SoC secure boot hardware engine IP core available from CAST

1 min read

The semiconductor intellectual property provider, CAST, has announced a new security IP product that SoC developers can use to ensure that their system only boots with unmodified firmware from a trusted source.

The GEON-SBoot GEON Secure Boot Hardware Engine employs public-key encryption, namely RSA or optionally NIST-validated Curves, to ensure the integrity and authenticity of a system's boot image firmware.

This approach requires no secret to be stored on the chip, resisting physical and side-channel attacks, easing security deployment, and enabling secure firmware updates over the air (OTA). GEON-SBoot can optionally use AES-GCM symmetric authenticated encryption to protect the confidentiality of the firmware and prevent other devices from running firmware clones.

Functioning autonomously without any software assistance from the host CPU(s), GEON-SBoot’s operation is isolated and, as such, is claimed to be immune to software attacks.

GEON-SBoot provides a number of security benefits with minimal impact on silicon area or system performance. A typical base configuration occupies approximately 50,000 gates and requires 8k to 11k bytes of internal memory. Its impact on boot time is typically on the order of a few milliseconds.

The new secure boot engine is compatible with nearly any system and using it is straightforward. GEON-SBoot works with all modern processor architectures - including RISC-V and ARM - and is independent of memory types.

Standard AMBA AHB and APB interfaces simplify system integration.

GEON-SBoot also provides boot control flow flexibility, and designers can optionally use the crypto accelerators within it post-boot elsewhere in their system.

The GEON-SBoot IP core is production-proven and is shipping now with royalty-free licensing in RTL source code for ASICs or optimised netlists for FPGAs.

The off-the-shelf, ready-to-use GEON-SBoot product complements the GEON-SoC SoC Security Platform/Hardware Root of Trust, a semi-custom package of IP cores and capabilities that CAST optimises for any particular system in collaboration with the system’s developers.

CAST also offers a variety of AES, SHA, and other Encryption Primitive IP Cores for easily adding a secure hardware crypto engine where required.

GEON-SBoot is sourced from Beyond Semiconductor, who have extensive experience in processor design and system security solutions.