Secure boot IP

GEON-SBoot is an area-efficient, processor-agnostic hardware engine that protects SoC designs from booting with malicious or otherwise insecure code.
The security platform employs public-key cryptography (which stores no secret on-chip) to ensure that only unmodified firmware from a trusted source is used by the system.

Up to 128kb mass production OTP with built-in instant hardware encryption (customization available)
Comprehensive anti-tamper designs in physical and RTL
APB control interface with secure/non-secure access privilege
Four 256-bit hardware PUF fingerprints for scrambling drop-in-use Secure OTP Storage

Complete hardware secure modules with Root of Trust give SoCs a unique, tamper-proof identity
Enable secure services deployment
Provide a Trusted Execution Environment to create, provision, store and manage keys
Full hardware key protection

Choice of energy-efficient ARC SEM110, SEM120D, EM4 + ESP, or EM5D + ESP processors
Extensive collection of hardware accelerated cryptography options
Secure instruction and data memory controllers
Host and peripheral interfaces (UART, NVM, GPIO, TRNG, Device ID)

Choice of energy-efficient ARC SEM110, SEM120D, EM4 + ESP, or EM5D + ESP processors
Extensive collection of hardware accelerated cryptography options
Secure instruction and data memory controllers
Host and peripheral interfaces (UART, NVM, GPIO, TRNG, Device ID)

Choice of energy-efficient ARC SEM110, SEM120D, EM4 + ESP, or EM5D + ESP processors
Extensive collection of hardware accelerated cryptography options
Secure instruction and data memory controllers
Host and peripheral interfaces (UART, NVM, GPIO, TRNG, Device ID)

Choice of energy-efficient ARC SEM110, SEM120D, EM4 + ESP, or EM5D + ESP processors
Extensive collection of hardware accelerated cryptography options
Secure instruction and data memory controllers
Host and peripheral interfaces (UART, NVM, GPIO, TRNG, Device ID)

Migrating from discrete SIM cards to an embedded iSIM solution reduces area, power, and cost
Out-of-the-box connectivity using integrated bootstrap code within the HSM
Leverages Truphone’s global network by bundling default connectivity profile on each chipset
Factory-loaded bootstrap profile enables global connectivity, but not locked to Truphone

The Synopsys tRoot Vx HSMs include a highly secure hardware Root of Trust that enables devices to boot securely and permits encryption and decryption of sensitive data allowing it to be stored in non-secure devices or memory. It provides a completely secure environment in a non-secure system from which applications can execute secure cryptographic services.
The tRoot Vx HSMs secure SoCs by using unique code protection mechanisms that provide run-time tamper detection and response. Code privacy protection is achieved without the added cost of dedicated secure memory. This unique feature reduces system complexity and cost by allowing the tRoot Vx HSM’s firmware to reside in any non-secure memory space.
Commonly, tRoot Vx programs reside in shared system DDR memory. Due to the confidentiality and integrity provisions of the secure instruction controller, this memory is effectively private to the HSM and impervious to attempts to modify it originating in other subsystems in the chip, or from outside. The tRoot Vx HSM’s ROM-less architecture can support system design changes at any time without risk of exposing the system memory to threats and without additional engineering development cost. To minimize the number of attack vectors, tRoot Vx HSMs use a simple interface with a limited set of interactions with the host processor.