Getting Started

The Arm CryptoCell-700 family is an embedded security platform for high performance SoCs. It offers a deep level of security for mobile, DTV and STB. It enables secure machine learning solutions such as face ID and object detection.  The CryptoCell-700 family can protect against a broad set of threats (including ones involving physical tampering with the device) while, at the same time, addressing the challenging requirements for increased system complexity, high performance, low power consumption and small footprint.

The multi-layered hardware and middleware architecture combines hardware accelerators, root-of-trust control hardware with a rich layer of security middleware and software tools for the IC and device production process. 

The CryptoCell-700 family takes cryptographic instructions from the System Control Processor (SCP) during boot, or from software applications – either trusted (running within the TEE) or normal - running on the main application processor(s). It processes the data and puts the results back into system or internal memory. 


Specifications

  CryptoCell-712 CryptoCell-703 CryptoCell-713
Platform security services (Secure Boot, Secure debug, etc.) Yes
Yes
FIPS 140-2 certifiable symmetric crypto (AES, DES, SHA) Yes
Yes
FIPS 140-2 certifiable asymmetric crypto (RSA, ECDSA, DH, ECDH) Yes
Yes
GM/T 0028-2014 certifiable crypto (SM2, SM3, SM4)
Yes Yes

Arm TrustZone CryptoCell-712 FIPS 140-2 Non-Proprietary Security Policy

Start designing now

Arm Flexible Access gives you quick and easy access to this IP, relevant tools and models, and valuable support. You can evaluate and design solutions before committing to production, and only pay when you’re ready to manufacture.

CoreLink Interconnect Diagram.

CryptoCell-700 Performance

  28nm HPC
 16nm FFp
 Frequency  400MHz 500MHz
 Area  0.222mm2 
0.095mm2 
 AES Throughput  560MB/s  700MB/s


Crypto Acceleration

  • AES Engine (REE and TEE)
    • Confidentiality modes: ECB, CBC, CBC-CTS, OFB and CTR
    • Storage modes: ESSIV, BitLocker and XTS
    • Message Authentication Codes (MAC):  CBC-MAC, CMAC and XCBC-MAC
    • Authenticated Encryption with Associated Data (AEAD) modes:  CCM and GCM key sizes of 128, 192 and 256 bits
    • Software and Hardware introduced keys
    • Fast (20 SBOXes) core
  • Debug Signing Utility
    OEM utility for debug certificate signing.
  • HASH Engine (REE and TEE)
    • SHA-1, SHA-256, SHA-384, SHA-512 and MD5 modes, as well as HMAC
    • Automatic padding
  • PKA Engine (TEE Access only)
    • Public-key crypto based on the Discrete Logarithm problem, the Elliptic Curve Discrete Logarithm problem, and the Integer Factorization problem.
    • Supports integers in the range of 128 bits and 4K bits in size (in steps of 32 bits) 
  • KDF (TEE Access Only)
    • ASN.1 encoding (HASH based)
    • KDF1 (HASH based)
    • KDF2 (HASH based)
    • AES-CMAC-CTR based KDF

Security Resources

  • Security Lifecycle
    Enforcement of different security policies based on the affiliation of the SoC to “real world” entities (e.g.: Chip Manufacturer, OEM, etc.)
  • Roots of Trust Management
    Exclusive management of on-die Non-Volatile Memory, where the following items are stored:
    • A Device unique Secret Key
    • A Provisioning renewability secret
    • A Signature of the Public code distribution Key
    • Indexes  of the minimal Trusted and non-trusted SW versions
    • A Code-decryption key 
  • Secure Code Loading
    Code trustworthiness achieved by authenticity and integrity checks (certificates based) ran on the loaded software images. 
  • Secure Debug
    Debug trustworthiness achieved by authenticity checks of the debugging entity.
  • Random Number Generator
    A Random Number Generator comprised of a:
    • True Random Number Generator, providing some assured level of entropy (analyzed by Entropy Estimation logic).
    • Deterministic Random Bit Generator (DRBG) ‘seeded’ by the TRNG. 
  • Secure Timer
    A permanently powered hardware timer that provides the system the elapsed time in msec granularity. 
  • Secure Provisioning
    Secure the delivery of sensitive assets even when communicated over "hostile" environment (can be untrusted production/assembly floor or even the internet).
  • RPMB Key Management
    Per-Boot RPMB key derivation by a deterministic KDF (based on the Device unique Secret Key).
  • FIPS 140-2
  • Code Signing Utility
    OEM utility for code signing and certificate creation. 
  • Debug Signing Utility
    OEM utility for debug certificate signing.
  • Code Manufacturing Utility
    Silicon partner utility for population of the on-die Non-Volatile Memory assets managed by CryptoCell during Chip manufacturing.
  • Asset Provisioning Utility
    OEM utility for wrapping sensitive assets prior to being communicated over "hostile" environment.

Get support


Want to know more about Security on Arm?

Learn more

Community Blogs

Community Forums

Answered Where should I ask my question?
  • ARM Community
0 votes 160 views 1 replies Latest 2 days ago by Oliver Beirne Answer this
Not answered Where do I find presentations and photos from SC'18? 2 votes 4843 views 0 replies Started 1 years ago by John Linford Answer this
Not answered I have following code and can not read data from Data segment 0 votes 26 views 0 replies Started 7 hours ago by Elahia1@southernct.edu Answer this
Suggested answer problems with timers and i2c
  • Timing
  • Communications Standards
  • STM32 F4
0 votes 129 views 1 replies Latest yesterday by Andy Neil Answer this
Not answered Does Keil MDK5 support any RTOS with Bluenrg-2?
  • Keil MDK Cortex-M Edition
  • Bluetooth LE
  • CMSIS RTOS
0 votes 132 views 0 replies Started yesterday by Cletus87408 Answer this
Suggested answer C library folder structure
  • IDEs and Tool Suites
  • Library
0 votes 178 views 2 replies Latest 2 days ago by Clonimus74 Answer this
Answered Where should I ask my question? Latest 2 days ago by Oliver Beirne 1 replies 160 views
Not answered Where do I find presentations and photos from SC'18? Started 1 years ago by John Linford 0 replies 4843 views
Not answered I have following code and can not read data from Data segment Started 7 hours ago by Elahia1@southernct.edu 0 replies 26 views
Suggested answer problems with timers and i2c Latest yesterday by Andy Neil 1 replies 129 views
Not answered Does Keil MDK5 support any RTOS with Bluenrg-2? Started yesterday by Cletus87408 0 replies 132 views
Suggested answer C library folder structure Latest 2 days ago by Clonimus74 2 replies 178 views