Embedded security for x86 microprocessors

Transmeta Corporation has received first silicon for its Crusoe TM5800 processor with new, proprietary security technologies.

Transmeta Corporation has received first silicon for a Crusoe TM5800 processor with new, proprietary security technologies.

The new technologies include secure hidden storage of confidential information, encryption acceleration and a flexible processor architecture that can easily be extended to support new features and industry standards, such as the Advanced Encryption Standard (AES).

Providing secure storage of certificates and keys used for the authentication or encryption of confidential data for wired and wireless transmissions is a critical challenge facing the computer industry and end users. The storage of such information must be tamper-resistant. Current solutions, such as Smart Cards and the Trusted Computing Platform Alliance’s (TCPA) Trusted Platform Module (TPM), are external components that add cost and increase both design complexity and system space requirements.

Transmeta’s new security technologies will provide interfaces to the Crusoe architecture that enable both runtime and persistent, secure storage of certificates, keys, and eventually, other confidential information. These storage facilities are within the Crusoe architecture and thus invisible to the x86 space.

Transmeta’s Crusoe processors will also feature a hardware acceleration engine for commonly used symmetric key encryption algorithms such as the Data Encryption Standard (DES), DES-X and Triple-DES. Triple-DES is an encryption algorithm approved by the United States National Institute of Standards and Technology (NIST) for the protection of government data, but is not commonly used to protect sensitive data in commercial applications due to its slow performance when implemented in software. Transmeta claims that its encryption acceleration should alleviate this bottleneck.

Transmeta’s hardware support for DES, DES-X and Triple-DES is designed to accelerate security applications such as file and disk data encryption and the Internet Protocol Security (IPSec) algorithm commonly used in Virtual Private Networks (VPNs) to secure both wired and wireless data transmissions.

Transmeta will provide interfaces to this hardware encryption engine via cryptographic instructions that are an extension to the x86 instruction set architecture. Named the Transmeta Security Extensions (TSX), these instructions will support key preparation and the DES, DES-X and Triple-DES ciphers. TSX instructions allow programmers to use Transmeta’s encryption acceleration hardware when protecting data.

The technology for providing secure data storage that is invisible to the x86 space can also be extended to hide the operations on such data and could in the future hide entire algorithms and intellectual property from the x86 world.

The new silicon will be available in the second half of 2003.

On the web