PUFrt-based secure storage supports XIP
PUFflash is an embedded Flash that has been integrated with a hardware root of trust (HRoT) PUFrt. For systems with an existing embedded NVM solution, replacing it with PUFflash is a seamless way to add in the security of a RoT, while simultaneously upgrading the protections of the eFlash.
With real-time encryption/decryption based on the unique randomness built into each on-board PUF, PUFflash supports execution in place (XIP) while offering secure data-at-rest protection for sensitive code and data.
An optional error correction code (ECC) can be implemented with the embedded Flash as well, further guaranteeing data stability over the lifetime of the system.
A standard APB slave control module allows for easy drop-in integration of PUFflash for systems that already support ARM’s peripheral bus protocol. By unifying both PUFrt and Flash under the APB, system integrators can work with a familiar interface to execute the various RoT and embedded Flash functions of PUFflash.
PUFflash is an integrated, secure embedded Flash solution built from adding an embedded Flash to PUFrt:
PFTC: APB interface, unifying the eFlash and PUFrt control interfaces
AXI interface for direct, burst access to eFlash array
PUFkeyst: Mass production OTP with built-in instant hardware encryption
PUFuid: Four sets of hardware fingerprint with the ability to act as a unique private key, UID, or root key
PUFtrng: A high-quality true random number generator
eFlash: Embedded NVM, protected using PUF-derived entropy
Comprehensive anti-tamper circuitry and countermeasures
In addition to all of the RoT applications supported by PUFrt, PUFflash adds the following:
Boot code storage and OTA updates
General code storage with XIP capability and data-at-rest protection