At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.

Products
- - Chips
  - Memory Interface Chips
    - DDR5 Chipset
    - DDR4 Chipset
  - CXL Memory Initiative
- - Silicon IP
  - Interface IP
  - PCI Express
  - CXL
  - SerDes
  - MIPI
  - HBM
  - GDDR
  - LPDDR
  - DDR
  - VESA Video Compression
  - Forward Error Correction
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Solutions
- - By Market
  - AI & Machine Learning
  - Automotive
  - Data Center
  - Edge
  - Government
  - IoT
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Resources
- - Resource Library
  - Our library of informational videos, papers, presentations, and more
  - Webinars
  - Check out our library of upcoming and on-demand webinars
- - Inventions
  - Explore innovations that enable the superior performance of Rambus solutions
  - Certifications
  - Certified silicon IP solutions tailored to the specific needs of some of the world’s most demanding applications
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Company
- - About
  - Corporate Overview
  - Leadership
  - Inventors
  - Careers
  - Locations
  - Investor Relations
- - News & Media
  - Newsroom
  - Blog
  - Events
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
- English

RT-650 Programmable Root of Trust

With DPA

Home > Security IP > Root of Trust Solutions > RT-650

The Rambus RT-650 Root of Trust is a fully programmable, FIPS 140-2 and FIPS 140-3 compliant hardware security anti-tamper core offering security by design for government and military mission-critical applications. The RT-650 protects against a wide range of hardware and software attacks with state-of-the-art anti-tamper security techniques. Government and military hardware require the highest security protections due to sensitive information being stored and processed. The RT-650 is a military grade security co-processor, built on a custom-designed 32-bit RISC-V architecture, along with dedicated secure memories.

The RT-650 offers superior anti-tamper attack protection through the implementation of Differential Power Analysis (DPA) countermeasures. The RT-650 implements DPA protected AES, RSA, and ECC cryptographic accelerator cores. The RT-650 provides hardware implementations of a NIST SP800-90a/b/c compliant TRNG (true random number generator), Public Key Engine (RSA up to 8192 bits and ECC up to 521 bits), AES (all modes), HMAC and SHA-2/-3 crypto accelerators. The RT-650 core is both FIPS 140-2 and FIPS 140-3 CAVP/CMVP compliant. It is the ideal choice for chip and system architects designing FPGA and ASIC solutions for applications requiring the highest level of security.

Contact

Product Brief

Security in the ARM Ecosystem

Building security in an SoC aiming to meet the goals set by the ARM Platform Security Architecture (PSA) is a complex matter. This is compounded by the complexity of modern-day SoCs comprising multiple processors, security domains and security levels. The Rambus root of trust provides a solid foundation for the SoC security architecture ticking ‘all the boxes’ for reaching the security goals, while offering extensive support for effective integration into a complex TrustZone-based SoC infrastructure.

How the Root of Trust Works

While built upon a RISC-V architecture, the RT-650 RISC-V CPU is a custom implementation designed specifically for security use cases. Rambus employed over 20 years of device security experience to build a co-processor providing the highest levels of siloed and layered security. The RT-650 is designed for integration into military and government ASICs and FPGAs, offering secure execution of authenticated user applications, tamper detection and protection, and secure storage and handling of keys and security assets.

The Root of Trust offers a siloed approach to security. While located on the same silicon as the main processor, the secure processing core is physically separated. A layered security approach enforces access to crypto modules, memory ranges, I/O pins, and other resources, and assures critical keys are available through hardware only with no access by software. The Rambus Root of Trust RT-650 supports all commonly deployed host SoC processor architectures, including ARM, RISC-V, x86 and others.

The Rambus Root of Trust supports multi-tenant deployments by offering true multiple root of trust capabilities. Each individual Secure Application can be assigned its own unique keys, meaning permissions and access levels are set completely independent of others. Secure Applications are siloed from each other, ensuring the best approach to security. OEMs can determine access levels and permissions for each and all processes operating within the secure processor.

Dedicated FPGA Configuration

The RT-650 is available in an FPGA configuration for synthesis in programmable logic. This configuration is designed to map optimally (for maximum utilization and frequency) into an FPGA fabric and connect either to on-board or external CPUs. In addition, the RT-650 is expanded with an additional OTP emulation model to overcome the lack of (or limitation of) true nonvolatile one-time programmable memory in certain FPGA families. This module allows storing secure assets in external flash in a secure way.

Secure Applications

Included with the RT-650 Hardware Root of Trust are a series of standard secure applications (“containers”) to speed development, including secure boot, identity management, HSM reference, and others. A container development kit (CSDK) is also included to allow the development of custom containers for specific use cases.

Deep Anti-Tamper Experience

As the inventor and pioneer of DPA and an acknowledged leader in device security, Rambus is uniquely qualified to provide anti-tamper solutions for the most stringent requirements. Rambus technologies protect more than 9 billion chips per year, and as a US-based, independent company, Rambus has the experience and pedigree to be the solution provider of choice. Rambus has for more than 20 years supplied solutions for government and defense applications, including anti-tamper cores, software libraries, and testing workstations.

Introduction to Side-Channel Attacks

Side-channel attacks, including simple power analysis and differential power analysis, conducted against electronic gear are relatively simple and inexpensive to execute. An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Solution Offerings

Features

Deliverables

Secure Applications

Features

Deliverables

Secure Applications

Secure Application	Description
Linux Secure Boot	Implements secure boot for Linux OS, secured by the Root of Trust co-processor
Linux Secure FOTA	Implements secure Firmware Over the Air (FOTA) updates for Linux OS
ASIC Secure Boot	Uses the Root of Trust co-processor to assist in the secure boot process of ASICs and FPGAs
Secure Data Storage	Uses the Root of Trust co-processor to protect user credentials or biometric templates
Open SSL Hardening	Hardens the OpenSSL crypto operations via the Root of Trust secure co-processor
Reference HSM	Implements a basic HSM supporting AES, HMAC, SHA256, ECDSA, X.509 certificates and secure storage
Unique ID Generator	Creates a Root of Trust unique ID and stores it in the Root of Trust NVM (Non Volatile Memory)