FIPS 140-3, OpenTitan architecture, DICE attestation, lifecycle state machines, and physical attack countermeasures — written by the engineers building the IP.
FIPS 140-3 Level 3 imposes strict physical security requirements that most silicon IP vendors skip. We explain what the certification actually requires, why Level 3 matters for OEM tape-out, and how a pre-certified RTL block collapses the 18-month audit timeline.
From RTL delivery to GDS sign-off, integrating an OpenTitan-based root-of-trust into an OEM SoC tape-out takes 8–10 weeks if you know the pitfalls. This guide walks through the bus integration, OTP memory map configuration, and tapeout checklist items your team will face.
DICE establishes hardware-rooted identity through a layered certificate chain. We trace the full derivation from Unique Device Secret through CDI_0, CDI_1, to the application certificate — and explain what each stage proves to a remote verifier.
EMFI, laser fault injection, voltage glitching, and differential power analysis are practical attacks against silicon cryptographic modules. We survey the countermeasure techniques a production-grade root-of-trust IP block must implement to reach FIPS 140-3 Level 3.
The lifecycle state machine is the backbone of silicon security. Getting DEV-to-PROD locking wrong means field devices remain debuggable. We explain how OTP-backed state persistence and tamper-evident lifecycle architecture prevent the most common production security failures.
New articles cover FIPS 140-3 updates, DICE attestation, and OpenTitan integration notes. Contact us to be notified when new technical content is published.