Arm CryptoCell-312 Security IP

Arm CryptoCell-312 is a comprehensive security solution for low power, low area designs.

It enhances SoC-level security with features protecting the authenticity, integrity and confidentiality of code and data belonging to different stakeholders (for example the chip maker, device maker, service provider and user).

The Armv8-M inherent capability serves as a Root of Trust (RoT), isolating assets in one execution environment and preventing them from being exploited through software vulnerabilities in another environment.

As the lock diagram on the right illustrates, CryptoCell-312 both complements the isolation and builds on it. It provides additional trust anchors and security mechanisms to assure the execution state is safe (for a given threat model).

These mechanisms include: persistent storage of secrets, rollback prevention, validation of loaded software, validation of software updates, cryptography, True Random Number Generation, strong authentication of parties prior to giving them access to resources and more.

Simplifying the design of secure IoT systems

Free on-demand training webinar about Arm CryptoCell

Want to know more about Arm CryptoCell?

A locking device.

Balancing the right security solution

A security solution balances the right set of measures so you can effectively address the target threat model, without affecting the usability of the product. It’s important to ensure that the user experience is not impacted, while maintaining the overall power and area budget.

The certifiable CryptoCell-312 solution allows you to tick all the boxes, using hardware, on-chip software and a rich set of off-device tools, addressing various manufacturing and ecosystem enablement processes (e.g. certificates generation, code encryption and more).

All of the CryptoCell-312 components are provided in source code format.


Validating if a system works.

Enabling a full set of security services

Designed with all relevant, state-of-the-art security related standards in mind, CryptoCell-312 supports the following functional features:

  • Asymmetric and asymmetric cryptography.

  • True Random Number Generator.

  • Device lifecycle state management.

  • Root of Trust access policy enforced by hardware means.

  • Root of Trust ownership model allowing multiple entities to own different trust anchor, removing the need for default trust between entities along the value chain.

  • Keys and assets provisioning, management and isolation, across different device operational scenarios, both in-factory and in the field.

  • Software image validation and optional decryption both at boot time and update time.

  • Secure debug and design for test.

The key benefits of CryptoCell-312

  • CryptoCell-312 allows design teams to get security right.

  • Free up tens of man years and enabling design teams to focus on their real differentiation.

  • Validated and integrated with SSE-200, SIE-200Cortex-M23, Cortex-M33 and v8-M software stack.

  • CryptoCell-312 provides a rich set of platform security services, enabling brand-name protection, IP protection (improved monetization of R&D investment) and various use cases across all IoT markets.

  • CryptoCell-312 increases performance by 10-15x (when compared to software only operations) on cryptography tasks.

Hardware Performance

Hardware performance: based on hardware only, zero ABH read/write delay and 1KB chunks of data

   Hardware performance, including DMA and AHB (Bits/clock)
AES (128b keys)
CHACHA20  6.18


CryptoCell-312 gets to 200MHz on TSMC CLN40ULP (7T).

Want to know more about Security on Arm?

Learn more