Post Quantum Secure Boot

Overview

The TESIC-310 IP is a turnkey solution to provide a secure boot facility to an SoC. It implements the Post Quantum secure Leighton-Micali Signature (LMS) as specified in NIST SP800-208. The TESIC-310 operates as a slave peripheral to an Application Processor. It is a secure enclave that stores the keys assuring their integrity and the integrity of the firmware authentication process. The LMS signature is a robust post-Quantum secure algorithm. The parameters have been chosen to enable up to 32 thousand firmware updates with a minimal signature size of typically less than 5KBytes. The TESIC-310 is pre-certified to SESIP Level 3 and delivered as RTL. It is based on propriety IP free of 3rd party rights and royalties. The TESIC-310 operates as a slave: the Application Processor requests the validation of the firmware as part of its boot process, without having to manage any keys.

Key Features

  • The TESIC-310 operates as an isolated secure subsystem within the SoC. When the Application Processor boots it requests that the TESIC-310 validates the signature of the system Firmware. The TESIC-310 will validate the signature of the Firmware against the pre-loaded key that is securely held in within the permanent storage of the SoC. This guarantees the authenticity of the Firmware that is to be executed. Firmware roll-back is also prevented (”updating” with an older Firmware, potentially with vulnerabilities, is prevented). The authenticated firmware image can then be copied to system RAM, or executed in place if desired. The GPOs can be used to signal the completion of the signature verification and also the result of the validation. Multiple keys are supported, enabling a multi-stage, authenticated, boot sequence. The Application Processor communicates with the TESIC-310 via a simple mailbox over the APB interface.
  • The parameters chosen for the LMS algorithm allow up to 32 thousand firmware images to be securely signed with the signature which allows for multiple, secure, firmware updates of the Application Firmware. The signature is 4.7 KBytes with an algorithmic strength of 256 bits and 2.8 KBytes with a strength of 224 bits

Benefits

  • Secure Boot from Signed Firmware
  • Anti-Rollback
  • 32,000 Firmware Updates
  • Slave Operation

Applications

  • The TESIC-310 Secure Boot IP has a wide range of applications:
    • Wearables
    • White Goods
    • Entertainment Applications
    • Networking Equipment
    • Consumer Appliances
    • Automotive
    • Industrial Control Systems
    • Security Systems
    • ...and any SoC Application that requires executing authenticated firmware in a simple but secure way.

Deliverables

  • TESIC-310 RTL with comprehensive synthesis scripts
  • Verification environment
  • Full documentation
  • TESIC-310 ROM code firmware to perform the LMS calculation and operation within the system
  • Cross platform Firmware image signing tool
  • Complete support and guidance to achieve certification for all products that contain the TESIC-310 IP.

Technical Specifications

Foundry, Node
GF 55 LPx, TSMC 40 ULP, GF 22 FDX, TSMC 16 FFC
Maturity
Qualified and certified on various processes
Availability
Now
×
Semiconductor IP