A Root of Trust is defined as the security foundation for a semiconductor or electronic system. Any secure function performed by the device or system relies in whole or in part on this Root of Trust. Based in hardware, the Root of Trust handles the cryptographic functions, stores and manages cryptographic keys, and is typically part of the secure boot process providing the foundation for the software chain of trust.

To be able to protect anything, a device needs certain properties that it can trust that are unsubvertible “beyond the capabilities of any reasonable attack scenario.” There are many Roots of Trust in a device, and these serve different purposes: the immutability of the chip hardware and ROM code, chip or device Unique ID, and the public key used to authenticate the next firmware image. Without these, it is not possible to build trustworthiness into a device. In many cases, a given Root of Trust may be trustworthy under one attack scenario – but may lose that property in another, more “advanced” attack scenario.

In most scenarios, the most basic Root of Trust, that of “hardware immutability,” comes from the fact that functionality in silicon is hard to change. Root of Trust products leverage various Roots of Trust available in silicon, using them in a secure way to offer security services to the SoC and the application(s) running on the SoC. In many cases, Root of Trust products even provide protection for, or detection of, attacks against the silicon Roots of Trust and the security architecture protecting the security services. In this way, Root of Trust products provide the trusted foundation that the SoC and the application can use to build their own protection.

Root of Trust product designs vary greatly in architecture and capabilities. When selecting a Root of Trust solution, it’s important to ask the right questions to ensure the best protection. Some questions to consider include: What is the end use of the chip? Who and what are you protecting against? What is the risk of a compromised device? What certifications are required? It’s also worth noting that Root of Trust products can be tailored to match an applications security threat model, use case, industry segment, lifetime, cost, and geography. Some examples of the different criteria that can be selected include the crypto algorithms, security/anti-tamper mechanisms, and provisioning methods used.

Last month, Rambus announced the expansion of its Root of Trust IP portfolio with the Arm CryptoCell and CryptoIsland IP. This expansion builds on an already diverse offering of Root of Trust IP ranging from military-grade security co-processors to compact Root of Trust designs.

The CryptoCell CC-312, CC-712 and CC-713 are lightweight cores without a processor or controller. They offer Key Management and Crypto Services to Arm TrustZone-enabled Arm Cortex-M and Cortex-A powered SoC designs. The CryptoCell cores are available alongside the RT-1xx Root of Trust cores for sensor, device, gateway, and server applications in the IoT market. The CryptoIsland CI-300 is a security enclave that can be used in isolation to the host processor. With its secure programmability, the CryptoIsland core will be offered alongside the Rambus RT-6xx Root of Trust series. The most common use cases for CI-300 are smart cards, mobile application processors and 5G modems.

Resources:

Bart Stevens

Bart Stevens

  (all posts)
Bart Stevens is senior director of product management for cryptography at Rambus.

Source: https://semiengineering.com/selecting-the-right-root-of-trust-for-your-application-and-architecture/