CryptoCell and CryptoIsland technologies
CryptoCell and CryptoIsland technologies complement TrustZone and offer the following:
- Asymmetric and symmetric cryptography
- True random number generation
- Device lifecycle state management
- A hardware-enforced Root of Trust policy
- A Root of Trust model allowing multiple owners
- Secure boot technology with software image validation and decryption available at boot time
- Validation of software source updates
- Secure debugging
- Keys and assets provisioning, management, and isolation in persistent trusted storage
Note: CryptoCell technologies are engines that require a CPU and, sometimes, infrastructure on the SoC to perform the preceding functionality. CryptoIsland integrates a subsystem around a CryptoCell-312 and includes its own processor. This design means that a CryptoIsland can perform more of the preceding functionality on its own.
There are two families of CryptoCell, the CryptoCell-300 family and the CryptoCell-700 family. The CryptoCell-700 family has a higher performance than the CryptoCell-300 family and is intended for content intensive applications, for example higher-end smartphones and set-top boxes.
The CryptoCell-312 is aimed at SoCs that are powered by either Cortex-M series or Cortex-R series processors. The CryptoCell-312 fits well in a design that is optimized for low-power usage and a low area.
CryptoIsland executes a full software stack inside itself, which allows you to isolate software from the host system. For example, if a SIM is kept inside the CryptoIsland, the SIM has as much protection as a detachable SIM card. In terms of functionality, the CryptoIsland includes a CryptoCell-312. CryptoIsland is also able to mitigate against physical attacks, which is explored further in Mitigating against physical attacks.