On-chip security IP

Reusable, Reliable, Compact HW Root of Trust Platform
- Processor-Agnostic: Works with ARM, MIPS, RISC-V, Beyond BA2x or any other microprocessor
- Process-Independent: RTL design with flexible interface to technology-specific modules (e.g. OTP)
- Customizable and tunable boot sequence, security algorithms, features, and interfaces
- Security functions share common hardware modules
- Production-proven
Processor-Agnostic: Works with ARM, MIPS, RISC-V, Beyond BA2x or any other microprocessor
Process-Independent: RTL design with flexible interface to technology-specific modules (e.g. OTP)
Customizable and tunable boot sequence, security algorithms, features, and interfaces

Provides a hardware-based Root of Trust with a unique, immutable device ID
Supports cryptographic verification of device identity and integrity
Generate Public Key Infrastructure (PKI) keypairs that it can use to sign messages, including random number based challenges

GEON-SBoot is an area-efficient, processor-agnostic hardware engine that protects SoC designs from booting with malicious or otherwise insecure code.
The security platform employs public-key cryptography (which stores no secret on-chip) to ensure that only unmodified firmware from a trusted source is used by the system.
It also enables secure firmware updates over-the-air (OTA) and can prevent booting from revoked firmware versions.

One input word per clock without any backpressure
Design can switch stream, algorithm, mode, key and/or direction every clock cycle
GCM: throughput is solely determined by the data width, data alignment and clock frequency
XTS: block processing rate may be limited by the number of configured tweak encryption & CTS cores; a configuration allowing 1 block/clock is available

Throughput: 128 bit (16 Byte) wide encryption/decryption per cycle
Throughput: 1 tweak computation per 4 clock cycles
Bidirectional design including arbitration between read and write requests
Zero clock overhead for switching between encryption (write) and decryption (read)
30-40 cycle data channel latency

Custom-designed 32-bit secure RISC-V processor
Multi-layered security model protects all core components against a wide range of attacks
Security model includes hierarchical privilege model, secure key management policy, hardware-enforced isolation/access control/protection, error management policy
State-of-the-art DPA resistance, FIA protection and anti-tamper techniques

NIST CAVP certified and OSCCA standard compliant crypto engine suite
Includes private/public key ciphers, message authentication code, hashes, and key derivation
Key wrapping function for the secure export of keys
Public-key coprocessor for digital signatures and key agreements over elliptic/Edward curves

Quad-pixel interface allows up to 48Gbps bandwidth data for uncompressed 8K resolution with 60Hz refresh rate
Fixed-rate stream with 16b18b decoding and de-scrambling
Supports latest object-based audio formats with 1536kHz sample rate and up to 32 channels
Dynamic metadata packets reception

Quad-pixel interface allows up to 48Gbps bandwidth data for uncompressed 8K resolution with 60Hz refresh rate
Fixed-rate stream with 16b18b decoding and de-scrambling
Supports latest object-based audio formats with 1536kHz sample rate and up to 32 channels
Dynamic metadata packets reception

On-Chip Security IP