Cryptographic Hardware Features Supporting Security
RSL15 provides the following which—while security-related—do not form part of the secure operation of the device but allow user applications access to security-related functionality:
- Hardware accelerators that provide support for cryptographic operations, including secure data storage, transmission, and authentication of wired transmissions
- The APIs to the cryptography features explained in the Arm TrustZone CryptoCell-312 Software Developers Manual
- Sample code, which is provided for many of the cryptographic operations.
IMPORTANT: The CC312 functions, when using hardware accelerators, use a WFI instruction while waiting for the hardware accelerator to complete its processing. Therefore, these functions must not be called in the context of any interrupt routines that have a priority higher than, or equal to, the CC312 interrupt. |
The Arm CryptoCell-312 security IP provides facilities to support the following features:
- Support for a True Random number Generator (TRNG)
- There are two independent TRNG mechanisms defined in RSL15, each of which meets different industry standards. An application needs to use whichever Arm Cryptocell-312 library (.a file) corresponds to its required TRNG mode.
- Symmetric and asymmetric cryptography, including support for the following algorithms:
- AES
- SRP
- SHA
- CCM
- GCM
- RSA
- ECDSA
- ECDH
- ECIES
- CTRDRBG
- CHACHA
- MAC
- DHM
- Key derivation
- Device life cycle state management
- Root of Trust (RoT) access policy enforced by hardware mechanisms
- An RoT ownership model allows for multiple distinct trust anchors.