TrustZone CryptoCell-312 Security IP

Arm® TrustZone® CryptoCell-312 is a comprehensive security solution for low power, low area designs.

It enhances SoC-level security with features protecting the authenticity, integrity and confidentiality of code and data belonging to different stakeholders (for example the chip maker, device maker, service provider and user).

The Armv8-M inherent TrustZone capability serves as a Root of Trust (RoT), isolating assets in one execution environment and preventing them from being exploited through software vulnerabilities in another environment.

As the lock diagram on the right illustrates, CryptoCell-312 both complements the TrustZone isolation and builds on it. It provides additional trust anchors and security mechanisms to assure the execution state is safe (for a given threat model).

These mechanisms include: persistent storage of secrets, rollback prevention, validation of loaded software, validation of software updates, cryptography, True Random Number Generation, strong authentication of parties prior to giving them access to resources and more.

Balancing the right security solution

A security solution balances the right set of measures so you can effectively address the target threat model, without affecting the usability of the product. It’s important to ensure that the user experience is not impacted, while maintaining the overall power and area budget.

The certifiable CryptoCell-312 solution allows you to tick all the boxes, using hardware, on-chip software and a rich set of off-device tools, addressing various manufacturing and ecosystem enablement processes (e.g. certificates generation, code encryption and more).

All of the CryptoCell-312 components are provided in source code format.

 

Enabling a full set of security services

Designed with all relevant, state-of-the-art security related standards in mind, CryptoCell-312 supports the following functional features:

  • Asymmetric and asymmetric cryptography
  • True Random Number Generator
  • Device lifecycle state management
  • Roots-of-trust access policy enforced by HW means
  • Roots-of-trust ownership model allowing multiple entities to own different trust anchor, removing the need for default trust between entities along the value chain
  • Keys & assets provisioning, management and isolation, across different device operational scenarios, both in–factory and in the field
  • SW image validation and optional decryption both at boot time and update time
  • Secure debug and DFT

The key benefits of CryptoCell-312

  • CryptoCell-312 allows design teams to get security right

  • Free up tens of man years and enabling design teams to focus on their real differentiation

  • Validated & Integrated with SSE-200, SIE-200, Cortex-M23, Cortex-M33 and v8-M software stack

  • CryptoCell-312 provides a rich set of platform security services, enabling brand-name protection, IP protection (improved monetization of R&D investment) and various use cases across all IoT markets

  • CryptoCell-312 increases performance by 10-15x (when compared to SW only operations) on cryptography tasks

Hardware Perfomance

Hardware performance: based on hardware only, zero ABH read/write delay and 1KB chunks of data

   HW performance, including DMA and AHB (Bits/clock)
HASH SHA256
 5.88
AES (128b keys)
 3.07
CHACHA20  6.18

Frequency

CryptoCell-312 gets to 200MHz on TSMC CLN40ULP (7T).

Want to know more about Security on Arm?

Learn more