Rambus Expands Family of CryptoManager Root of Trust Secure Silicon IP Cores
December 13th, 2019 – Rambus Inc. announced the expansion of the CryptoManager Root of Trust family of products, a series of fully programmable, hardware-level secure silicon IP cores to address the security needs of applications including IoT, AI, ML, cloud, government, military and automotive. CryptoManager cores employ a siloed architecture. They isolate and secure sensitive code, processes, and algorithms from the main processor cores. This mitigates the risk of critical vulnerabilities like the Meltdown and Spectre security flaws. The CryptoManager Root of Trust is purpose-built for security — it features tailored configurations that allow chip designers to optimize main processors for high performance, while relying on the root of trust to perform security processes.
“Security is a mission critical imperative for SoC designs serving virtually every application space,” said Neeraj Paliwal, vice president of products, cryptography at Rambus. “The Rambus CryptoManager Root of Trust family offers tailored secure silicon IP solutions which chip architects can incorporate to meet the specific security needs of their designs.”
Offering a full array of security services, the CryptoManager Root of Trust enables secure boot and runtime integrity checking, remote authentication and attestation, and hardware acceleration for symmetric and asymmetric cryptographic algorithms. Featuring a layered security model, Federal Information Processing Standards (FIPS) 140-2 certified crypto accelerators, and multiple roots of trust to support independent privilege levels, the CryptoManager Root of Trust serves a wide range of applications.
The CryptoManager Root of Trust creates a foundation for Rambus’ comprehensive CryptoManager suite of solutions, including the CryptoManager Infrastructure for secure provisioning.
CryptoManager Root of Trust Technical Details
Within the product family, seven standard configurations address the specific security requirements and certification standards of different end markets. The RT-730 automotive design offers an ISO-26262-2018 ASIL-D-ready implementation, targeting vehicle-to-vehicle and vehicle-to-infrastructure (V2X), advanced driver-assistance systems (ADAS), and infotainment uses. For cloud, AI and ML accelerator chips, the RT-630 helps secure valuable training models, and training and inference data. For government-focused chip designs, the RT-650 offers a design that targets FIPS 140-2 Cryptographic Module Validation Program (CMVP) certification with Suite B accelerators. The RT-660 extends the functionality of RT-650 with the addition of Differential Power Analysis resistant cryptographic cores.
The CryptoManager Root of Trust family of products offers an end-to-end security implementation, comprised of a fully synthesizable IP core that anchors trust in silicon. It includes state-of-the-art crypto accelerators, security firewalls, an entropy source, secure key generation and derivation, secure one-time programmable (OTP) memory management, and a complete secure embedded firmware stack. The secure firmware stack offers secure boot for the root of trust as well as the SoC CPU(s), communicating securely with the SoC stack and running signed secure applications on the root of trust’s CPU. A reference SDK allows integrators to build secure boot, secure firmware updates and secure applications, with provided examples and references. Available evaluation boards and QEMU allow chip designers to easily evaluate the CryptoManager Root of Trust and secure applications.