HSM Silicon
Discrete security element with dedicated AES-256-GCM crypto engine operating at 10 Gbps. Active tamper-detection mesh. Key storage that never leaves the die. PCIe x4 and SPI host attachment. FIPS 140-3 Level 3 target.
HSM specifications
Bastionchip Platform
Security silicon designed from the die up
Three silicon layers — discrete HSM, confidential compute IP block, and secure boot engine — that hold the cryptographic trust boundary even when host firmware and hypervisor are hostile. Not a software abstraction. Not an FPGA. A purpose-designed ASIC.
Crypto Throughput
10 Gbps
Confidential Compute
TEE-enabling silicon IP block for SoC integration. Provides hardware-isolated execution environments immune to hypervisor-level adversaries. Generates signed attestation tokens that prove workload integrity to remote verifiers.
Architecture detailsSecure Boot & Attestation
Root-of-trust provisioning engine implementing a six-stage boot chain. Chains integrity from silicon ROM through bootloader, OS, and running workload. Remote attestation tokens anchor to PUF-derived device identity — no factory key injection required.
Boot chain details
Integration Profiles
Interface compatibility by product tier
| Interface / Feature | HSM Silicon | Confidential Compute | Secure Boot |
|---|---|---|---|
| PCIe x4 | ✓ | SoC-dependent | — |
| SPI | ✓ | ✓ | ✓ |
| I2C | ✓ | Control plane only | ✓ |
| USB host | Optional | — | — |
| UEFI driver support | ✓ | ✓ | ✓ |
| Linux 5.15+ driver | ✓ | ✓ | ✓ |
| Active tamper mesh | ✓ | IP block option | ✓ |
| PUF-derived identity | ✓ | ✓ | ✓ |
Compliance Targets
Designed with certification in mind from silicon to system
FIPS 140-3 Level 3
Target certification for the HSM die. Physical security, identity-based authentication, and tamper response requirements designed in RTL.
Common Criteria EAL 4+
Target evaluation assurance level. Threat model and protection profile aligned to PKI HSM and CC security IC requirements.
PCI-HSM
Design aligned to PCI Security Standards Council HSM v3.0 requirements for payment key management and PIN processing use cases.
NIST SP 800-193 (PRF)
Platform Resiliency Framework — secure boot chain design follows SP 800-193 guidance for platform firmware protection.
These are target certifications for the current silicon design cycle. Certification authority submissions are planned following first silicon characterization.
Integrate Bastionchip into your platform
Evaluation silicon available for qualified cloud, financial, and defense design programs. NDA-gated datasheet package on request.