Securing The Semiconductor Supply Chain With Secure Provisioning

Securely programming high-value data into SoCs and devices during manufacturing.


The level of awareness of supply chain risks is rising and threats are being seen on many fronts. The Semiconductor Industry Association has reported instances of counterfeit parts being detected in critical systems, such as medical devices, transportation, and infrastructure. The scope, scale, and urgency of the problem are getting the attention of industry and government alike.

The semiconductor supply chain is both multi-tiered and complex. Securing the supply chain starts early in the SoC (system on a chip) design process to provide the security assets, which are the foundation of chips, as well as supply chain security. The integrity of the chips and the devices they go into must be secured from the foundry through testing, packaging, and distribution. As security concerns are becoming a critical issue in certain market segments, such as automotive, defense, and healthcare, the call for a trusted semiconductor supply chain is coming from all corners, including device makers, system integrators, service providers, end users, and governments.

The consequences that can arise from an insecure supply chain are real and pervasive throughout the electronics value chain. At the chip design level, there are concerns with IP theft and reverse engineering. In the manufacturing process, over production of chips and the packaging of gray market parts are where functional, performance, reliability, and safety concerns can start. At the distribution tier, it’s the creation of clones or malicious code being inserted that are the concerns. At the device maker level, there is a risk of counterfeit devices. At the Electronic Manufacturing Services (EMS) level, tampering with or modifying the devices can occur. In the field, malicious attacks on services, such as distributed denial of service or attacks on devices and the data generated, are now becoming more and more common. And finally, even at the end of life, chips could potentially be recycled and put back into use well beyond their useful life. At all stages of the chip life cycle, it’s becoming increasingly critical to ensure supply chain integrity as the risks go beyond just economic and include the performance, safety, and security of almost everything that makes up what has become a digital economy.

Securing the supply chain begins with the design and manufacturing of chips. One of these critical processes is secure provisioning at the manufacturing stage. What is secure provisioning? Secure provisioning is a set of specialized tools and processes that enable high value data such as keys, device IDs, certificates, feature settings, etc., to be securely programmed into SoCs and devices during manufacturing. It interfaces with the root of trust IP on chips and devices to enable secure storage of provisioned data and provides evidence of provisioning and interfaces with key and certificate management services to enable identity assurance.

Why does secure provisioning matter? It enables the security features of SoCs, which are usually dependent on the provisioning of device unique key material. It protects costly SoC IP throughout an insecure supply chain. It provides the basis of trust of devices, their identity and provenance in the data they generate, and supports infield, trusted device management, services onboarding, secondary provisioning, feature enablement, cloud security services, et cetera.

The Rambus CryptoManager platform is a leading secure provisioning solution in use by some of the world’s largest semiconductor and electronic system companies. It provides solutions for both manufacturing provisioning, as well as post-manufacturing key and certificate management services. The scope of the CryptoManager solutions address the need to securely insert high value assets and data into chips at any stage of the supply chain and enables the provisioned assets to be leveraged throughout the chip life cycle to secure devices, data, and services.

Additional resources:

Leave a Reply

(Note: This name will be displayed publicly)