IP Catalog > Security IP > Root of Trust IP > Hardware Root of Trust IP

Hardware Root of Trust IP

Overview

Hardware root key generation and storage that never leaves the chip

PUFrt includes a 1024-bit physical unclonable function (PUF) and a true random number generator (TRNG) complying with the NIST SP800- 90B/SP-800-22 standard specifications. These features aid in the encryption/decryption requirements of sensitive information and data, achieving a higher level of data security protection. Furthermore, an additional 8k-bit secure storage space with PUF is provided for the key or sensitive information injected by the customer, which makes the original security and NeoFuse OTP more resistant to physical attacks.

The rising risks from the IoT are limiting its potential. For perspective, it takes, on average, only five minutes for a deployed IoT device to receive its first attack. The answer is creating a collaborative security ecosystem, drawing from the safest Hardware, Software, and Operating System solutions. PUFrt can protect and connect this ecosystem at the hardware level using PUF-based encryption and authentication.

PUFrt’s Hardware Root of Trust is ushering in a new era of semiconductor security with its combination of secure Hard Macros and Digital RTL. PUFrt design includes a PUF-based 1024-bit identification code, Zero Touch key provisioning, intergrade entropy sources, secure OTP, and anti-tamper shell all in one unit. It can be integrated across a wide array of different architecture and support various operations, from lightweight hardware security key provisioning to fully functioning Crypto Coprocessors.

We lead the field in terms of platform availability, and through our parent company, eMemory, we draw from over 20 years of experience partnering with foundries and delivering high-quality IPs.

Key Features

  • Process Availability
    • Scalable down to 3nm, and continuous development
    • Available across worldwide foundries
    • Security Features
    • Riscure certified
    • Resistant to physical attacks, including decapsulation, microscope imaging, probing, reverse engineering, etc.
  • PUF-based Secure Storage
    • Up to 128Kb OTP
    • Various memory maps configurations to fulfill different usage scenarios
    • Dummy insertion read based on entropy from TRNG
    • Scrambler based on PUF value securely stores keys, unique to each PUFrt
    • Stored values cannot be changed/deleted
  • Controller/Interface
    • APB or AHB System Bus Interface
    • APB or TCM Private Bus Interface
    • Secure OTP Wrapper (Factory test, user, RMA debug, Read/Write, Read-Only, and Non-accessible modes)
    • IEEE1687 JTAG testing interface
    • Optional XiP package available
    • Autoload interface for system calibration upon powering on to support product LFM, secure boot, secure debug, etc.
    • Memory Built-In Self Repair/Test Data Register/Secure Debug access through external Test Access Port
  • NIST SP800-90C Compliant TRNG
    • Pre-harden and calibration free
    • Ultra-fast initialization and stabilization (<100us)
    • High-speed throughput (>160 Mbits/sec)
    • Ultra-low power
    • Compliant with NIST SP800-22 and NIST SP800-90B with IID/restart test
    • NIST SP800-90A DRBG for >1Gbps random number generation available as an optional accessory
  • PUF-based Unique ID
    • With ideal minimum entropy of 1
    • Unpredictable randomness and uniqueness for UID with 50% Hamming weight and Hamming distance
    • On-demand keys for on-chip secret and off-chip ID generation
    • Optimal reliability with lifetime zero Bit Error-Rate (BER)
    • Robustness of working under different circumstances (Temp: -40~175°C)

Benefits

  • Built-in standard APB controller with privilege control to create secure/non-secure separation. Additionally, interface customization is available for different design requirements.
  • Four 256-bit hardware PUF chip fingerprints, include a self-health check that can be used as a unique identification(UID) or a root key(seed).
  • High-quality true random number generator (TRNG)
  • 8k-bit mass production OTP with built-in instant hardware encryption (customization available)
  • Comprehensive anti-tamper designs in both Digital RTL and Hard Macros
  • Autoload: Automatically send trim parameters from OTP upon power-up.
  • Secure Boot: Ensure the device only boots up with the authenticated software.
  • Secure Debug: Ensure robust protection against potential backdoor attacks through the Debug Access Port (DAP)

Block Diagram

Hardware Root of Trust IP Block Diagram

Video

PUFrt - Solving Chip Security's Weakest Link with PUF-based Root of Trust

When it comes to chip security, designers often turn to crypto subsystem solutions like ARM Crypto Cell 312. The remained obstacle, however, is how to generate and safely store the root key for the system. The dual APB PUFrt is the exact missing piece for the puzzle. With the inborn chip fingerprint from PUF that acts as a secret key to encrypt anything stored, the equipped anti-tamper shell makes it more resilient against potential attacks. With its well-planned architecture, PUFrt can be easily dropped in to replace eFuse while saving engineering effort as the controller is included. The combined solution not only completes secure boundary for IC but also maximizes the effectiveness of CC312 for the entire SoC’s performance.

Applications

  • Secure OTP to safely store sensitive data such as keys and boot code
  • Key provisioning that enables simultaneous multi-chip key provisioning for cost reduction
  • Entropy source for cryptographic engines and secure operations

Deliverables

  • Datasheet
  • Release Notes
  • Integration Guidelines
  • Timing .lib File
  • LEF
  • GDS Phantom File
  • Verilog HDL File (Behavior Model)
  • Verilog HDL File (FPGA)
  • Application Note
  • Reference Scripts
  • Hard Macro Release Note
  • Test Methodology
  • Testbench

Technical Specifications

Request Info

Related IPs

×
Semiconductor IP