System Security on a Chip
Arm TrustZone CryptoCell is a range of security sub-systems (Hardware and Software) that provide platform level security as well as acceleration and offloading. CryptoCell enables the protection of assets (code and data) belonging to different stakeholders in an ecosystem (e.g. silicon vendor, OEM, service provider, user). CryptoCell enables SoC designers to trade off area, power, performance or robustness in a very flexible manner so that SoC designs can be optimized to achieve the most appropriate security level for the target market. Integration of the CryptoCell package in the target design is simple and straightforward, using standard HW and SW interfaces.
The CryptoCell package includes hardware, on-device software (for both production and deployment scenarios) and device-external tools that are needed to complete the platform security mechanisms CryptoCell provides. Amongst other things, it includes efficient hardware cryptographic engines, TRNG, root of trust/key management functions, secure boot, secure debug, lifecycle management and policy enforcement functions.
The Arm TrustZone CryptoCell Families
Arm CryptoCell-300 Family
Arm CryptoCell-700 Family
The CryptoCell-700 family is aimed at higher performance systems.
CryptoCell-700 series is usually coupled with Cortex-A CPUs for performance intensive use cases (e.g. mobile).
Learn more about the CryptoCell-700 family
Key highlights of Arm TrustZone CryptoCell
- CryptoCell is an embedded security platform suitable for a wide range of SoC markets including automotive, mobile, home automation, smart energy, industrial IoT and more. It is compatible with processors that have TrustZone architectural extensions but can also be used where this is absent (such as Cortex-R processors).
- CryptoCell offers an outstanding level of platform level security, while addressing challenging requirements for increased system complexity, high performance, low power consumption and small footprint.
- CryptoCell multi-layered hardware and software architecture combines hardware accelerators, root-of-trust control hardware with a rich layer of security software and off chip tools.
- The CryptoCell architecture is modular and flexible by design, allowing the security solution to be tailored to meet market requirements.
Addressing key security requirements
Digital devices deal with a wide range of possible threats; CryptoCell addresses the different security requirements coming from different stakeholders. Standard bodies and commercial organizations, such as Global Platform, NIST, MIIT, Google, Apple, Microsoft and others, define different attack vectors as pertinent (software attacks, inter-chip signal probing, board level software-based debug and test attacks, physical interface attacks and more).
To enable SoC vendors to address these attacks, CryptoCell offers protection of key device assets. Key device assets usually include:
- Software images (system, application, etc.)
- Key material (such as device or application keys)
- Data (such as corporate data, 3rd party data such as audiovisual content, or user data)
TrustZone CryptoCell facilitates these security requirements and provides the necessary tools and building blocks to mitigate such attacks.
Security Certification and Compliance
Security certification schemes based on standards like FIPS 140-2 or the Common Criteria based GlobalPlatform TEE, are all targeted at verifying the security of complete products. TrustZone CryptoCell provides the tools, building blocks and documentation necessary to comply with these standards.
It also provides the necessary security infrastructure to comply with the robustness rules that are published by many commercial organizations and consortiums (such as Microsoft, China DRM Forum, Google, DCP LLC, Thread, IETF and more).
Commercial deployment and market traction
CryptoCell is commercially deployed within chipsets covering many different verticals and markets such as mobile, IoT, home entertainment and automotive.