Security Posture

FIPS 140-3 compliance architecture visualization

Hardware security properties

Built-in assurance, not add-on compliance

Bastionchip security properties derive from physical hardware primitives established at wafer fabrication. They cannot be removed by software update, firmware patch, or supply-chain substitution.

Physical tamper evidence

The Bastionchip ASIC package incorporates active tamper-detection mesh layers. Mechanical penetration attempts trigger zeroization of volatile key material. The chip certifies its own tamper state via the ROM-anchored attestation path — no external sensor or audit log can be falsified.

Immutable ROM key anchor

Each chip's attestation signing key is fused into read-only ROM at manufacturing time using a one-time programmable (OTP) process. The key never enters writeable storage, is not accessible via any bus interface, and cannot be overwritten by firmware updates at any point in the device lifetime.

Side-channel resistance

All cryptographic operations inside the Bastionchip secure enclave use hardware accelerators written in synthesizable RTL with no shared-register paths to general-purpose logic. ECDSA P-384 signing executes in constant time, 18 microseconds, regardless of key material — eliminating the Spectre/Meltdown-class timing-oracle surface present in software TEE implementations.

Certification roadmap

Compliance targets

Bastionchip is a seed-stage company in active integration testing. Certifications listed below are roadmap targets, not current awards. We disclose this clearly because regulated buyers require accurate procurement data.

Target

FIPS 140-3 Level 3

NIST Federal Information Processing Standard for cryptographic module security. Level 3 requires tamper evidence, identity-based authentication, and physical mechanisms to resist side-channel attacks. Bastionchip's PUF architecture and enclave design are engineered specifically for Level 3 evaluation. Certification laboratory engagement planned for H2 2025.

Target

Common Criteria EAL4+

International standard for IT product security evaluation. EAL4+ (Augmented) is required by many government and defense procurement programs. The Bastionchip ROM key anchor and hardware attestation flow map to the Security Target protection profiles for hardware security modules. CC evaluation timeline is post-FIPS, estimated 2026.

Aligned

NIST SP 800-90B Entropy

NIST Special Publication 800-90B governs entropy source requirements for random bit generators used in cryptographic key generation. Bastionchip's masked PUF architecture was validated against SP 800-90B entropy thresholds across temperature cycling during FPGA prototype testing, achieving 99.97% reliability. Full entropy certification to follow FIPS engagement.

Monitoring

FedRAMP HSM Requirements

Federal Risk and Authorization Management Program mandates FIPS 140-2 Level 1 or higher for key management systems in cloud federal deployments; agencies with higher-classification workloads often specify Level 3. Bastionchip's FIPS 140-3 Level 3 roadmap is designed to satisfy FedRAMP and DISA requirements for hardware-backed key protection in confidential compute workloads.

Manufacturing provenance

Supply-chain attestation model

Hardware security is only as strong as the manufacturing provenance chain. A chip that can be substituted or modified between foundry and customer breaks every property the design claims to provide.

Bastionchip's attestation architecture establishes cryptographic proof of chip authenticity that survives the entire post-fabrication supply chain — from TSMC wafer through packaging, test, and shipment to the customer's data center.

Wafer-level PUF enrollment — During wafer fabrication at TSMC 16nm, each die's physically unclonable function is measured and enrolled into Bastionchip's offline root certificate authority database. The PUF response is never transmitted — only the derived key handle is recorded.

ROM key fusing — Immediately after wafer test, the per-chip attestation signing key pair is generated on-chip and the public key is fused into OTP ROM. The private key never leaves the chip boundary. Fusing occurs in a controlled HSM facility under dual-operator control.

Shipment attestation packet — Each Bastionchip shipped to a customer is accompanied by a signed attestation packet covering serial number, PUF enrollment certificate, and ROM key public key — all countersigned by Bastionchip's offline root CA. Customers can verify this packet independently before board assembly.

Runtime re-attestation — At every power-on cycle, the chip re-derives its identity from the PUF response and signs a freshness nonce with the ROM-fused key. Relying parties verify this remote attestation against the enrollment database without trusting the host OS, hypervisor, or any software stack.

Responsible disclosure

Security vulnerability reporting

Bastionchip welcomes responsible disclosure from security researchers and academic groups studying hardware security modules, PUF architectures, side-channel analysis, and attestation protocols.

We treat reports seriously and commit to acknowledging receipt within 48 hours and providing a triage determination within 10 business days. We do not pursue legal action against researchers acting in good faith under a responsible disclosure model.

For design-partner and integration-partner security contacts working under NDA, a separate encrypted channel is available upon request.

Disclosure contact

[email protected]

Include subject line: [SECURITY] followed by a brief description. PGP key available on request. We aim to acknowledge within 48 hours, triage within 10 business days.

Procurement evaluation

Evaluating Bastionchip for a regulated deployment?

Send a brief description of your compliance requirements — FIPS level, TEE environment, key management architecture — and the engineering team will follow up with a detailed evaluation guide.