Knowledge Center
Knowledge Center

Root of Trust

Trusted environment for secure functions.


Roots of Trust are highly reliable hardware, firmware, and software components that perform specific, critical security functions. They are building blocks upon which other components can derive secure functions. Since roots of trust are inherently trusted, they must be secure by design.

Hardware Roots of Trust are typically defined by a set of requirements. These include a trusted execution environment (TEE) for privileged software to run, ability to perform cryptographic functions, a form of tamper protection present at all times, and a user interface the host can interact with.

A security perimeter is an important component of a hardware root of trust and defines what needs to be protected on an SoC. This includes a secure CPU, runtime memory, and secure access to persistent storage.

In addition to the CPU, dedicated hardware cryptographic accelerators may be used to save power and area over software implementations. A True Random Number Generator (TRNG) is necessary to produce the level of entropy needed for cryptographic functions.

The entire root of trust is protected by tamper resistance mechanisms. These validate code before allowing it to run on the secure CPU and should provide immunity from software attacks. Ideally, tamper protection would also protect against physical attacks, but in reality perfect physical attack protection is difficult if not impossible. Still, it should be able to resist some physical attacks.

A Chain of Trust is created when a root of trust passes measured and validated instructions along to hardware, firmware, or software that is not part of the root of trust. This continues, with each component trusting the code it is executing because it has been accepted by the link before it, leading all the way back to the root of trust.

A number of companies provide hardware roots of trust as licensable IP that can be integrated into other designs.


Securing ICs With Information Flow Analysis


Holes In AI Security


Complexity's Impact On Security


Tech Talk: HW Security