SAN JOSE, Calif. — Rambus announced a security block based on the RISC-V core aimed, in part, to plug the Meltdown/Spectre flaws revealed earlier this year. The CryptoManager Root of Trust targets use in a wide spectrum of ASICs, microcontrollers, and SoCs in embedded systems.

Rambus claims that the new block sports several advantages over root-of-trust functions already integrated in most existing embedded processors. It suggested that OEMs should move this fundamental hardware-security function out of mainstream x86 and ARM embedded processors that Spectre/Meltdown showed are vulnerable to side-channel attacks.

However, an NXP security expert said that the root-of-trust function ideally should be implemented in a standalone chip, a practice that high-security systems use. The trend of integrating the function into larger chips helped save costs, but it was a step backward in security, said Sami Nassar, vice president of cybersecurity solutions at NXP Semiconductors.

“The security execution environment and the root of trust should be outside the main processor … you don’t want to mix security and general processing,” he said. “It’s not complicated to [isolate the two], and it doesn’t add much cost, but people cut corners, and it’s proven to be a weak model.”

Rambus argues that its block lets designers at least move the key security functions off of embedded processors that often use speculative execution. Spectre/Meltdown showed that the popular performance-boosting function can leave secure data exposed in caches.

Nassar countered that highly secure systems generally use standalone root-of-trust chips separately from host processors. Integrated chips are more vulnerable because they share I/O and cache blocks, he said.

The first mainstream implementations of hardware root-of-trust security defined by the Trusted Computing Group nearly 15 years ago were standalone chips called secure modules. However, over time, major processor and IP vendors such as Intel and ARM subsumed those functions in their chips.

The big processor and IP vendors argued that their implementations kept secure and open paths separate inside a chip. However, the Spectre/Meltdown attacks showed that the complexity of today’s devices leave room for vulnerabilities that are sometimes not found for years.

Rambus and others argue that the new block and the RISC-V core that it is based on have advantages over transitional implementations of a root of trust.

For example, the CryptoManager supports multiple roots, letting processes use the core without exposing keys or secrets to other processes. The Rambus core is fully programmable and sports new levels of protection against side-channel attacks, emulation, reverse-engineering, and other hacks.

A Rambus security expert was one of the researchers behind the initial papers on Spectre/Meltdown. The company announced last year that it would provide a crypto core for IoT as part of a third-party IP program created by startup SiFive, a RISC-V provider.

After some initial hiccups, Intel said in March that it now has firmware available to mitigate Spectre/Meltdown flaws in its processors as much as nine years old. It promised that changes in hardware to plug the flaws will emerge in new Xeon and Core chips starting in the second half of this year.

“The semiconductor industry faced some of its biggest security issues this year with recent vulnerabilities, and the potential to encounter additional security flaws will not go away any time soon as more IoT devices enter the market,” said Abhi Dugar, an IoT security analyst for International Data Corp., speaking in a Rambus press release.

“To address existing and new threats, establishing trust at the hardware level will be critical, and a secure siloed core can help ensure that this new generation of devices can be protected from security flaws.”

— Rick Merritt, Silicon Valley Bureau Chief, EE Times