Inside Secure Root-of-Trust solution provides the hardware trust anchor, the cryptographic functions, the key management and derivation services, the APIs and the off-chip tools to secure the SoC and the ecosystem it belongs to.
It provides the device with the capability to securely:
- boot and manage software update
- execute software and applications
- control test and debug enablement
- protect data at rest
- authenticate and be authenticated
The Root-of-Trust Engine is the ideal component to create an embedded HSM for IoT, automotive, datacenter and governmental applications within an optimized silicon footprint and power envelope.
2 scalable solutions
Root-of-Trust Engine and Programmable Root-of-Trust Engine
The Root-of-Trust Engine provides a rich set of symmetric, asymmetric, hashing and true random number generation (TRNG) services to the OS and applications running on the SoC. Its Secure Asset Store controls the use of keys and enforces authorization policies by identifying service requesters through a combination of hardware signaling and software identity. It gives developers peace of mind that secret data can never be visible to the OS or applications and that sensitive assets can never be extracted off-chip.
Secure Boot and software update
Inside Secure Root-of-Trust Secure Boot Toolkit provides developers with the essential components for securing the SoC boot sequence. The signing tool formats and adds protection layers to the executables to ensure their integrity, authenticity and confidentiality. It ultimately generates the protected images. Developers integrate the Boot Library into the SoC boot loader, optionally adding anti-cloning and anti-rollback protections.
Differentiate through security and reduce your time to market
Inside Secure customers can apply for incremental revalidation of their chip. While full FIPS-140-2 Level 2 validation typically takes a year to achieve, revalidation using the initial validation as a base allows for process efficiencies by both the laboratory and NIST, and significantly reduces the time and cost.
While consumer IoT, automotive, data centers, smart metering and other applications have all different set of requirements and because one size does not fit all, Inside Secure Root-of-Trust Engine is available in a wide range of configurations allowing for size-feature-performance trade-offs. For instance, Chacha20 and Poly1305 support be added on top of the commonly used AES and SHA2 algorithms. Bus interfaces can also be interchanged for a smooth integration into the SoC architecture.
Built-in provisioning and device lifecycle
Securing devices requires SoCs to be provisioned with assets such as unique identifiers, keys or certificates. This can be achieved at various stages in the device lifecycle: during the chip manufacturing, the device integration or in the field, and may be a multi-stop process. Inside Secure Root-of-Trust Engine provides built-in capabilities that facilitates the implementation of a secure provisioning scheme with policies configurable based on the device lifecycle.
Beyond software attacks, connected devices may be subject to side channel attacks that exploit the power or electromagnetic signature generated by the cryptographic operations to extract key values. Furthermore, semi-invasive or invasive attacks can attempt to compromise the device behavior and secrets.