From an SoC design perspective, security has both hardware and software implications; the engineer’s toolbox requires ways to address both, from RTL design to system verification. A key enabler is pre-verified IP subsystems that can be easily integrated within the SoC to provide a scalable platform for diverse security functions and applications.
The Synopsys DesignWare IP offering includes the tRoot Hardware Secure Module (HSM), which was created specifically for implementing a secure hardware root of trust in connected devices. This solution supports all the essential elements for developing an effective root of trust, which provides a security perimeter for protecting sensitive data and operations. It includes a secure CPU, multiple secure key servers for key transport protection, secure instruction and data controllers to provide external memory access protection and runtime tamper detection, and cryptographic acceleration with protection against side-channel attacks.
A root of trust can be started by a variety of methods, including simply loading its protected memory region and signaling that it has firmware available. Alternatively, it can be loaded using a hardware state machine from external Flash memory, run directly out of SPI memory, or a variety of other methods. When it starts, the root of trust derives its internal keys from supplied device identity inputs and executes self-tests and code validation for itself. If these tests are passed, it can move on to validate code for other subsystems in the chip using a secure bootstrap process.
The root of trust is used to perform several functions, including secure monitoring during power up and runtime operation of the SoC, secure validation/authentication for verifying the validity of the code and/or data on the SoC, storage protection, secure communication, and key management.
tRoot HSM provides robust hardware protection while being highly configurable, flexible, and maintaining a high level of performance. tRoot HSM is used to provide security functions in a trusted execution environment as a companion to a host processor that runs most system applications. To minimize the number of attack vectors, tRoot HSM uses a simple interface with a limited set of interactions with the host processor. At the same time, it provides a fully programmable platform that can offer a variety of services throughout the device’s lifecycle.
tRoot protects IoT devices using unique code protection mechanisms that provide runtime tamper detection and response, and code privacy protection without the added cost of more dedicated secure memory. This unique feature reduces system complexity and cost by allowing tRoot’s firmware to reside in any non-secure memory space.