<<However, an NXP security expert said that the root-of-trust function ideally should be implemented in a standalone chip, a practice that high-security systems use. The trend of integrating the function into larger chips helped save costs, but it was a step backward in security, said Sami Nassar, vice president of cybersecurity solutions at NXP Semiconductors.
“The security execution environment and the root of trust should be outside the main processor … you don’t want to mix security and general processing,” he said. “It’s not complicated to [isolate the two], and it doesn’t add much cost, but people cut corners, and it’s proven to be a weak model.”>>
If Rambus can effectively "silo" the security as part of the processor (and not in
a standalone chip), that's a big deal when it comes to IoT. That's because in IoT
cost becomes critical.
To me, it looks like NXP doesn't like this announcement from Rambus. In my view,
Rambus' "siloing" isn't a "weak model" at all - it's a necessary model when it comes
to IoT. But, of course, it has to work well and the independent IDC thinks that it does:
Bret Sewell, SVP and general manager of the Rambus Security Division, spoke to the key attributes of the division’s new secure coprocessor: “The fundamental pillars of architectural design freedom, secure processing siloed away from general processing, and layered security with a root of trust designed for multiple security layers, are unique to the CryptoManager Root of Trust design and enable easy implementation with the highest levels of protection. The CryptoManager Root of Trust also embeds features that enable semiconductor manufacturers and device OEMs to insert hardware keys, and enables IoT service providers to manage IoT endpoints throughout their lifecycle in the field.”
IDC research director for IoT Security, Abhi Dugar, noted, “The semiconductor industry faced some of its biggest security issues this year with recent vulnerabilities, and the potential to encounter additional security flaws will not go away any time soon as more IoT devices enter the market. To address existing and new threats, establishing trust at the hardware level will be critical, and a secure siloed core can help ensure that this new generation of devices can be protected from security flaws.”>>