CryptoCell and CryptoIsland technologies

CryptoCell and CryptoIsland technologies complement TrustZone and offer the following:

  • Asymmetric and symmetric cryptography
  • True random number generation
  • Device lifecycle state management
  • A hardware-enforced Root of Trust policy
  • A Root of Trust model allowing multiple owners
  • Secure boot technology with software image validation and decryption available at boot time
  • Validation of software source updates
  • Secure debugging
  • Keys and assets provisioning, management, and isolation in persistent trusted storage

Note: CryptoCell technologies are engines that require a CPU and, sometimes, infrastructure on the SoC to perform the preceding functionality. CryptoIsland integrates a subsystem around a CryptoCell-312 and includes its own processor. This design means that a CryptoIsland can perform more of the preceding functionality on its own.


There are two families of CryptoCell, the CryptoCell-300 family and the CryptoCell-700 family. The CryptoCell-700 family has a higher performance than the CryptoCell-300 family and is intended for content intensive applications, for example higher-end smartphones and set-top boxes.

The CryptoCell-312 is aimed at SoCs that are powered by either Cortex-M series or Cortex-R series processors. The CryptoCell-312 fits well in a design that is optimized for low-power usage and a low area.


CryptoIsland executes a full software stack inside itself, which allows you to isolate software from the host system. For example, if a SIM is kept inside the CryptoIsland, the SIM has as much protection as a detachable SIM card. In terms of functionality, the CryptoIsland includes a CryptoCell-312. CryptoIsland is also able to mitigate against physical attacks, which is explored further in Mitigating against physical attacks.

Previous Next