Home > Security IP > Root of Trust Solutions
To provide a hardware-based foundation for security, Rambus offers a broad range of robust Root of Trust and eHSM solutions, ranging from programmable security co-processors with features such as Quantum Safe Cryptography (QSC) to highly compact, firmware-controlled designs. The Rambus CryptoManager™ IP family is ideal for integration in complex gateways and cloud applications where multiple hosts need to access and leverage services provided by the root of trust. The Rambus RT-100 Root of Trust IP family targets secure IoT and MCU designs, and the CryptoCell™ family targets Arm TrustZone® architectures requiring hardware acceleration.
Rambus offers a dedicated security and root of trust IP solution for virtually any application, including data centers, AI/ML processing, automotive, and Internet of Things (IoT) devices.
CryptoManager Root of Trust
RT-6xx/16xx
RISC-V Programmable
CryptoManager Hub
CH-6xx
Classic & Quantum Crypto
CryptoManager Core
CC-6xx
Symmetric Crypto
CryptoManager eHSM
RT-7xx
RISC-V Programmable
CryptoManager Hub
CH-7xx
Classic & Quantum Crypto
CryptoManager Core
CC-7xx
Symmetric Crypto
The CryptoManager RT-6xx v3 Root of Trust (CMRT) family from Rambus is the latest generation of fully programmable FIPS 140-3 compliant hardware security cores offering Quantum Safe security by design for data center and other highly secure applications. The RT-6xx allows customers to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all RT-6xx/16xx | Rambus secure RISC-V processor, NIST CMVP compliant (incl dedicated certified SKU), SESIP/PSA certified, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. FIPS 140-3/SESIP/PSA RoT. Secure Boot, Debug, FOTA. Secure, firewalled, in-core processing. Multi-layered security model. Secure lifecycle management. Secure data store. Secure provisioning. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS. |
CryptoManager Hub (CMH) from Rambus is the next generation of flexible and configurable cryptographic family of accelerator cores. CMH CH-6xx designs target embedding in customer or Rambus provided Root of Trust security modules. The CMH products address markets where customers do not need a full-fledged Root of Trust or have their own Root of Trust solution but still require state-of-the-art advanced crypto cores running behind one dedicated bus. Ideal for power and space-sensitive applications like secure MCU, IoT server, gateway and edge devices, these accelerators are the most versatile, complete crypto solutions offering the best balance of size and performance available on the market.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all CH-6xx | NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG behind a highly efficient multi-channel DMA based AMBA interface. Supports FIPS 140-3/SESIP/PSA RoT. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS. |
The automotive-grade CryptoManager RT-7xx v3 Root of Trust family from Rambus is the next generation of fully programmable ISO 26262 and ISO 21434 compliant hardware security modules offering Quantum Safe security by design for secure automotive applications supporting AutoSAR, EVITA full and SHE+. The RT-7xx allows customers users to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels. The RT-76xD is industry’s first ASIL-HSM. The first-generation RT-640 with its ISO 26262 ASIL-B certificate is also part of this family.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all RT-7xx/RT-64x | Automotive grade HSM. Rambus secure RISC-V processor, NIST CMVP compliant, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. ISO 21434/26262 HSM. Secure Boot, Debug, FOTA. Secure, firewalled, in-core processing. Multi-layered security model. Secure lifecycle management. Secure data store. Secure provisioning. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS. |
Features | RT-640 v1.x | RT-641 v1.x | RT-730B | RT-731B | RT-734B | RT-760D | RT-761D | RT-764D |
---|---|---|---|---|---|---|---|---|
Baseline | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
OSCCA SM2/3/4 | ✔ | ✔ | ||||||
Full Quantum Safe Boot & Crypto | ✔ | ✔ | ||||||
SCA (DPA & FIA) | ✔ | ✔ | ✔ | |||||
SCA SW | ✔ |
Automotive Grade | RT-640 v1.x | RT-641 v1.x | RT-730B | RT-731B | RT-734B | RT-760D | RT-761D | RT-764D |
---|---|---|---|---|---|---|---|---|
ISO 21434 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
ASIL-D process | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ||
ASIL-B FuSa | ✔ | ✔ | ✔ | ✔ | ✔ | |||
ASIL-D FuSa | ✔ | ✔ | ✔ | ✔ | ✔ |
The automotive-grade CryptoManager Hub (CMH) from Rambus is the next-generation of flexible and configurable cryptographic family of accelerator cores. The CMH CH-7xx designs target embedding in customer or Rambus provided HSM security modules. Ideal for power and space-sensitive automotive applications like central gateways, ADAS/AD compute, AI edge sensors, these accelerators are the most versatile, complete crypto solutions offering the best balance of size and performance available on the market.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all CH-7xx | Automotive grade Crypto Module. NIST CMVP compliant, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. Supports ISO 21434/26262 and implements ASIL-B or ASIL-D safety logic. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS. |
CryptoManager Core (CMC) from Rambus is a standalone symmetric cipher-only subsystem from the CMH. The CMC products are designed to address use cases needing a collection of symmetric ciphers bundled behind an AMBA based multi-channel DMA capable interface. The automotive-grade CryptoManager CC-7xx versions support Supports ISO 21434/26262 and implements ASIL-B or ASIL-D safety logic.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all CH-6xx | NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3) standard or with DPA/FIA protection and optional ciphers/hash (SM4, SM3, ChaCha20, Poly1305) behind a highly efficient multi-channel DMA based AMBA interface. |
Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-200 Root of Trust families (formerly VaultIP) include SESIP and PSA certified, FIPS 140-2 and FIPS 140-3 certified hardware security modules that guard the most sensitive assets on chips and establish the foundation for platform security.
Featuring a firmware-controlled architecture with dedicated secure memories, the RT-100/200 families provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. Ideal for power and space-sensitive applications like Secure MCUs, IoT servers, gateways and edge devices, the RT-100/200 families offer the best balance of size and performance available on the market.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all RT-1xx/2xx | NIST CMVP certified/compliant, SESIP/PSA certified, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG. Secure Boot, Secure Debug, Secure Asset Store. |
Designed to be integrated in Arm TrustZone-based power and space-constrained SoCs or FPGAs, the CC-312, CC-712, and CC-713 Root of Trust solutions (formerly Arm CryptoCell) are FIPS 140-3 certifiable hardware security modules that establish the foundation for the Arm Platform Security Architecture (PSA). The CC-312 targets integration on Cortex-M platforms running embedTLS, and the CC-71x targets integration on Cortex-A platforms running Linux or OP-TEE.
Product | Product Configurations and Cryptographic Accelerators Supported |
---|---|
Baseline for all CC-312/71x | NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, RSA, ECC). Secure Boot, Secure Debug, Secure Key Derive. |
This latest generation of the Rambus RT-600 Root of Trust IP offers many new features designed to support the security needs of customers today and into the future. These features include Quantum Safe Cryptography, Caliptra Root of Trust for Measurement (RoTM) emulation, an embedded physical unclonable function (PUF), as well as many architectural improvements, such as larger memory space and 64-bit addressing support.