Cryptographic Hardware Features Supporting Security

RSL15 provides the following which—while security-related—do not form part of the secure operation of the device but allow user applications access to security-related functionality:

  • Hardware accelerators that provide support for cryptographic operations, including secure data storage, transmission, and authentication of wired transmissions
  • The APIs to the cryptography features explained in the Arm TrustZone CryptoCell-312 Software Developers Manual
  • Sample code, which is provided for many of the cryptographic operations.

IMPORTANT: The CC312 functions, when using hardware accelerators, use a WFI instruction while waiting for the hardware accelerator to complete its processing. Therefore, these functions must not be called in the context of any interrupt routines that have a priority higher than, or equal to, the CC312 interrupt.

The Arm CryptoCell-312 security IP provides facilities to support the following features: 

  • Support for a True Random number Generator (TRNG)
    • There are two independent TRNG mechanisms defined in RSL15, each of which meets different industry standards. An application needs to use whichever Arm Cryptocell-312 library (.a file) corresponds to its required TRNG mode.
  • Symmetric and asymmetric cryptography, including support for the following algorithms:
    • AES
    • SRP
    • SHA
    • CCM
    • GCM
    • RSA
    • ECDSA
    • ECDH
    • ECIES
    • CTRDRBG
    • CHACHA
    • MAC
    • DHM
    • Key derivation
  • Device life cycle state management
  • Root of Trust (RoT) access policy enforced by hardware mechanisms
    • An RoT ownership model allows for multiple distinct trust anchors.