Security Features

  • Flash OTP by ICSP Write Inhibit
    • On-Chip Secure Boot Flash Configurable as an Immutable Root of Trust
      • Parts of the Flash memory can be configured as OTP
    • Capabilities include:
      • Secure boot support: Validation of host code image and host code signature
      • Secure update support for host code: Secure encryption key storage and image decryption
      • X.509 certification storage, parsing, validation and revocation, supporting both ECC and RSA
    • 128-bit Unique Device Serial Number for Identification (UUID)
    • Support for Secure Use Cases:
      • Secure boot
      • Key Storage in IRT/Immutable secure boot region for realizing:
        • secure boot
        • secure firmware update
        • secure debug
    • Flash Protection
      • Configuration of up to eight Flash protection regions across ranges of Flash addresses
      • Regions can be configured as:
        • Immutable Root of Trust (IRT)
        • OTP region
        • A combination of R/W/X protections.
      • Regions can be:
        • Made permanent
        • Locked until device reset
        • Enabled/disabled during code execution
      • Flash protection regions can apply to the active partition, the inactive partition, or both
  • Crypto Accelerator Module (CAM)
    • AES-128, AES-192, and AES-256: Fully Compliant with NIST FIPS 197
      • ECB, CBC, CFB, OFB, CTR, GCM, CCM, XTS, CMAC modes
    • HASH/MAC
      • SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 capability
      • SHA-1, SHA-256, SHA-224, SHA-384 and SHA-512 capability
    • Public Key Cryptography: RSA, DSA, and ECC
      • RSA with/without Chinese Remainder Theorem (CRT). Up to 4096-bit key length:
        • Prime Field P-192, P-224, P-256, P-384, P-521
        • Binary Field K-163, K-233, K-283, K-409, K-571
        • Binary Field B-163, B-233, B-283, B-409, B-571
        • P-224, P-256, P-384, and P-521 Elliptic Curve – ECDSA Sign/Verify
      • DSA support for up to 2048-bit key length
      • ECDH support for P256 and P224 Curves
      • SECP256K1 (Bitcoin/Blockchain curve) ECDSA support
      • 256-bit Brainpool Elliptic Curve support – ECDSA, ECDH
      • Elliptic Curve Diffie Hellman (ECDH/ECDHE) Key Agreement
    • NIST-800-22 and NIST-800-90B Compliant True Random Number Generator (TRNG)