Security Enclave
Applications
Brochure
About
eSecure
AndesCore
Contact Us

Silex Insight, a leading provider for flexible security IP cores, and Andes Technology Corporation, a leading supplier of high efficiency, low-power 32/64-bit RISC-V processor cores, collaborates to bring flexible and scalable Root-of-Trust security IP solutions integrated with RISC-V core to the industry.

Silex Insight & Andes Team Up

Our combined solution

Through our popular RISC-V processors, we have been engaged with a wide variety of customer applications. We observe that security is becoming fundamental now to all devices and connected services. Therefore we have gathered all our security solutions under one framework called AndeSentry™, where Silex Insight plays an important role with their top-notch performance solutions.


We are excited to be able to deliver configurable and efficient security turnkey solutions, includingSilex Insight’s eSecure IP module platform, to chip design teams which need highly reliable protection.

Dr. Charlie Su

President and CTO

This unique solution combines Silex Insight’s hardware security engines with high performance accelerators for symmetric and asymmetric cryptography together with Andes’ versatile RISC-V processors, so customers can authenticate and protect their solution in the field easily. Furthermore, customers can perform secure failure analysis/RMA (certificate based, set permissions levels, public key cryptography).

Security solution for the IoT

A robust secure solution, including end-to-end secure debugging, that is perfect for security-sensitive applications

We are able to deliver a one-stop-shop and ready-to-go solution to SoC makers who need advanced security and efficiency.


With Andes Technology’s high efficiency and low-power RISC-V CPU core together with our eSecure Root-of-Trust turnkey solution, customers who demand high security on their devices can easily prevent hostile attacks from the outside world and at the same time perform end-to-end secure debugging.

Pieter Willems

VP of Global Sales

and Marketing

Provides the strongest security architecture

Any IoT chip manufacturer can now provide a security architecture that ensures its customers have the strongest possible foundation to create the secure devices that the IoT so desperately requires.

Can be added in hardware to any IoT chip

We have pre-integrated and pre-validated a solution that is available now. In addition it is configurable and thus provides a wide-range selection of security features, which can be adapted for any application for performance, area and energy consumption

eSecure - Security Enclave

The eSecure IP is a single subsystem for SoC/ASIC/FPGA to address key security challenges, playing the role of Root-of-Trust. The module is highly flexible and fits all applications of the heterogeneous Internet-of-Things ecosystem, from the ultra-low power sensor to the connected car. 

Scalable & Flexible

  • Customizable - No fixed configurations & performances
  • Supports a very broad and recent crypto functions

It can also be configured to have the appropriate trade-off between resources and performances for specific customer applications

Best-in-class Security

  • No external devices & no additional components 

Easier to interfere a communication between 2 components if physical access to the device

  • Keeps the typical “secure key storage” 

Even without embedded Flash

Broad Range of High Performance Cryptos

  • Ideal for network packet encryption or crypto offloading
  • Includes a AXI DMA interface to the Host memory space 

Keeping the key hidden from the host CPU 

Secure OTA Updates

  • Lifecycle management
  • The eSecure IP can be updated using secure SW update Over-the-air (OTA) without reloading new keys
  • New features/updates/removal can quickly be implemented

Secure Boot

  • Execute authenticated and trusted software
  • Prevent malicious code execution

Small Footprint

  • Reduced board area, board layers
  • Less complexity at the PCB level

Time-to-market Acceleration

  • Smooth integration of the eSecure IP
  • No need for a new chip for new features/updates/removal

OTA available

Cost Effective

  • Lower product cost, replacing many discrete components with one chip
  • Less components = reduced inventory cost

Secure Debugging

  • Authenticate and protect in-the-field
  • Perform secure failure analysis/RMA

Certificate based 

Set permissions levels 

Public key cryptograph

Easy integration

  • No security chip needed on the board so straightforward implementation

AndesCore™ RISC-V Processor

AndesCore™ CPU IP core used in eSecure is a 32-bit processor for embedded applications that require low energy consumption and small area. It has several efficient performance features, including simple dynamic branch prediction, instruction cache, and local memories. It supports 32 or 16 general purpose registers (GPRs) and fast or small multiplier for performance/area trade-off.

  • AndeStar™ V5/V5e Instruction Set Architecture (ISA), compliant to RISC-V technology
  • Support RV32IMAC/EMAC
  • Andes extensions, architected for performance and functionality enhancements
  • 32-bit CPU architecture
  • 16/32-bit mixable instruction format for compacting code density
  • Branch predication to speed up control code
  • Configurable Multipiler
  • Physical Memory Protection (PMP)
  • Core-Local Interrupt Controller (CLIC) with selective vectoring and priority preemption 
  • Flexibly configurable Platform-Level Interrupt Controller (PLIC) for supporting SoC with multiple processors
  • Advanced CoDense™ technology to reduce program code size
  • StackSafe™ hardware to help measuring stack size, and detecting runtime overflow/underflow
  • Several configurations to trade-off between core size and performance requirements

Security Enclave based on RISC-V

The eSecure IP is a complete standalone module that enables security applications by shielding the secret information from the non-secure application running on the main processor. The firewall prevents any unauthorized access to the secret data. The secure controller embedded in the eSecure module keeps full control of the execution of the security functions. In some designs, the secure controller can be optionally virtualized in the host processor. Customers have received PSA Level 3 certification. The eSecure is delivered with end-to-end secure debugging solution.

Supports Crypto Offloading

Wide range of cryptographic algorithms

Asymmetric: RSA/ECC/ECDSA/Curve25519/EdDSA/SRP/J-PAKE ... 
Symmetric: AES/SHA/ChaCha20-Poly1305/ARIA … TRNG + DRBG (NIST 800-90A/B/C)

Algorithms specific to the Chinese market

Asymmetric: SM2/SM9Symmetric: SM3/SM4/ZUC

Post-quantum cryptography (PQC) algorithms

Answer ALL Your Security Needs

FPGA Chip

Secured System-on-Chips (SoC)

Device Unique Identity

Proven Root-of-Trust for use with ASICs

Prevents counterfeiting and cloning

Secure boot

Identify and trust your devices

- Execute authenticated and trusted software

- Prevent malicious code execution


- Uniquely identify each manufactured part

- Authenticate your device

Authenticate your code at run-time

Device rights management

Secure software update (Field upgradable)

Attestation

Anti-rollback protection

Device decommissioning

Secure Storage of Secret Information

Secure Debugging

FPGA Chip

Confidentiality and authenticity is guaranteed

Authenticate and protect in-the-field

Store secret assets

Perform secure failure analysis/RMA

- In protected and unprotected storage

- Certificate based

- Set permission levels

- Public key cryptography

Confidentiality & authenticity

- Achieved with strong cryptographic algorithms

Secure key provisioning

- Key revocation

Ready-to-sell

Side-channel Attack Protection

Secure Communication

Protect against external physical attacks

Only using the most secure & latest algorithms

Unique efficiency DPA countermeasures

- AES        - Public Key Accelerator       - SM4

TLS/DTLS (TLS/SSL 1.2/1.3)
IPsec and MACsec
Thread networking, Apple Homekit,Bluetooth, Zigbee and more

Anti-tampering

- Multiple tamper detection mechanisms

- Configurable depending on threat model

- Digital sensors

Secure Any Application

The Security Enclave IP is a very efficient solution to enable any secure application on chip. The hardware module shielded from the main processor brings a high level of security. Also the hardware offloading of the cryptographic operations from the main processor to the eSecure module guarantees a low power operation. The Security Enclave IP module is tuned to the target application in terms of feature and performance.

WE'VE GOT YOUR

SECURITY COVERED!

Get our Brochure

DOWNLOAD

Interested to know more about our solution?

Feel free to get in touch with us

FREE WHITEPAPER

LET'S MAKE RISC-V CONNECTED SYSTEMSSYNONYMOUS WITH SECURITY

SECURITY ENCLAVE IP BASED ON 

If you are designing systems based on a RISC-V architecture, for example to run highly connected applications, you want to include tight, future-proof security. Both for your customers’ experience and your reputation, you want to avoid a breach of security – leaking private data or even changing the functionality. Therefore, security should be part of the fabric of your system. 
Learn more about a security enclave solution ready to safeguard your processor and the applications it runs from malicious intrusion and manipulation.

DOWNLOAD

10F., No. 1, Sec. 3, Gongdao 5th Rd., East Dist. Hsinchu City, Taiwan R.O.C 300042
Tel: +886-3-5726533E-mail: sales@andestech.comWeb: www.andestech.com

Rue Emile Francqui 11,1435 Mont-Saint-Guibert, Belgium
Tel: +32 10 45 49 04E-mail: contact@silexinsight.comWeb: www.silexinsight.com

Andes Technology (TWSE: 6533; SIN: US03420C2089; ISIN: US03420C1099) was established in Hsinchu Science Park in 2005. Sixteen years in business and a founding Premier member of RISC-V International, Andes is a leading supplier of high-performance/low-power 32/64-bit embedded processor IP solutions, and a main force to take RISC-V mainstream. Andes’ fifth-generation AndeStar™ architecture (V5) adopted the RISC-V as the base. Its V5 RISC-V CPU families range from tiny 32-bit cores to advanced 64-bit cores with DSP, FPU, Vector, Linux, superscalar and/or multicore capabilities. The annual volume of Andes-Embedded SoCs has exceeded 2 billion since 2020 and continues to rise. 

Silex Insight is a recognized market-leading independent supplier of Security IP solutions for embedded systems.
 The security platforms and solutions from Silex Insight include flexible and high-performance crypto engines which are easy to integrate and an eSecure IP module that provides a complete security solution for all platforms. 
Developments take place at the headquarters near Brussels, Belgium.

Copyright © 2022. All rights reserved.