Rambus launched its CryptoManager Root of Trust, a fully programmable hardware security core built with a custom RISC-V CPU. The secure processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor.
This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimize the primary processor for high performance, low power, or other characteristics while optimizing security in the siloed core. The CryptoManager Root of Trust is an embedded security core designed for applications from networking to automotive to IoT.
Bret Sewell, SVP and general manager of the Rambus Security Division, spoke to the key attributes of the division’s new secure coprocessor: “The fundamental pillars of architectural design freedom, secure processing siloed away from general processing, and layered security with a root of trust designed for multiple security layers, are unique to the CryptoManager Root of Trust design and enable easy implementation with the highest levels of protection. The CryptoManager Root of Trust also embeds features that enable semiconductor manufacturers and device OEMs to insert hardware keys, and enables IoT service providers to manage IoT endpoints throughout their lifecycle in the field.”
IDC research director for IoT Security, Abhi Dugar, noted, “The semiconductor industry faced some of its biggest security issues this year with recent vulnerabilities, and the potential to encounter additional security flaws will not go away any time soon as more IoT devices enter the market. To address existing and new threats, establishing trust at the hardware level will be critical, and a secure siloed core can help ensure that this new generation of devices can be protected from security flaws.”
Putting security first with an embedded secure core
Rambus’ security first method develops the most advanced secure compute processors. The CryptoManager Root of Trust secure processor is siloed from the main processor, supporting isolated cryptographic security processes.
The RISC-V Foundation’s executive director, Rick O’Connor, commented, “The Meltdown and Spectre flaws revealed a new class of vulnerabilities as common processors employ acceleration techniques like speculative execution to improve processing performance. With solutions like the Rambus CryptoManager Root of Trust, the extensible RISC-V ISA enables developers to build connected products with a fundamentally more robust approach to security.”
By establishing the trust chain early in the silicon manufacturing process, a security core can enable trusted provisioning and robust auditing of security-related activity throughout all phases of the chip lifecycle. The CryptoManager Root of Trust offers the primary processor a full array of security services, such as secure boot and runtime integrity checking, remote authentication and attestation, and hardware acceleration for symmetric and asymmetric cryptographic algorithms. The CryptoManager Root of Trust creates a secure foundation for Rambus’ comprehensive CryptoManager suite of solutions, which also includes the CryptoManager Provisioning Infrastructure and CryptoManager IoT Security Service.
Other key benefits of the CryptoManager Root of Trust include:
• Design Freedom: The open RISC-V instruction set architecture (ISA) allowed Rambus to design a custom processor without microarchitecture constraints, enabling a security first design. The CryptoManager Root of Trust is purpose-built to be safe and independent from general processing, offering a smaller and simpler approach without sacrificing security. This provides customers the opportunity to better design and better validate their products.
• Siloed: The CryptoManager Root of Trust is a fully user-programmable processor specifically designed for security use and physically separated from the primary processor with dedicated secure memory. Siloing allows the hardware Root of Trust to function in a known secure state, without allowing unintended access to secure functions through software backdoors.
• Layered Security: The root of trust is designed with multiple security layers. A small, ultra-secure nucleus builds outwards to less secure sections. The less secure sections can only access higher levels of security with hardware-based permissions. The Rambus CryptoManager Root of Trust supports multiple roots of trust and gives the ability for various parties to use the core without exposing keys.