Bastionchip Engineering Notes

Bastionchip Engineering Notes https://bastionchip.com/blog/ Technical writing from the Bastionchip team on HSM design, confidential compute architecture, PUF entropy, and cryptographic hardware. en-us Tue, 09 Dec 2025 00:00:00 +0000 Crypto Agility in Hardware: Preparing for Post-Quantum Migration https://bastionchip.com/blog/articles/crypto-agility-post-quantum.html How to design silicon that supports algorithm migration — and why Kyber-768 in hardware is only half the story. Tue, 09 Dec 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/crypto-agility-post-quantum.html PCB Integration Guide for Discrete HSM Silicon https://bastionchip.com/blog/articles/hsm-pcb-integration-guide.html Layout, power sequencing, and interface design notes for integrating the Bastionchip HSM die on a host PCB. Tue, 28 Oct 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/hsm-pcb-integration-guide.html What Confidential VM Deployments Actually Require from Silicon https://bastionchip.com/blog/articles/confidential-vm-silicon-requirements.html Looking at the hardware requirements for confidential VMs beyond the TEE spec — attestation, memory encryption, and side-channel isolation. Tue, 02 Sep 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/confidential-vm-silicon-requirements.html Active Tamper-Mesh Architecture for Custom Security ICs https://bastionchip.com/blog/articles/tamper-mesh-design.html Design considerations for active metal tamper meshes: material choice, mesh density, response time, and false-positive rate management. Tue, 15 Jul 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/tamper-mesh-design.html FIPS 140-3 Level 3 Target: What It Means for Silicon Design https://bastionchip.com/blog/articles/fips-140-3-path.html A walk through the FIPS 140-3 Level 3 requirements relevant to custom security silicon — physical security, software security, and the CMVP submission process. Tue, 03 Jun 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/fips-140-3-path.html Building a Verifiable Attestation Chain for Confidential Cloud Workloads https://bastionchip.com/blog/articles/attestation-chain-cloud.html How hardware attestation tokens chain from silicon die through hypervisor to running workload — and why each link matters. Tue, 22 Apr 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/attestation-chain-cloud.html TEE vs. Discrete HSM: Choosing the Right Hardware Trust Boundary https://bastionchip.com/blog/articles/tee-vs-hsm-tradeoffs.html A practical architecture guide for cloud and embedded teams deciding between TEE-in-SoC and discrete HSM silicon for key custody. Tue, 11 Mar 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/tee-vs-hsm-tradeoffs.html Why Physical Unclonable Functions Beat Factory Key Injection https://bastionchip.com/blog/articles/puf-entropy-silicon.html An examination of PUF entropy sources in custom silicon and why they eliminate the factory provisioning attack surface entirely. Tue, 28 Jan 2025 00:00:00 +0000 https://bastionchip.com/blog/articles/puf-entropy-silicon.html