The tRoot™ Hardware Secure Modules (HSMs) with Root of Trust enable connected devices to securely and uniquely identify and authenticate themselves to create secure channels for remote device management and service deployment.
The flexible tRoot Fx HSM family includes fully programmable and highly configurable solutions that enable designers to tune the HSM to their exact requirements, while the pre-built tRoot Vx HSM family offers a defined security boundary for a complete, drop-in security solution.
tRoot HSMs are designed to easily integrate into system-on-chips (SoCs) and provide robust hardware-enforced protection while maintaining a high level of performance through cryptographic acceleration and offering designers options to create solutions with the most efficient combination of power,
size, and performance. tRoot HSMs provide a Trusted Execution Environment (TEE) to protect sensitive information and processing and implement security- critical functions such as secure boot, storage, debug, anti-tampering and key management required throughout the device life cycle.
The Synopsys tRoot Vx HSMs (Figure 1) are pre-built solutions with defined security perimeter. Their advanced design combats complex threats by protecting the device and its data at boot time, run time, and during the communication with other devices or the cloud. tRoot Vx HSMs are typically targeted at microprocessor-based SoCs in high-end edge devices, IoT hubs, cellular communication, industrial control, automotive, and mobile devices.
tRoot Vx Hardware Secure Modules
Overview
Key Features
- The Synopsys tRoot Vx HSMs include a highly secure hardware Root of Trust that enables devices to boot securely and permits encryption and decryption of sensitive data allowing it to be stored in non-secure devices or memory. It provides a completely secure environment in a non-secure system from which applications can execute secure cryptographic services.
- The tRoot Vx HSMs secure SoCs by using unique code protection mechanisms that provide run-time tamper detection and response. Code privacy protection is achieved without the added cost of dedicated secure memory. This unique feature reduces system complexity and cost by allowing the tRoot Vx HSM’s firmware to reside in any non-secure memory space.
- Commonly, tRoot Vx programs reside in shared system DDR memory. Due to the confidentiality and integrity provisions of the secure instruction controller, this memory is effectively private to the HSM and impervious to attempts to modify it originating in other subsystems in the chip, or from outside. The tRoot Vx HSM’s ROM-less architecture can support system design changes at any time without risk of exposing the system memory to threats and without additional engineering development cost. To minimize the number of attack vectors, tRoot Vx HSMs use a simple interface with a limited set of interactions with the host processor.
Benefits
- HSMs with Root of Trust provide high- grade protection against malicious attacks
- Complete solutions with defined secure perimeter give SoCs a unique, tamper- proof identity
- Enables secure services deployment and life cycle management
- Provides a TEE to create, provision, store, and manage keys
- Crypto APIs based on PKCS #11
- Full hardware key protection
- Multi-stage secure boot validates software and data integrity of the host CPU
- In-the-field device management
- Secure identification and authentication
- Secure storage, debug, and firmware updates
- Run-time integrity protection for tRoot and host CPU
- Secure key port provides a hardware secure data path for derived and negotiated keys to other entities
- External memory access protection and runtime anti-tampering
- Hardware cryptography acceleration for high-performance product variants
Applications
- Industrial control and automation
- Internet of Things: hubs, aggregation points, smart metering, high-end wearables
- Networking: gateways, routers, cellular communication
- Mobile
- Automotive
Deliverables
- Synthesizable RTL written in Verilog-2005 (IEEE Std 1364-2005)
- Binary firmware image(s)
- Build and configuration tools
- Host application library
- Verilog integration testbench and test vectors
- Integration test image(s)
- Sample simulation script
- Sample synthesis script
- Documentation (hardware and software user guides, software APIs)
Technical Specifications
Maturity
Available on request
Availability
Available
Related IPs
- tRoot Fx Hardware Secure Modules: Programmable Root of Trust
- tRoot V023 FS Hardware Secure Module, ASIL-B compliant (w/ ARC EM22FS)
- Secure Boot Hardware Engine
- Secure-IC's Securyzr(TM) TLS Handshake Hardware Accelerator
- Secure-IC's Securyzr(TM) Blockchain Hardware Accelerator
- Secure-IC's Securyzr™ Hardware Security Module (HSM) for Automotive