Quantum Safe, ISO 21434 Automotive-grade Programmable Hardware Security Module

The automotive-grade CryptoManager RT-7xx v3 Root of Trust family is the next generation of fully programmable ISO 26262 and ISO 21434 compliant hardware security modules offering Quantum Safe security by design for secure automotive applications.

Device and system architects face a growing array of security threats, including the threat of quantum computers. Across applications, one constant is the need for an automotive-grade Root of Trust-based security implementation.

The CryptoManager RT-7xx family protects against a wide range of hardware and software attacks through state-of-the-art side channel attack countermeasures and anti-tamper and security techniques. The RT-7xx supports various security certifications up to level 3. The RT-7×4 Root of Trust adds Quantum Safe Encryption (QSE) to provide a future-proof hardware security solution to protect data center assets starting today and into the quantum era

The CryptoManager RT-7xx allows customers users to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels.

How the CryptoManager RT-7xx Embedded HSM Works

The CryptoManager RT-7xx Root of Trust is a siloed hardware security IP core for integration into semiconductors, offering secure execution of authenticated user applications, tamper detection and protection, secure storage and handling of keys and security assets, and optional resistance to side-channel attacks. The Root of Trust is easily integrated with industry-standard interfaces and system architectures and includes standard hardware cryptographic cores. Access to crypto modules, keys, memory ranges, I/O, and other resources is enforced in hardware. Critical operations, including key derivation and storage, are performed in hardware with no access by software. The Root of Trust is based on a custom 32-bit processor designed specifically to provide a trusted foundation for secure processing on chip and in the system. The RT-7xx inherits its flexible cryptographic accelerator from the automotive-grade embedded Rambus CryptoManager Hub CH-7xx cores.

The Root of Trust supports all common host processor architectures including ARM, RISC-V, x86 and others. The multi-threaded secure processor runs customer developed signed code either as a monolithic supervisor or as loadable security applications which include permissions and security-related metadata. It can implement standard security functionality provided by Rambus, or complete customer-specific security applications, including key and data provisioning, security protocols, biometric applications, secure boot, secure firmware update, and many more.

Configurations and Cryptographic Accelerators by Product

• Custom-designed, customer programmable 32-bit secure RISC-V processor
• AXI Interface to SoC, and fast 64-bit addressable DMA to host memory
• Multi-layered security model protecting all core components against a wide range of attacks. The security model includes hierarchical privilege model, secure key management policy, hardware-enforced isolation/access control/protection, error management policy
• Secure data store allowing assets generated during boot available for secure applications
• Wide range of classic and Quantum Safe cryptographic accelerators and security modules, such as canary logic for protection against glitching and overclocking, secure key derivation
• State-of-the-art anti-tamper mechanisms against DPA and FIA side channel attacks
• Functional safety mechanisms meeting ASIL-B and ASIL-D SPFM-t/p and LFM metrics

• Linux Secure Boot: Implements secure boot for Linux OS, secured by the Root of Trust co-processor
• Linux Secure FOTA: Implements secure Firmware Over the Air (FOTA) updates for Linux OS
• Secure Boot: Uses the Root of Trust co-processor to assist in the secure boot process of ASICs and FPGAs
• Secure Data Storage: Uses the Root of Trust co-processor to protect user credentials or biometric templates
• Open SSL Hardening: Hardens the OpenSSL crypto operations via the Root of Trust secure co-processor
• Reference HSM: Implements a basic HSM supporting AES, HMAC, SHA256, ECDSA, X.509 certificates and secure storage
• Unique ID Generator: Creates a Root of Trust unique ID and stores it in the Root of Trust NVM (Non Volatile Memory)

• Complete Documentation
  • Integration guides
  • Reference manuals
  • Programming guides
  • FMEDA, DFMEA, DFA, Safety Manual
• RTL and FW Package
  • Verilog RTL for synthesis and simulation
  • Standard EDA tool flow scripts and support files
  • Verification test bench and test vectors
  • Boot loaders and secure RTOS and security monitor firmware
  • HLOS APIs for accessing RT-7xx capabilities
• SW SDK Package
  • SDK including the development environment, complete emulation with debugging capabilities of the RISC-V and crypto cores on QEMU
  • One-step install emulation with multiple samples and reference code to help customers kickstart their secure application development