CRYPTOCELL — ARM TrustZone CryptoCell 310

ARM® TrustZone® CryptoCell 310 (CRYPTOCELL) is a security subsystem which provides Root of Trust (RoT) and cryptographic services for a device. CryptoCell services are available to the application through a software library API, not a hardware register interface.

Figure 1. Block diagram for CRYPTOCELL

The following cryptographic features are provided:

  • FIPS-140-2 certified True random number generator (TRNG)
  • RSA asymmetric encryption
    • Up to 2048 bit key size
    • PKCS#1 v2.1/v1.5
    • Optional CRT support
  • Elliptic curve cryptography (ECC)
    • NIST FIPS 186-4 recommended curves using pseudo-random parameters, up to 521 bits:
      • Prime field: P-192, P-224, P-256, P-384, P-521
    • SEC 2 recommended curves using pseudo-random parameters, up to 521 bits:
      • Prime field: P-160, P-192, P-224, P-256, P-384, P-521
    • Koblitz curves using fixed parameters, up to 256 bits:
      • Prime field: P-160, P-192, P-224, P-256
    • Edwards/Montgomery curves:
      • Ed25519, Curve25519
    • ECDH/ECDSA support
  • Secure remote password protocol (SRP)
    • Up to 3072 bit operations
  • Hashing functions
    • SHA-1, SHA-2 up to 256 bit size
    • Keyed-hash message authentication code (HMAC)
  • AES symmetric encryption
    • General purpose AES engine (encrypt/decrypt, sign/verify)
    • 128 bit key size
    • Supported encryption modes: ECB, CBC, CMAC/CBC-MAC, CTR, CCM/CCM*
  • ChaCha20/Poly1305 symmetric encryption
    • Supported key size: 128 and 256 bits
    • Authenticated encryption with associated data (AEAD) mode


ARM® TrustZone® CryptoCell 310 (CRYPTOCELL) supports a number of cryptography standards.

Table 1. CryptoCell cryptography standards
Algorithm family Identification code Document name
TRNG NIST 800-90B1 Recommendation for the entropy sources used for random bit generation
AIS-31 Functionality classes and evaluation methodology for physical random number generators
PRNG NIST 800-90A Recommendation for random number generation using deterministic random bit generators
Stream cipher Chacha "ChaCha, a variant of Salsa20", Daniel J. Bernstein, January 28th 2008
MAC Poly1305

"The Poly1305-AES message-authentication code", Daniel J. Bernstein

"Cryptography in NaCl", Daniel J. Bernstein

Key agreement SRP "The Secure Remote Password Protocol", Thomas Wu
AES FIPS-197 Advanced Encryption Standard
NIST SP 800-38A Recommendation for block cipher modes of operation - methods and techniques
NIST SP 800-38B Recommendation for block cipher modes of operation: The CMAC mode for authentication
NIST SP 800-38C Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality
ISO/IEC 9797-1 AES CBC-MAC per ISO/IEC 9797-1 MAC algorithm 1
IEEE 802.15.4-2011 Low-Rate Wireless Personal Area Networks, Annex B.4: Specification of generic CCM* mode of operation
Hash FIPS 180-3 Secure Hash Standard (SHA1, SHA-224, SHA-256, SHA-512)
RFC2104 HMAC: Keyed-hashing for message authentication
RSA PKCS#1 RSA cryptography standard v1.5/v2.1
Diffie-Hellman ANS X9.42 Agreement of symmetric keys using discrete logarithm cryptography
PKCS#3 Diffie-Hellman key agreement standard
ECC ANS X9.63 Public Key cryptography for the financial services industry, key agreement and key transport using Elliptic Curve Cryptography
IEEE 1363 Standard specifications for public key cryptography
ANS X9.62 Public key cryptography for the financial services industry, the Elliptic Curve Digital Signature Algorithm (ECDSA)
Ed25519 Edwards-curve, "High-speed high-security signatures", Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang
Curve25519 Montgomery curve, "Curve25519: new Diffie-Hellman speed records", Daniel J. Bernstein
FIPS 186-4 Digital Signature Standard (DSS)
NIST SP 800-56A rev. 2 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
General FIPS 140-2 Security requirements for cryptographic modules

Control interface

Power and clock are by default gated off from the CryptoCell subsystem and must be enabled prior to using the CryptoCell firmware. Device specific secrets are retained in the Always-On (AO) power domain, even when the CryptoCell is disabled.

Important: CryptoCell provides support for performing internal clock gating in order to optimize the power consumption based on the operation modes. This internal clock management is handled transparently by the CryptoCell firmware, but in order to minimize the power consumption it is highly recommended to also manually disable CryptoCell when not in use.


Table 2. Instances
Base address Peripheral Instance Description Configuration

CryptoCell subsystem control interface

Table 3. Register Overview
Register Offset Description
ENABLE 0x500

Control power and clock for ARM CryptoCell subsystem



Address offset: 0x500

Control power and clock for ARM CryptoCell subsystem

Bit number 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Id                                                               A
Reset 0x00000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Id RW Field Value Id Value Description



Enable or disable the CryptoCell subsystem




CryptoCell subsystem disabled




CryptoCell subsystem enabled

When enabled the CryptoCell subsystem can be initialized and controlled through the CryptoCell firmware API


Electrical specification

CryptoCell 310 Electrical Specification

Symbol Description Min. Typ. Max. Units

CryptoCell subsystem disabled. Regulator = DC/DC, VDD = 3 V.

1.5 µA

CryptoCell subsystem enabled. Regulator = DC/DC, VDD = 3 V.

0.8 mA
1 This standard is still marked as draft.

Documentation feedback | Developer Zone | Updated 2016-12-05