At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
1G to 50G Single-Port MACsec Engine with xMII interface and TSN support
The MACsec-IP-361 is a plug-and-play solution for adding MACsec on the xMII side of an Ethernet subsystem. It is ISO 26262 ASIL-B Ready certified and ideally positioned for designs where the MAC function is tightly integrated with the system-side, for example DMA-MAC Ethernet controllers or switch core IP with integrated MAC modules.
With the MACsec-IP-361, silicon vendors can add line-rate MACsec function using the industry-standard interfaces and achieve seamless operation with an existing Ethernet controller subsystem.
Contact
Product Brief
Security CertificationsMACsec solution for integration between MAC and PCS side supporting 1GbE to 50GbE rates with optional TSN support (including IEEE803.2br).
For MACsec function integrates the MACsec-IP-161 with all IEEE MACsec standards supported. Optional Cisco ClearTags.
Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management
How the MACsec-IP-361 Works
The MACsec-IP-361 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments (if preemption support is included). It contains a flexible classifier with a table of programmable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.
The MACsec-IP-361 engine operates as a fixed delay component at the xMII side, preserving accuracy of PTP timestamping and TSN scheduling created by the TSN MAC subsystem. Its operation is transparent for non-packet related information that is sent over the xMII bus.
The target integration would be instantiating the MACsec-IP-361 between an Ethernet MAC and a PCS. The PCS function may reside in a different device, for example, in the PHY. For egress direction, the MAC must be programmed to reserve space for MACsec expansion for example by stretching the IPG or managing the packet rate accordingly.
Securing Automotive Ethernet with MACsec Silicon IP
Solution Offerings
Packet Interface
- 10M/100M: MII
- 1G/2.5G: GMII
- Optional 10G/25G: XGMII
- Optional support for IEEE802.3br
- Separate Rx and Tx clocks
- Fixed low-latency operation
SA and Classification Scaling
- SA (16 to 512)
- TCAM rules (16 to 512)
Control Interface
- APB (asynchronous, 32-bit)
- Interrupts
Default Protocol Support
- Full IEEE 802.1AE-2018 compliance
- IEEE 802.1AE
- IEEE 802.1AEbn
- IEEE 802.1AEbw
- IEEE 802.1AEcg
- MACsec with up to 4x VLAN-in-clear
Automotive Functional Safety
- Certified ISO 26262 ASIL-B Ready
NIST CAVP compliance for FIPS 140-3 validation
- Support for basic AES and AES-GCM transformations
Packages
- Silicon IP
- Driver Development Kit
Complete Documentation
- Hardware integration guide
- Hardware and software reference manuals
- Programming guides
- IP-XACT Register description
- FMEDA and Safety Manual
Tools and Scripts
- Verilog for synthesis and simulation
- All scripts and support files needed for standard EDA tool flows
Integration Support
- Complete verification test bench
- Comprehensive set of test vectors
MACsec Fundamentals
For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.
