Hardware Root of Trust
With the proliferation of hardware and firmware-based attacks across a variety of markets, including Data Centers, automotive and military, modern SoCs must provide trust and security at the hardware level. One popular way to provide on-chip security is to utilize a Hardware Root of Trust (HRoT). A Hardware Root of Trust is a minimum set of hardware and software dedicated to providing security from the moment the system is powered on.
HRoT can be used during all operation phases, such as power off, power up, run time operations and communications with external entities. Because of this it is important to verify the HRoT’s security across the spectrum of use cases. Tortuga Logic has the expertise and technology to detect and prevent security issues from misconfigured HRoT’s.
The CryptoManager Root of Trust suite of products serves broad markets such as government, automotive, cloud, machine learning and artificial intelligence, where security is of utmost concern. Tortuga Logic’s Radix gives further assurance to our customers that they are delivering the most secure product possible.
Vice President of Products, Cryptography, Rambus
HRoT Use Cases
will ensure that the components, as well as the interactions of the components of the SoC, are functioning properly. For example, this feature can monitor the host instruction code while the Host CPU is executing. An attempt to insert malicious instruction will result in a notification from the hardware Root of Trust back to the host.
can provide a way to take plain-text data on the SoC and securely protect it using encryption and authentication.
keeps the secret key material inside the hardware Root of Trust. Examples of common key management applications includes hardware secure module (HSM) using a public key cryptography standard (PKCS)#11 interface application to manage the policies, permissions, and handling of keys.
is responsible for cryptographically verifying the validity of the code and/or data on the SoC. Examples of the common cryptographic operations include RSA signature check and ECDSA.
typically uses an ephemeral symmetric session key for encryption and in other cases, an HMAC key for authentication. These keys (which also include the master ephemeral key from the protocol) are generated inside the hardware Root of Trust, and therefore are protected and secret from any on-chip attacks.