The fully configurable Secure IP Subsystem is built around Synopsys’ family of low-power ARC SEM security processors, which incorporates advanced side channel and tamper-resistant features to protect against ever-evolving threats. These features include error detection and parity on memories and registers, uniform instruction timing, power and timing randomization and an integrated watchdog timer to detect system failures and tamper events. The processor also leverages ARC SecureShield™ technology, providing isolated execution contexts with a secure MPU and support for AHB5.
Outside the core, additional system-level features are provided to ensure the confidentiality and authenticity of non-trusted memory. The secure external memory controller provides cryptographically strong algorithms that can decrypt both instructions and data on the fly, which is critical for external memory shared with the application processor. The partitioned “secure” code and data is always stored encrypted, and only decrypted within the secure subsystem when accessed. Latencies are hidden by caching within the subsystem’s secure perimeter.
Cryptography options within the subsystem accelerate encryption for a range of algorithms including AES, 3DES, SHA-256, RSA and ECC. To provide designers with flexibility, the subsystem supports many cryptography implementation options. A National Institute of Standards and Technology (NIST) validated DesignWare Cryptography Software Library and cryptographic acceleration through ARC Processor EXtension (APEX) technology are included with the subsystem. Optional support for dedicated symmetric and asymmetric hardware crypto engines is also supported.
Implementation choices are based on customers’ need to balance performance and area requirements. Figure 4 uses a SHA-256 example to highlight these tradeoffs for each type of cryptography implementation.