Root of Trust and Root of Security IP

Protecting data at rest

Protecting Data at Rest with Rambus Root of Trust and Root of Security IP

To provide a hardware-based foundation for security, Rambus offers a broad range of robust Root of Trust and eHSM solutions, ranging from programmable security co-processors with features such as Quantum Safe Cryptography (QSC) to highly compact, firmware-controlled designs. The Rambus CryptoManager™ IP family is ideal for integration in complex gateways and cloud applications where multiple hosts need to access and leverage services provided by the root of trust. The Rambus RT-100 Root of Trust IP family targets secure IoT and MCU designs, and the CryptoCell™ family targets Arm TrustZone® architectures requiring hardware acceleration.

Rambus offers a dedicated security and root of trust IP solution for virtually any application, including data centers, AI/ML processing, automotive, and Internet of Things (IoT) devices.

Explore Rambus Root of Trust and Root of Security IP Products
Root of Trust Solutions for Data Center / AI / SoC / Government

CryptoManager Root of Trust
RT-6xx/16xx
RISC-V Programmable

CryptoManager Hub
CH-6xx
Classic & Quantum Crypto

CryptoManager Core
CC-6xx
Symmetric Crypto

Root of Trust Solutions for Automotive

CryptoManager eHSM
RT-7xx
RISC-V Programmable

CryptoManager Hub
CH-7xx
Classic & Quantum Crypto

CryptoManager Core
CC-7xx
Symmetric Crypto

Root of Trust Solutions for IoT

RT-100/200
RT-13x/260
Lightweight IoT

CryptoCell
CC-312/712
TrustZone / IoT

CryptoManager Root of Trust RT-6xx/16xx

The CryptoManager RT-6xx v3 Root of Trust (CMRT) family from Rambus is the latest generation of fully programmable FIPS 140-3 compliant hardware security cores offering Quantum Safe security by design for data center and other highly secure applications. The RT-6xx allows customers to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels.

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for all RT-6xx/16xxRambus secure RISC-V processor, NIST CMVP compliant (incl dedicated certified SKU), SESIP/PSA certified, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. FIPS 140-3/SESIP/PSA RoT. Secure Boot, Debug, FOTA. Secure, firewalled, in-core processing. Multi-layered security model. Secure lifecycle management. Secure data store. Secure provisioning. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS.
FeaturesRT-630RT-631RT-634RT-635RT-639RT-660RT-661RT-664RT-669RT-1664
Baseline
OSCCA SM2/3/4       
Full Quantum Safe Boot & Crypto    
CaliptraTM        
      
Target SegmentRT-630RT-631RT-634RT-635RT-639RT-660RT-661RT-664RT-669RT-1664
SoC 
Data Center     
AI Edge      
Government       

CryptoManager Hub CH-6xx

CryptoManager Hub (CMH) from Rambus is the next generation of flexible and configurable cryptographic family of accelerator cores. CMH CH-6xx designs target embedding in customer or Rambus provided Root of Trust security modules. The CMH products address markets where customers do not need a full-fledged Root of Trust or have their own Root of Trust solution but still require state-of-the-art advanced crypto cores running behind one dedicated bus. Ideal for power and space-sensitive applications like secure MCU, IoT server, gateway and edge devices, these accelerators are the most versatile, complete crypto solutions offering the best balance of size and performance available on the market.

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for all CH-6xxNIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG behind a highly efficient multi-channel DMA based AMBA interface. Supports FIPS 140-3/SESIP/PSA RoT. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS.
FeaturesCH-630CH-631CH-634CH-635CH-660CH-661CH-664
Baseline
OSCCA SM2/3/4    
Full Quantum Safe Boot & Crypto    
Caliptra       
SCA (DPA & FIA)    
Target SegmentCH-630CH-631CH-634CH-635CH-660CH-661CH-664
SoC
Data Center    
AI Edge   
Government     

Automotive-grade CryptoManager HSM RT-7xx/RT-64x

The automotive-grade CryptoManager RT-7xx v3 Root of Trust family from Rambus is the next generation of fully programmable ISO 26262 and ISO 21434 compliant hardware security modules offering Quantum Safe security by design for secure automotive applications supporting AutoSAR, EVITA full and SHE+. The RT-7xx allows customers users to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels. The RT-76xD is industry’s first ASIL-HSM. The first-generation RT-640 with its ISO 26262 ASIL-B certificate is also part of this family.

Product Product Configurations and Cryptographic Accelerators Supported
Baseline for all RT-7xx/RT-64x Automotive grade HSM. Rambus secure RISC-V processor, NIST CMVP compliant, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. ISO 21434/26262 HSM. Secure Boot, Debug, FOTA. Secure, firewalled, in-core processing. Multi-layered security model. Secure lifecycle management. Secure data store. Secure provisioning. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS.
Features RT-640 v1.x RT-641 v1.x RT-730B RT-731B RT-734B RT-760D RT-761D RT-764D
Baseline
OSCCA SM2/3/4
Full Quantum Safe Boot & Crypto
SCA (DPA & FIA)
SCA SW
Automotive Grade RT-640 v1.x RT-641 v1.x RT-730B RT-731B RT-734B RT-760D RT-761D RT-764D
ISO 21434
ASIL-D process
ASIL-B FuSa
ASIL-D FuSa

Automotive-grade CryptoManager Hub CH-7xx

The automotive-grade CryptoManager Hub (CMH) from Rambus is the next-generation of flexible and configurable cryptographic family of accelerator cores. The CMH CH-7xx designs target embedding in customer or Rambus provided HSM security modules. Ideal for power and space-sensitive automotive applications like central gateways, ADAS/AD compute, AI edge sensors, these accelerators are the most versatile, complete crypto solutions offering the best balance of size and performance available on the market.

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for
all CH-7xx
Automotive grade Crypto Module. NIST CMVP compliant, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG, classic and LMS and XMSS boot flow. Supports ISO 21434/26262 and implements ASIL-B or ASIL-D safety logic. Select Quantum Safe SKUs provide a full quantum safe boot flow, and supports ML-KEM, ML-DSA, SLH-DSA, LMA, XMSS.
FeaturesCH-730BCH-731BCH-734BCH-760DCH-761DCH-764D
Baseline
OSCCA SM2/3/4    
Full Quantum Safe Boot & Crypto    
SCA (DPA & FIA)   
Automotive GradeCH-730BCH-731BCH-734BCH-760DCH-761DCH-764D
ISO 21434
ASIL-D process
ASIL-B FuSa   
ASIL-D FuSa   

CryptoManager Core CC-6xx and Automotive grade CC-7xx

CryptoManager Core (CMC) from Rambus is a standalone symmetric cipher-only subsystem from the CMH. The CMC products are designed to address use cases needing a collection of symmetric ciphers bundled behind an AMBA based multi-channel DMA capable interface. The automotive-grade CryptoManager CC-7xx versions support Supports ISO 21434/26262 and implements ASIL-B or ASIL-D safety logic.

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for
all CH-6xx
NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3) standard or with DPA/FIA protection and optional ciphers/hash (SM4, SM3, ChaCha20, Poly1305) behind a highly efficient multi-channel DMA based AMBA interface.
FeaturesCC-630CC-631CC-730BCC-731BCC-660CC-661CC-760DCC-764D
Baseline
OSCCA SM2/3/4      
SCA (DPA & FIA)      
Automotive Grade                            CC-730BCC-731B                            CC-760DCC-764D
ISO 21434    
ASIL-D process    
ASIL-B FuSa      
ASIL-D FuSa      

RT-100/200 Firmware Controlled Root of Trust for IoT

Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-200 Root of Trust families (formerly VaultIP) include SESIP and PSA certified, FIPS 140-2 and FIPS 140-3 certified hardware security modules that guard the most sensitive assets on chips and establish the foundation for platform security.

Featuring a firmware-controlled architecture with dedicated secure memories, the RT-100/200 families provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. Ideal for power and space-sensitive applications like Secure MCUs, IoT servers, gateways and edge devices, the RT-100/200 families offer the best balance of size and performance available on the market.

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for
all RT-1xx/2xx
NIST CMVP certified/compliant, SESIP/PSA certified, NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, SHA-3, RSA, ECC), a NIST certified TRNG. Secure Boot, Secure Debug, Secure Asset Store.
FeaturesRT-120RT-121RT-130RT-131RT-260
Baseline
AES-XTS  
SHA-512 & SHA-3  
OSCCA SM2/3/4   
SCA (DPA)    
Target SegmentRT-120RT-121RT-130RT-131RT-260
IoT Sensor  
IoT Gateway  
China   
Secure MCU    

CryptoCell Root of Trust IP

Designed to be integrated in Arm TrustZone-based power and space-constrained SoCs or FPGAs, the CC-312, CC-712, and CC-713 Root of Trust solutions (formerly Arm CryptoCell) are FIPS 140-3 certifiable hardware security modules that establish the foundation for the Arm Platform Security Architecture (PSA). The CC-312 targets integration on Cortex-M platforms running embedTLS, and the CC-71x targets integration on Cortex-A platforms running Linux or OP-TEE. 

ProductProduct Configurations and Cryptographic Accelerators Supported
Baseline for
all CC-312/71x
NIST CAVP hardware classic cryptographic accelerators (AES, SHA-2, RSA, ECC). Secure Boot, Secure Debug, Secure Key Derive.
FeaturesCC-312CC-712CC-713
Baseline
AES-GCM/AES-XTS 
OSCCA SM2/3/4  
Target SegmentCC-312CC-712CC-713
IoT Sensor
IoT Gateway 
Cortex-M  
Cortex-A 

RT-600 Root of Trust Series A New Generation of Security Anchored in Hardware

Download RT-600 Root of Trust Series: A New Generation of Security Anchored in Hardware

This latest generation of the Rambus RT-600 Root of Trust IP offers many new features designed to support the security needs of customers today and into the future. These features include Quantum Safe Cryptography, Caliptra Root of Trust for Measurement (RoTM) emulation, an embedded physical unclonable function (PUF), as well as many architectural improvements, such as larger memory space and 64-bit addressing support.

Rambus logo