Embedded Hardware Security Module for Automotive and Advanced Applications

PUFhsm is an embedded Hardware Security Module solution for automotive chips and general advanced applications. It is the latest offering from PUFsecurity that integrates CPU, hardware Cryptographic engines, and software modules for all security applications. This best serves chip designers looking to boost security levels in various applications.

PUFhsm’s key advantage is to support more complete security applications and be more user-friendly. It is positioned as an “Embedded Security Enclave,” which enables the isolation of critical security information from the main system, further enhancing the overall security level. In addition, the PUFhsm architecture features a CPU core in charge of all security instructions within the subsystem. Developers can leave composite security functions to the IP package, including secure boot, secure updates, secure deployment, key management, lifecycle management, secure debugging, and secure monitoring. On top of that, with security operations in PUFhsm, the main CPU is relieved from needing to dispatch security operations. These traits are particularly beneficial for users who are new to introducing security design into SoC, looking to optimize the efficient utilization of the main system’s resources, or plan to fulfill more security applications.

PUFhsm is designed to meet the stringent requirements of EVITA-Full, the highest level of security in the EVITA (E-safety Vehicle Intrusion Protected Applications). EVITA-Full is a benchmark for safeguarding critical automotive applications against sophisticated cybersecurity threats. Its requirements include preventing hardware tampering, ensuring the confidentiality of sensitive data, platform integrity, and authenticity of in-vehicle software and communications. This leads to the requirement of hardware-based cryptographic engines, secure key management, and comprehensive tamper resistance.

Designers also have the option to further improve the security level and anti-tampering by adopting PUFrt with PUFhsm, while also saving development resources. PUFrt, certified by Riscure’s strict anti-tampering test, provides unique ID / keys(PUF), secure storage(OTP), TRNG, and a full set of anti-tampering designs. The hard IP, such as OTP/PUF, has been verified at 150nm-4nm, which enables clients to reduce the integration effort and enter the mass production process faster. The perfect combination of PUFhsm and PUFrt will once again set a new benchmark for security technology. This total solution meets all the chip security needs from underlying physical components to upper-layer security applications.

We will continue to develop more solutions for the PUFhsm family to apply different market requests such as the light version, Function Safety version, and CPU upgraded version. PUFsecurity is committed to meeting more customers’ needs for security technology and helping customers’ products become more secure and competitive.

• Pre-integrated CPU
• Full suite of hardware-accelerate cryptographic engine (Meet EVITA-Full requirements)
• Complete SDK with APIs for HSM operations to support chip security applications.
• MailBox Interface to facilitate communication between the main system and HSM.
• Reference Codes for each security function, simplifying integration.
• Hardware Abstraction Layers (HALs) for seamless hardware communication.
• PC Utility with GUI for generating ROM code and firmware as per security needs.
• Comprehensive Anti-Tamper Designs

• EVITA-Full Compliance: Develops security architecture compliant with EVITA-Full for automotive systems
• Secure Boot: Ensures authenticity and integrity of all code before execution
• Secure Update: Verifies only authenticated, authorized firmware is applied
• Secure Provisioning: Manages secure provisioning of critical components
• Key Management: Handles key generation, import/export, and use in cryptographic operations.
• Lifecycle Management: Controls secure access across all lifecycle states, from manufacturing to decommissioning.
• Secure Debug: Limits debug access to authorized personnel during development
• Secure Monitor: Provides a trusted environment, isolating sensitive memory and operations