Bedrock Secure Processor
Protect Weapon Systems Data
Bedrock is a purpose-built secure processor designed to fulfill U.S. Anti-Tamper and Cyber Survivability requirements to protect weapon systems containing Critical Program Information (CPI) and Classified Data. Bedrock security, performance, and form factor allow for broad applicability for securing commercial circuit cards and U.S. government weapon systems.
The Bedrock ASIC has two primary use cases:
Root of Security: When equipped with Idaho Scientific’s Keystone software, Bedrock operates as a Root of Security that can securely boot and extend security to an Intel x86 device. This enables weapons systems to deploy high performance Intel x86 processors by overcoming the physical and cyber vulnerabilities in these commercial-grade devices. To that end, Bedrock was specially designed to fulfill the role of a baseboard management controller and provide advanced security features to the compute and payload modules developed in OpenVPX, ComExpress, and other ruggedized formfactors.
General Purpose Embedded Secure Processor: Bedrock is equipped a secure boot, environmental sensors, hardware-based cryptography along with an embedded-class, 64-bit, quad-core, RISC-V processor. This dual-issue, multi-core system can support popular embedded operating system like Linux, VxWorks, and FreeRTOS. Bedrock is suitable for directly processing critical program information and classified data in support of size, weight, and power (SWAP) constrained weapons systems. In addition, Bedrock contains two eFPGA fabrics to allow for custom designs and security IP to be integrated into the device.
Benefits of Bedrock
Benefits |
Features |
Deliverables |
|
Insanely Fast Boot Time: Ideal for tactical applications that require minimal time to ready (TTFS, TMR)
Save SWAP, improve security: Board management logic is simplified, protection now extends to pre-boot
Flexibility: EFPGA fabric to allow for users to add custom logic or integrate IP. The use case allows for extending the security of the device to package and higher level assemblies.
Incorporates state of the art in commercial and defense security: Hardware-based cryptography (including PQC algorithms), environmental sensors, and secure boot.
Zero Trust Enablement: Provides a cryptographically secure platform for running a device’s trusted computing base, which is integral to ZT implementations
Transparent to User/Developer: Maintains compatibility with existing software design and development practices, requiring minimal modification to the compilation process
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly
|
Lower Power Domain: (<3 Watts in reduced power mode)
Full Power Domain: (<10 Watts)
Programable I/O options available via LPD and FPD eFPGA:
Positive Control: Just-in-time cryptographic verification for instructions and data within the processor’s memory subsystem to ensure only genuine and unaltered software executes.
Software Exploitation and Remote Code Execution Prevention: Strict separation between instructions and data with unique instruction and data keys, prohibiting the CPU from consuming malicious instructions that were generated at run-time from memory corruption and other software exploits. Memory Encryption and Authentication: Software is protected at-rest, in-transit, and during use in all off-chip components. |
Hardware Root of Security supporting DIW Anti-Tamper and Cyber Security requirements
Extension of Security to x86 processors
Hardware Security Module targeting NSA type-1 Data-at-rest and Cross Domain Solutions
Baseboard Management Controller
Intelligent Platform Management Controller (VITA 46.11)
Secure general-purpose embedded processor |
Frequently Asked Questions (FAQs)
Compatibility
Does Bedrock support low SWAP-C applications?
Yes, Bedrock is built in a low-power, 12nm FinFet process. The core clock is scalable to the application and Bedrock employs low- and full-power islands to help reduce standby power requirements.
What kind of software can Bedrock Run?
Bedrock can run quad-core Symmetric Multi-Processing (SMP) workloads as Bare Metal, FreeRTOS, VxWorks, or Linux based applications.
What software development tool are supported by Bedrock?
Bedrock is fully complaint with the RISC-V RV64G ISA. Idaho Scientific recommends using a suitable open-source compiler like GNU GCC like those available in Linux and with VxWorks.
Security
Which encryption algorithms are available for use in Bedrock?
Bedrock includes a full implementation of NSA’s CNSA 2.0 with mitigations against SPA, DPA, and fault injection.
Who generates the keys used by the Bedrock HPS?
Idaho Scientific provides the software “Packager” utility, allowing the OEM or end customer to generate and manage their own cryptographic keys.
Performance
What kinds of performance can you expect from Bedrock?
The 64-bit RISC-V processor in Bedrock’s low power domain is capable of running at 500 MHz. This equates to 1000MIPS. The Helios Processing System (HPS) within Bedrock’s full power domain is a quad-core 64-bit RISC-V processor. This processor is capable of up to 2 Instructions per cycle per core at 800 MHz core clock frequency. This equates to 6400MIPS.
Idaho Scientific, now part of General Dynamics Mission Systems, specializes in embedded security with a proven track record of solving the hardest cybersecurity, supply chain integrity and anti-tamper problems with novel and scalable solutions.
