Bastionchip designs hardware security modules and confidential-compute silicon for cloud infrastructure, financial services, and defense OEM platforms. Trust starts at the die.
Discrete security IC with dedicated AES-256-GCM hardware pipeline, active tamper-detection mesh wired to zeroize logic, and 128 hardware-protected key slots that never appear on any external bus. PCIe x4 and SPI host attachment. FIPS 140-3 Level 3 target.
HSM specificationsTEE-enabling silicon IP block for SoC integration. Enclave memory encrypted in silicon, per-enclave key management in hardware, signed attestation tokens anchored to PUF device identity. Isolation holds under hypervisor compromise — not a software boundary.
Architecture detailsSix-stage boot chain from immutable silicon ROM to running OS, with PCR extension at each stage. Remote attestation token binds the full measurement chain to PUF device identity — no factory key injection, no software trust required on the host.
Boot chain detailsHardware-attested confidential VMs and TEE-backed key management for hyperscale and sovereign cloud deployments. Keys stay in silicon on each host — no network HSM latency, no hypervisor trust boundary.
Cloud infrastructure detailsSilicon-native key custody designed for FIPS 140-3 Level 3 and PCI-HSM requirements. Core banking master key storage, PIN block encryption, and digital asset custody — without the centralized failure surface of network HSM appliances.
Financial services detailsITAR-aware design process, sub-nanosecond zeroize response, and post-quantum crypto agility for long-lifecycle embedded platforms. Industrial temperature grade. NDA-first evaluation for sensitive programs.
Defense & OEM detailsEvery Bastionchip die ships with an active tamper-detection mesh wired to zeroize logic. Physical Unclonable Functions seed a 256-bit device root key that never traverses external buses. The crypto engine handles AES, SHA-3, and ECDSA operations in hardware — no firmware-accessible key registers.
View Architecture
An examination of PUF entropy sources in custom silicon and why they eliminate the factory provisioning attack surface entirely.
Read post
Design considerations for active metal tamper meshes: material choice, mesh density, response time, and false-positive rate management.
Read post
How to design silicon that supports algorithm migration — and why Kyber-768 in hardware is only half the story.
Read postWe work with a small number of design partners at a time: cloud KMS teams, payment processor security architects, and defense OEM integrators. If your key custody architecture needs hardware-rooted trust that a network appliance or software KMS cannot provide, let's talk.
