2 Overview

The TA100 security device interfaces with a host MCU to provide a hardened root of trust with symmetric and asymmetric computation ability to facilitate a number of security-related capabilities within an automotive system.

• Secure boot support:
  • Host code image and signature validation
  • Secure encryption key storage and image encryption
  • Authenticated update of the code validation public key
• X.509 certificate storage, parsing, validation and revocation, supporting both ECC and RSA
• Fully internal random key generation for RSA, ECC and AES
• Monotonic counters protected against tearing
• Elliptic curves support:
  • P224 – ECDSA sign, verify, ECDH and ECBD
  • P256 – ECDSA sign, verify and ECDH
  • SECP256K1 (Bitcoin/Blockchain) – ECDSA support
  • 256-bit Brainpool – ECDSA and ECDH
  • P384 – ECDSA sign and verify
• RSA support:
  • 1024-bit and 2048-bit RSA OAEP/MGF encrypt/decrypt
  • 2048-bit RSA signature generation and verification
  • 3072-bit RSA verification
• ECDH key management capability with integrated KDF, either PRF or HKDF
• NIST SP800-90 A/B/C high-quality cryptographic random number generation
• TLS V1.2/V1.3 – Full session establishment support in conjunction with host SW
• AES-CMAC calculation and validation
• AES-ECB and GCM encrypt/decrypt for general purpose use
• SHA-256 and SHA-HMAC digest calculation
• Input/output encryption and authentication using AES-GCM, AES-CMAC and/or SHA-HMAC
• Flexible self-test support to meet FIPS 140 requirements
• Cryptographic support for High-Bandwidth Digital Content Protection (HDCP) V2.2