Home > Security IP > Root of Trust Solutions
Providing a hardware-based foundation for security, Rambus offers a portfolio of robust Root of Trust eHSM solutions, ranging from feature-rich programmable security co-processors with Quantum Safe Cryptography and side-channel attack (SCA) protection to highly compact, firmware-controlled designs. With a breadth of solutions applicable from the data center to Internet of Things (IoT) devices, Rambus has a Root of Trust IP solution for almost every application.
Solution | Product Brief | Applications |
---|---|---|
RT-630 | Semiconductor, cloud and edge AI security | |
RT-631 | Semiconductor, cloud and edge AI security, requiring Chinese Cryptography | |
RT-632 | Semiconductor, cloud and edge AI security, requiring IoT Cryptography | |
RT-634 | Semiconductor, cloud and edge AI security, requiring Quantum Safe Cryptography | |
RT-640 | Automotive ISO-26262 ASIL-B embedded Hardware Security Module | |
RT-641 | Automotive ISO-26262 ASIL-B embedded Hardware Security Module requiring Chinese Cryptography | |
RT-650 | Highly-secure government applications requiring DPA resistance | |
RT-651 | Highly-secure applications requiring DPA resistance with Chinese encryption | |
RT-654 | Highly-secure government applications requiring DPA resistance with Quantum Safe Cryptography | |
RT-660 | Data center and highly-secure applications requiring DPA & FIA resistance | |
RT-661 | Data center and highly-secure applications requiring DPA & FIA resistance with Chinese Cryptography | |
RT-664 | Data center and highly-secure applications requiring DPA & FIA resistance with Quantum Safe Cryptography | |
RT-700 | Automotive ISO-26262 ASIL-D embedded Hardware Security Module | |
RT-1660 | Highly-secure defense applications requiring DPA & FIA resistance | |
RT-630-FPGA | FPGA-specific implementation of the RT-630 | |
RT-660-FPGA | FPGA-specific implementation of the RT-660 | |
RT-600 SDK | SDK for RT-6xx secure application development |
The Rambus Root of Trust RT-600 family of fully programmable FIPS 140-3 compliant hardware security cores offers security by design for data center, AI/ML, automotive, government, defense, as well as general purpose semiconductor applications. The RT-600 family protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques, as well as Quantum Safe Cryptography to protect hardware and data in the quantum computing era.
Feature | Description | RT-63x | RT-64x | RT-65x | RT-66x | RT-1660 |
---|---|---|---|---|---|---|
Application Focus | Example Applications | Data Center/AI/ML | Automotive | Government | Highly Secure Applications | Defense |
FIPS 140-3 | NIST CAVP Compliant | ✔ | ✔ | ✔ | ✔ | ✔ |
FIPS 140-3 | NIST CMVP Compliant | ✔ | ✔ | ✔ | ✔ | ✔ |
FIPS 140-3 | NIST CMVP Certified | — | — | — | ✔ | — |
FIPS 140-2 | NIST CMVP Certified | ✔ | — | — | — | |
DPA | DPA Resistance | RSA/ECC | RSA/ECC | ✔ | ✔ | ✔ |
FIA | FIA Resistance | — | — | — | ✔ | ✔ |
Automotive | ISO26262 ASIL Level | — | RT-640 & RT-641: ASIL-B RT-645: ASIL-D | — | — | — |
Key Derive | Secure Key Derivation | ✔ | ✔ | ✔ | ✔ | ✔ |
Key Agreement | ECDH, DH | ✔ | ✔ | ✔ | ✔ | ✔ |
Key Transport | Key Wrap Mechanisms | ✔ | ✔ | ✔ | ✔ | ✔ |
Roots | Multiple Roots/Key Splits | 4/8 | 4/8 | 8/8 | 8/8 | 8/8 |
Caliptra RoTM | With DICE and X.509 Support | Optional | — | Optional | Optional | — |
Secure Boot | Secure Boot Assist P-512 | ✔ | P-256 | ✔ | ✔ | ✔ |
Secure Debug | Secure Debug P-512 | ✔ | P-256 | ✔ | ✔ | ✔ |
Secure Lifecycle | Lifecycle Stage Management | ✔ | ✔ | ✔ | ✔ | ✔ |
Secure Feature | Feature and SKU Management | ✔ | ✔ | ✔ | ✔ | ✔ |
Secure Data Store | Secure Data Store | ✔ | — | ✔ | ✔ | — |
Anti Tamper | Power and Clock Glitch Monitor | ✔ | ✔ | ✔ | ✔ | ✔ |
Memory ECC | Memory Error Correction | ✔ | ✔ | ✔ | ✔ | ✔ |
Quantum Safe Crypto | CRYSTALS-Kyber/-Dilithium XMSS/LMS Stateful Hash Signature | RT-634 only | — | RT-654 only | RT-664 only | — |
Quantum Safe Crypto | XMSS/LMS Stateful Hash Signature | Optional for RT-630 | — | Optional for RT-650 | Optional for RT-660 | — |
Performance | Crypto & Hash Performance Gbps | 6 | 6 | 3 | 6 | 6 |
I/O bus | AXI or AHB AMBA Interface | ✔ | ✔ | ✔ | ✔ | ✔ |
OTP | APB OTP Management Interface | ✔ | ✔ | ✔ | ✔ | ✔ |
PUF | PUF Interface | ✔ | ✔ | ✔ | ✔ | ✔ |
DPA | RSA & ECC DPA Resistances | ✔ | ✔ | ✔ | ✔ | ✔ |
DPA | AES DPA Resistance | — | — | ✔ | ✔ | ✔ |
DPA | HMAC-SHA-2 DPA Resistance | — | — | — | ✔ | ✔ |
FIA | RSA & ECC & AES FIA Resistance | — | — | — | ✔ | ✔ |
TRNG | True Random Number Generator SP800-90A/B/C | ✔ | ✔ | ✔ | ✔ | ✔ |
RSA | HW Accelerators 4K (up to 8K) | ✔ | ✔ | ✔ | ✔ | ✔ |
ECC | HW Accelerators 521 | ✔ | ✔ | ✔ | ✔ | ✔ |
ECC Curves | NIST-Brainpool-(Ed)25519-(Ed)448 | ✔ | ✔ | ✔ | ✔ | ✔ |
AES | HW Accelerators | ✔ | ✔ | ✔ | ✔ | ✔ |
AES | CBC-CTR-CCM-CMAC-CFB-OFB GCM-GMAC Mode | ✔ | ✔ | ✔ | ✔ | ✔ |
AES | XTS Mode | ✔ | — | ✔ | ✔ | ✔ |
SM2-3-4 | HW Accelerators | — | — | — | — | — |
SHA-2 | (HMAC-)SHA-2 Accelerators | ✔ | ✔ | ✔ | ✔ | ✔ |
SHA-2 | (HMAC-)SHA-2 Max Mode | 512 | 512 | 512 | 512 | 512 |
SHA-3 | (HMAC-)SHA-3 Accelerators | ✔ | — | ✔ | ✔ | ✔ |
SHA-3 | (HMAC-)SHA-3 Max Mode | 512 | 512 | 512 | 512 | 512 |
CPP | ChaCha Poly Accelerators | RT-632 only | — | Optional | RT-662 only | — |
Whirlpool | HW Accelerators | — | Optional | — | — | Optional |
3DES | HW Accelerators | — | — | — | — | Optional |
Designed to be integrated in Arm TrustZone-based power and space-constrained SoCs or FPGAs, the CC-312, CC-712, and CC-713 Root of Trust solutions (formerly Arm CryptoCell) are FIPS 140-3 certifiable hardware security modules that establish the foundation for the Arm Platform Security Architecture (PSA). The CC-312 targets integration on Cortex-M platforms running embedTLS, and the CC-71x targets integration on Cortex-A platforms running Linux or OP-TEE.
The CryptoIsland CI-300P-C (formerly Arm CryptoIsland) is a secure programmable Root of Trust targeting Secure Element designs for iSIM, payment, DRM, and 5G modems. It is comprised of an embedded Cortex-M0+ processor and a tailored CryptoCell engine. The CryptoIsland is suitable for designs that target evaluation against Common Criteria PP-0084 or PP-0117.
Feature | Description | CC-312 | CC-712 | CC-713 | CI-300P-C |
---|---|---|---|---|---|
Application Focus | Example Applications | IoT Sensor | IoT Gateway | IoT Gateway (CN) | Secure MCU |
FIPS 140 140-2 | NIST CAVP Compliant | ✔ | ✔ | ✔ | ✔ |
FIPS 140 140-2 | NIST CMVP Compliant | ✔ | ✔ | ✔ | |
Common Criteria | CC EAL4+ PP-0084 / PP0117 | — | — | — | ✔ |
DPA | RSA & ECC & AES DPA Resistance | — | — | — | ✔ |
Key Derive | Secure Key Derivation | ✔ | ✔ | ✔ | ✔ |
Key Agreement | ECDH, DH | ✔ | ✔ | ✔ | ✔ |
Roots | Multiple Roots/Key Splits | 2 | 2 | 2 | 1 |
Secure Boot | Secure Boot Verify RSA3K P256 | ✔ | ✔ | ✔ | ✔ |
Secure Boot | Secure Boot Verify ECDSA P-384/P-512 | — | ✔ | ✔ | — |
Secure Debug | Secure Debug | ✔ | ✔ | ✔ | ✔ |
TRNG | True Random Number Generator SP800-90A/B/C | ✔ | ✔ | ✔ | ✔ |
RSA-ECC | HW Accelerators | ✔ | ✔ | ✔ | ✔ |
AES | HW Accelerators | ✔ | ✔ | ✔ | ✔ |
AES | CBC-CTR-CCM-CMAC Mode | ✔ | ✔ | ✔ | ✔ |
AES | GCM-GMAC Mode | Optional | ✔ | ✔ | — |
AES | XTS Mode | — | ✔ | ✔ | — |
SM2-3-4 | HW Accelerators | — | — | ✔ | — |
SHA-2 | (HMAC-)SHA-2 Accelerators | ✔ | ✔ | ✔ | ✔ |
SHA-2 | (HMAC-)SHA-2 Max Mode | 512 | 512 | 512 | 512 |
SHA-3 | (HMAC-)SHA-3 Accelerators | — | — | — | — |
SHA-3 | (HMAC-)SHA-3 Max Mode | — | — | — | — |
CPP | ChaCha Poly Accelerators | Optional | — | — | — |
ARIA | HW Accelerators | — | — | — | — |
3DES | HW Accelerators | — | Optional | Optional | — |
Performance | Crypto & Hash Performance Gbps | 1 | 2 | 2 | 1 |
I/O Bus | AXI or AHB AMBA Interface | ✔ | ✔ | ✔ | ✔ |
OTP | TCM OTP Management Interface | ✔ | ✔ | ✔ | ✔ |
Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-200 Root of Trust families (formerly VaultIP) include SESIP and PSA certified, FIPS 140-2 certified, and FIPS 140-3 compliant hardware security modules that guard the most sensitive assets on chips and establish the foundation for platform security.
Featuring a firmware-controlled architecture with dedicated secure memories, the RT-100/200 families provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. Ideal for power and space-sensitive applications like Secure MCUs, IoT servers, gateways and edge devices, the RT-100/200 families offer the best balance of size and performance available on the market.
Feature | Description | RT-120 | RT-130 | RT-131 | RT-260 |
---|---|---|---|---|---|
Application Focus | Example Applications | IoT Sensor | IoT Gateway | IoT Gateway (CN) | Secure MCU |
FIPS 140-3 | NIST CAVP Compliant | ✔ | ✔ | ✔ | ✔ |
FIPS 140-3 | NIST CMVP Compliant | ✔ | ✔ | ✔ | ✔ |
FIPS 140-2 | NIST CAVP and CMVP Certified | — | ✔ | — | — |
SESIP | Level 2 Certified | — | ✔ | — | — |
PSA | Certified Level 2 RoT Component | — | ✔ | — | — |
DPA | RSA & ECC & AES DPA Resistance | — | — | — | ✔ |
Key Derive | Secure Key Derivation | ✔ | ✔ | ✔ | ✔ |
Key Agreement | ECDH, DH | ✔ | ✔ | ✔ | ✔ |
Key Transport | Key Wrap Mechanisms | ✔ | ✔ | ✔ | ✔ |
Roots | Multiple Roots/Key Splits | 1 | 1 | 1 | 1 |
Secure Boot | Secure Boot Assist P-256 | ✔ | ✔ | ✔ | ✔ |
Secure Debug | Secure Debug P-256 | ✔ | ✔ | ✔ | ✔ |
TRNG | True Random Number Generator SP800-90A/B/C | ✔ | ✔ | ✔ | ✔ |
RSA-ECC | HW Accelerators | ✔ | ✔ | ✔ | ✔ |
AES | HW Accelerators | ✔ | ✔ | ✔ | ✔ |
AES | CBC-CTR-CCM-CMAC Mode | ✔ | ✔ | ✔ | ✔ |
AES | GCM-GMAC-XTS Mode | — | ✔ | ✔ | ✔ |
SM2-3-4 | HW Accelerators | — | — | ✔ | — |
SHA-2 | (HMAC-)SHA-2 Accelerators | ✔ | ✔ | ✔ | ✔ |
SHA-2 | (HMAC-)SHA-2 Max Mode | 256 | 512 | 512 | 512 |
SHA-3 | (HMAC-)SHA-3 Accelerators | — | Optional | Optional | Optional |
SHA-3 | (HMAC-)SHA-3 Max Mode | — | 512 | 512 | 512 |
CPP | ChaCha Poly Accelerators | — | Optional | Optional | — |
ARIA | HW Accelerators | — | Optional | Optional | — |
3DES | HW Accelerators | — | Optional | Optional | — |
Performance | Crypto & Hash Performance Gbps | 1 | 2 | 2 | 2 |
I/O Bus | AXI or AHB AMBA Interface | ✔ | ✔ | ✔ | ✔ |
OTP | TCM OTP Management Interface | ✔ | ✔ | ✔ | ✔ |
This latest generation of the Rambus RT-600 Root of Trust IP offers many new features designed to support the security needs of customers today and into the future. These features include Quantum Safe Cryptography, Caliptra Root of Trust for Measurement (RoTM) emulation, an embedded physical unclonable function (PUF), as well as many architectural improvements, such as larger memory space and 64-bit addressing support.