Silex Insight, a leading provider for flexible security IP cores, and Andes Technology Corporation, a leading supplier of high efficiency, low-power 32/64-bit RISC-V processor cores, collaborates to bring flexible and scalable Root-of-Trust security IP solutions integrated with RISC-V core to the industry.
Silex Insight & Andes Team Up
Our combined solution
Through our popular RISC-V processors, we have been engaged with a wide variety of customer applications. We observe that security is becoming fundamental now to all devices and connected services. Therefore we have gathered all our security solutions under one framework called AndeSentry™, where Silex Insight plays an important role with their top-notch performance solutions.
We are excited to be able to deliver configurable and efficient security turnkey solutions, includingSilex Insight’s eSecure IP module platform, to chip design teams which need highly reliable protection.
Dr. Charlie Su
President and CTO
This unique solution combines Silex Insight’s hardware security engines with high performance
accelerators for symmetric and asymmetric cryptography together with Andes’ versatile RISC-V processors, so customers can authenticate and protect their solution in the field easily. Furthermore, customers can perform secure failure analysis/RMA (certificate based, set permissions levels, public key cryptography).
Security solution for the IoT
A robust secure solution, including end-to-end secure debugging, that is perfect for security-sensitive applications
We are able to deliver a one-stop-shop and ready-to-go solution to SoC makers who need advanced security and efficiency.
With Andes Technology’s high efficiency and low-power RISC-V CPU core together with our eSecure Root-of-Trust turnkey solution, customers who demand high security on their devices can easily prevent hostile attacks from the outside world and at the same time perform end-to-end secure debugging.
VP of Global Sales
Provides the strongest security architecture
Any IoT chip
manufacturer can now provide a security architecture that ensures its customers have the
strongest possible foundation to create the secure devices that the IoT so desperately
Can be added in hardware to any IoT chip
We have pre-integrated and pre-validated a solution that is available now. In addition it is configurable and thus provides a wide-range selection of security features, which can be adapted for any application for performance, area and energy consumption
eSecure - Security Enclave
The eSecure IP is a single subsystem for SoC/ASIC/FPGA to address key security challenges, playing the role of Root-of-Trust. The module is highly flexible and fits all applications of the heterogeneous Internet-of-Things ecosystem, from the ultra-low power sensor to the connected car.
Scalable & Flexible
Customizable - No fixed configurations & performances
Supports a very broad and recent crypto functions
It can also be configured to have the appropriate trade-off between resources and performances for specific customer applications
No external devices & no additional components
Easier to interfere a communication between
2 components if physical access to the device
Keeps the typical “secure key storage”
Even without embedded Flash
Broad Range of High Performance Cryptos
Ideal for network packet encryption or crypto offloading
Includes a AXI DMA interface to the Host memory space
Keeping the key hidden from the host CPU
Secure OTA Updates
The eSecure IP can be updated using secure SW
update Over-the-air (OTA) without reloading new keys
New features/updates/removal can quickly be
Execute authenticated and trusted software
Prevent malicious code execution
Reduced board area, board layers
Less complexity at the PCB level
Smooth integration of the eSecure IP
No need for a new chip for new features/updates/removal
Lower product cost, replacing many discrete
components with one chip
Less components = reduced inventory cost
Authenticate and protect in-the-field
Perform secure failure analysis/RMA
Set permissions levels
Public key cryptograph
No security chip needed on the board so
AndesCore™ RISC-V Processor
AndesCore™ CPU IP core used in eSecure is a 32-bit processor for embedded applications that require low energy consumption and small area. It has several efficient performance features, including simple dynamic branch prediction, instruction cache, and local memories. It supports 32 or 16 general purpose registers (GPRs) and fast or small multiplier for performance/area trade-off.
AndeStar™ V5/V5e Instruction Set Architecture (ISA), compliant to RISC-V technology
Andes extensions, architected for performance and functionality enhancements
32-bit CPU architecture
16/32-bit mixable instruction format for compacting code density
Branch predication to speed up control code
Physical Memory Protection (PMP)
Core-Local Interrupt Controller (CLIC) with selective vectoring and priority preemption
Flexibly configurable Platform-Level Interrupt Controller (PLIC) for supporting SoC with multiple processors
Advanced CoDense™ technology to reduce program code size
StackSafe™ hardware to help measuring stack size, and detecting runtime overflow/underflow
Several configurations to trade-off between core size and performance requirements
Security Enclave based on RISC-V
The eSecure IP is a complete standalone module that enables security applications by shielding the secret information from the non-secure application running on the main processor. The firewall prevents any unauthorized access to the secret data. The secure controller embedded in the eSecure module keeps full control of the execution of the security functions. In some designs, the secure controller can be optionally virtualized in the host processor. Customers have received PSA Level 3 certification. The eSecure is delivered with end-to-end secure debugging solution.
TLS/DTLS (TLS/SSL 1.2/1.3) IPsec and MACsec Thread networking, Apple Homekit,Bluetooth, Zigbee and more
- Multiple tamper detection mechanisms
- Configurable depending on threat model
- Digital sensors
Secure Any Application
The Security Enclave IP is a very efficient solution to enable any secure application on chip. The hardware module shielded from the main processor brings a high level of security. Also the hardware offloading of the cryptographic operations from the main processor to the eSecure module guarantees a low power operation. The Security Enclave IP module is tuned to the target application in terms of feature and performance.
LET'S MAKE RISC-V CONNECTED SYSTEMSSYNONYMOUS WITH SECURITY
SECURITY ENCLAVE IP BASED ON
If you are designing systems based on a RISC-V architecture, for example to run highly connected applications, you want to include tight, future-proof security. Both for your customers’ experience and your reputation, you want to avoid a breach of security – leaking private data or even changing the functionality. Therefore, security should be part of the fabric of your system. Learn more about a security enclave solution ready to safeguard your processor and the applications it runs from malicious intrusion and manipulation.
Andes Technology (TWSE: 6533; SIN: US03420C2089; ISIN: US03420C1099) was established in Hsinchu Science Park in 2005. Sixteen years in business and a founding Premier member of RISC-V International, Andes is a leading supplier of high-performance/low-power 32/64-bit embedded processor IP solutions, and a main force to take RISC-V mainstream. Andes’ fifth-generation AndeStar™ architecture (V5) adopted the RISC-V as the base. Its V5 RISC-V CPU families range from tiny 32-bit cores to advanced 64-bit cores with DSP, FPU, Vector, Linux, superscalar and/or multicore capabilities. The annual volume of Andes-Embedded SoCs has exceeded 2 billion since 2020 and continues to rise.
Silex Insight is a recognized market-leading independent supplier of Security IP solutions for embedded systems. The security platforms and solutions from Silex Insight include flexible and high-performance crypto engines which are easy to integrate and an eSecure IP module that provides a complete security solution for all platforms. Developments take place at the headquarters near Brussels, Belgium.