Getting Started

The Arm CryptoCell-700 family is an embedded security platform for high performance SoCs. It offers a deep level of security for mobile, DTV and STB. It enables secure machine learning solutions such as face ID and object detection.  The CryptoCell-700 family can protect against a broad set of threats (including ones involving physical tampering with the device) while, at the same time, addressing the challenging requirements for increased system complexity, high performance, low power consumption and small footprint.

The multi-layered hardware and middleware architecture combines hardware accelerators, root-of-trust control hardware with a rich layer of security middleware and software tools for the IC and device production process. 

The CryptoCell-700 family takes cryptographic instructions from the System Control Processor (SCP) during boot, or from software applications – either trusted (running within the TEE) or normal - running on the main application processor(s). It processes the data and puts the results back into system or internal memory. 

Specifications

  CryptoCell-712 CryptoCell-703 CryptoCell-713
Platform security services (Secure Boot, Secure debug, etc.) Yes
Yes
FIPS 140-2 certifiable symmetric crypto (AES, DES, SHA) Yes
Yes
FIPS 140-2 certifiable asymmetric crypto (RSA, ECDSA, DH, ECDH) Yes
Yes
GM/T 0028-2014 certifiable crypto (SM2, SM3, SM4)
Yes Yes
Optional side channel attack countermeasures
Yes Yes 

Arm TrustZone CryptoCell-712 FIPS 140-2 Non-Proprietary Security Policy

CoreLink Interconnect Diagram.

CryptoCell-700 Performance

  28nm HPC
  16nm FFp
 Frequency  400MHz 500MHz
 Area  0.222mm2 
 0.095mm2 
 AES Throughput  560MB/s  700MB/s

Crypto Acceleration

  • AES Engine (REE and TEE)
    • Confidentiality modes: ECB, CBC, CBC-CTS, OFB and CTR
    • Storage modes: ESSIV, BitLocker and XTS
    • Message Authentication Codes (MAC):  CBC-MAC, CMAC and XCBC-MAC
    • Authenticated Encryption with Associated Data (AEAD) modes:  CCM and GCM key sizes of 128, 192 and 256 bits
    • Software and Hardware introduced keys
    • Fast (20 SBOXes) core
  • DES/TDES Engine (REE and TEE)
    • DES: ECB and CBC modes
    • TDES: EDE and DED modes
  • HASH Engine (REE and TEE)
    • SHA-1, SHA-256, SHA-384, SHA-512 and MD5 modes, as well as HMAC
    • Automatic padding
  • PKA Engine (TEE Access only)
    • Public-key crypto based on the Discrete Logarithm problem, the Elliptic Curve Discrete Logarithm problem, and the Integer Factorization problem.
    • Supports integers in the range of 128 bits and 4K bits in size (in steps of 32 bits) 
  • KDF (TEE Access Only)
    • ASN.1 encoding (HASH based)
    • KDF1 (HASH based)
    • KDF2 (HASH based)
    • AES-CMAC-CTR based KDF

Security Resources

  • Security Lifecycle
    Enforcement of different security policies based on the affiliation of the SoC to “real world” entities (e.g.: Chip Manufacturer, OEM, etc.)
  • Roots of Trust Management
    Exclusive management of on-die Non-Volatile Memory, where the following items are stored:
    • A Device unique Secret Key
    • A Provisioning renewability secret
    • A Signature of the Public code distribution Key
    • Indexes  of the minimal Trusted and non-trusted SW versions
    • A Code-decryption key 
  • Secure Code Loading
    Code trustworthiness achieved by authenticity and integrity checks (certificates based) ran on the loaded software images. 
  • Secure Debug
    Debug trustworthiness achieved by authenticity checks of the debugging entity.
  • Random Number Generator
    A Random Number Generator comprised of a:
    • True Random Number Generator, providing some assured level of entropy (analyzed by Entropy Estimation logic).
    • Deterministic Random Bit Generator (DRBG) ‘seeded’ by the TRNG. 
  • Secure Timer
    A permanently powered hardware timer that provides the system the elapsed time in msec granularity. 
  • Secure Provisioning
    Secure the delivery of sensitive assets even when communicated over "hostile" environment (can be untrusted production/assembly floor or even the internet).
  • RPMB Key Management
    Per-Boot RPMB key derivation by a deterministic KDF (based on the Device unique Secret Key).
  • FIPS 140-2

Productization Tools

Get support

Arm support

Arm training courses and on-site system-design advisory services enable licensees to realize maximum system performance with lowest risk and fastest time-to-market.

Arm training courses  Open a support case

Want to know more about Security on Arm?

Learn more

Community Blogs

Blog post image
Getting started with Docker on Arm

Docker has partnered with Arm to drive adoption of containers into the Arm ecosystem. Read on for more information about using Docker to improve software development for the Arm architecture.

21 days ago by Jason Andrews
1
Blog post image
Enhanced compilation and debugging with Arm Development Studio 2019.0

The first update to Arm Development Studio is now available. Arm Development Studio 2019.0 builds upon the 2018.0 release, offering further support for the latest Arm IP and technologies.

1 months ago by Ronan Synnott
Blog post image
Arm Compiler 6.12: Bringing in security and improved performance

The new Arm Compiler 6.12 achieved the highest 4.02 CoreMarks/MHz on a Cortex-M33. New features include stack protection, global named register variables and Neoverse, Cortex-A65AE and Helium support.

1 months ago by Peterson Quadros
Blog post image
Compiler flags across architectures: -march, -mtune, and -mcpu

GNU compilers and LLVM-based compilers like the Arm Compiler for HPC have three compiler flags in common: -march, -mtune, and -mcpu.  I look at what these flags mean for GNU compilers and LLVM-based compilers like the Arm Compiler for HPC.

2 months ago by John Linford
Blog post image
Porting PuTTY to Windows on Arm

An in-depth look on porting PuTTY to Windows on Arm. Traditionally, programs like this have only ever been run on x86 machines. Simon Tatham explains how he got his side project PuTTY running on a Windows on Arm machine, and optimized the…

2 months ago by Simon Tatham
Blog post image
Developing for multi-core and heterogeneous devices made easy

Development Studio is the ideal solution for developing with complex multi-core and heterogeneous Arm based devices

3 months ago by Ronan Synnott

Community Forums

Answered Where do I find presentations and photos from SC'18? 1 votes 894 views 0 replies Started 5 months ago by John Linford Answer this
Not answered what action will be performed by the master based on the read and write responce in axi 4?
  • AXI
  • AXI4
 0 votes 15 views 0 replies Started 5 hours ago by Hem Patel Answer this
Not answered Object detection 0 votes 12 views 0 replies Started 6 hours ago by Martin Peniak Answer this
Suggested answer Cortex-A Support in MacOS
  • Cortex-A
  • GNU
 0 votes 464 views 4 replies Latest 6 hours ago by Ron Aaron Answer this
Not answered Trigger a Software Interrupt 0 votes 13 views 0 replies Started 6 hours ago by Aquox Answer this
Suggested answer Modify SP register and PC register in Cortex-M1 using Keil
  • R15 (PC Program Counter)
  • Cortex-M1
  • R13 (SP Stack Pointer)
  • Keil
 0 votes 106 views 3 replies Latest 10 hours ago by 42Bastian Schick Answer this
Answered Where do I find presentations and photos from SC'18? Started 5 months ago by John Linford 0 replies 894 views
Not answered what action will be performed by the master based on the read and write responce in axi 4? Started 5 hours ago by Hem Patel 0 replies 15 views
Not answered Object detection Started 6 hours ago by Martin Peniak 0 replies 12 views
Suggested answer Cortex-A Support in MacOS Latest 6 hours ago by Ron Aaron 4 replies 464 views
Not answered Trigger a Software Interrupt Started 6 hours ago by Aquox 0 replies 13 views
Suggested answer Modify SP register and PC register in Cortex-M1 using Keil Latest 10 hours ago by 42Bastian Schick 3 replies 106 views