3 CMVP compliant
- Secure in-core processing and industry-leading anti-tamper
- OSCCA approved Chinese SM2, SM3, SM4 algorithm support
Enhanced Flexibility
- 3rd-party applications run securely within trusted boundary
- Complete development environment allows users to easily develop secure applications
- Support for secure provisioning of keys and firmware with CryptoManager Provisioning or 3rd-party provisioning solution
- Support multiple roots of trust within a single core
- Secure applications can be assigned unique keys, allowing independent permissions and access levels
- Includes library of standard secure applications to speed development
- Hardware integration guide
- Hardware and software reference manuals
- Programming guides
Tools and Scripts
- Verilog for synthesis and simulation
- All scripts and support files needed for standard EDA tool flows integration deliverables
Integration Deliverables
- Complete verification test bench and comprehensive set of test vectors
- Container-authoring software
- Boot loader and firmware, including secure RTOS and security monitor
- HLOS APIs for accessing capabilities
- Complete development environment, including compiler, assembler, debugger, simulator, reference code
Full Disk Encryption of Solid State Drives and Root of Trust
File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.
