Contact Us

FortiTrust

Hardware Root of Trust

What Is FortiTrust?

FortiTrust provides a complete, high-assurance hardware Root of Trust (RoT) framework built on FortifyIQ’s intrinsically secure cryptographic engines. It delivers secure boot, key management, attestation, and lifecycle controls with exceptionally high PPA efficiency.

These fully customizable Roots of Trust are designed for a wide range of applications. They are hardened against side-channel and fault injection attacks, ensuring strong security even in highly constrained or hostile environments, or where insider attacks are a threat. The portfolio spans variants optimized for IoT, cloud, chiplets, balanced designs, and edge-AI, providing flexible integration and performance scaling to match system needs.

These fully customizable Roots of Trust are designed for a wide range of applications. They are hardened against side-channel and fault injection attacks, ensuring strong security even in highly constrained or hostile environments, or where insider attacks are a threat. The portfolio spans variants optimized for IoT, cloud, chiplets, balanced designs, and edge-AI, providing flexible integration and performance scaling to match system needs.

FortiTrust RoTs operate as a fully standalone Roots of Trust, and are also compatible with Caliptra for flexible integration. They support classical and post-quantum cryptography for secure key management and on-the-fly encryption. They deliver all of Caliptra’s security benefits while avoiding its practical drawbacks, such as the large area footprint, rigid configuration, and integration complexity of the reference implementation. They support Caliptra‑compliant integration flows while delivering outstanding PPA in the cryptography module, making the root of trust suitable for a wide range of devices and silicon designs.

FortifyIQ Differentiators for RoT

Caliptra‑compatible, delivering all the benefits of Caliptra while avoiding its overhead, with dramatically smaller area, simple per‑device configuration, and outstanding PPA
Security Boutique, including tuning for the device’s optimal PPA balance, and optional radiation-induced fault hardening for high-altitude systems. Customization is flexible up to tape-out.

Built on FortiCryptoBox cores (AES, HMAC, PKA, PQC)

Minimal area and power despite full-featured secure services

Compliance-ready, certifiable at the highest security levels, with full documentation supporting FIPS 140‑3, Common Criteria AVA_VAN.5, SESIP/PSA-class RoT requirements, and post-quantum readiness, streamlining audits and formal certification.

Configurable to customer requirements (boot modes, key hierarchy, PPA)

Soft-macro & node-agnostic

Validated high assurance in internal lab, via FortiEDA, showing robust resistance to side-channel and fault injection attacks

Unified API across software and hardware for AES, HMAC, ECC/RSA, and PQC, enabling seamless migration between SW and HW implementations without changing the security stack, preserving secure‑boot, attestation, key‑management, and lifecycle flow

Features

  • Secure boot and measured boot
  • Key generation, storage, and attestation
  • Lifecycle and debug control
  • Fault and side-channel-hardened cryptographic operations
  • Per‑device configurability, including PPA tuning and security parameter
  • Interface and API compatibility for SW HW migration

Use Cases

  • Automotive ECUs and domain controllers
  • Industrial control systems
  • Routers, gateways, and telecom equipment
  • Aerospace and satellite platforms
  • Consumer electronics requiring long-term trust

Available Products

FortiTrust Roots of Trust (HW)

Integration Simplicity

FortiTrust integrates as a modular RoT subsystem with standard interfaces, and can be tailored for different architectural requirements.

Certification & Assurance Readiness

Designed for FIPS 140-3/4, SESIP 5, and CC EAL6+ (AVA_VAN.5).

Why Choose FortifyIQ for RoT

FortiTrust is a compact, configurable Root of Trust, certifiable at the highest security levels, with best-in-class power, performance, and latency for both classical and post-quantum cryptography.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details