FIPS 140-3 LEVEL 3 TARGET — OpenTitan-Based

FIPS 140-3 L3 Root-of-Trust IP.
Tape-out ready.

zeroRISC delivers a synthesizable RTL core — DICE attestation chain, OTP-backed lifecycle controller, fault-injection countermeasures — that OEM silicon architects drop directly into tape-out. Not a finished SoC, not a hosted service: a hard IP block your design team owns from RTL to GDS.

Request Datasheet Explore IP Core
FIPS 140-3 Level 3 Target OpenTitan Compatible
FIPS 140-3 Level 3 — design target
RTL Synthesizable Soft IP deliverable
DICE Full attestation chain included
OpenTitan Open-source silicon foundation
THE TAPE-OUT CHALLENGE

Writing a certified boot ROM from scratch takes years and costs millions.

OEM silicon architects integrating security into SoC designs face a grim choice: build a boot ROM and attestation chain from scratch (18–24 months, FIPS audit process alone) or source an unaudited soft-IP block that will fail certification review.

Neither is acceptable for production silicon.

See IP Core Details

zeroRISC solves this with a pre-certified, hardened OpenTitan root-of-trust block — tape-out ready, attestation chain included.

TIMELINE COMPARISON
Build from scratch
18-24 mo.
zeroRISC IP
8-10 wks.
IP DELIVERABLE

What ships with every license

Synthesizable RTL

Gate-level Verilog/SystemVerilog. Foundry-agnostic. Validated on TSMC 28nm, GF 22FDX, and SMIC 40nm node libraries.

Attestation Chain

DICE-compliant certificate chain. Device-unique identity provisioned at manufacturing. Boot-stage certificates verifiable end-to-end.

FIPS 140-3 L3 Validation

Designed against FIPS 140-3 Level 3. Cryptographic module validation documentation included in the license package. Eliminates the 18–24 month audit runway your team would otherwise need to budget.

Lifecycle Controller

OTP-backed state machine: DEV → PROD → LOCKED → RMA → EOL. Tamper-evident transitions with HMAC-authenticated commands.

Fault-Injection Resistance

Physical side-channel countermeasures: redundant logic paths, glitch detectors, randomized pipeline stalls, power analysis hardening.

Integration Package

AHB/AXI4-Lite bus interface, integration guide, DFT insertion hooks, synthesis constraints, and DV testbench infrastructure.

STANDARDS & COMPLIANCE

Designed against every major silicon security standard

FIPS
FIPS 140-3 Level 3 Cryptographic module physical security
DICE
DICE (DMTF) Device Identity Composition Engine
TPM
TPM 2.0 profile Trusted Platform Module attestation
NIST
NIST SP 800-193 Platform Firmware Resiliency
OT
OpenTitan v2.1 Open-source root-of-trust specification
ISO
ISO/SAE 21434 Automotive cybersecurity reference
View Standards Details
TAPE-OUT INTEGRATION

From RTL delivery to tapeout in under 10 weeks

01
RTL Delivery
Receive synthesizable Verilog package with foundry-specific timing constraints and DFT hook documentation.
02
Bus Integration
Connect attestation engine to SoC interconnect via AHB/AXI4-Lite bridge. Reference tie-off scripts included.
03
OTP Provisioning
Configure OTP memory map for lifecycle state machine. Provisioning test vectors provided.
04
Tapeout Sign-off
Run signoff DRC/LVS with pre-validated LEF/GDS abstract views. zeroRISC engineering reviews tapeout checklist.
4-step RTL integration flow: delivery, bus connection, OTP provisioning, tapeout sign-off
Dominic Rizzo, CEO and Co-Founder of zeroRISC
FOUNDED IN CAMBRIDGE

Built by the team that helped define OpenTitan

Dominic Rizzo and the zeroRISC team spent years inside hardware security research before founding zeroRISC in Cambridge, MA in 2022. The company's founding insight: the open-source OpenTitan root-of-trust specification is technically superior to proprietary alternatives — but OEM adoption stalls because bringing it through FIPS 140-3 certification is a multi-year engineering project.

zeroRISC does that once and ships the result as licensable RTL.

Dominic Rizzo
CEO & Co-Founder, zeroRISC
About the Company
TECHNICAL INSIGHTS

From the zeroRISC engineering team

FIPS 140-3 Level 3 certification for silicon root-of-trust IP — article cover
FIPS 140-3 Certification

FIPS 140-3 Level 3 Certification for Silicon Root-of-Trust IP: What OEMs Need to Know

FIPS 140-3 Level 3 imposes strict physical security requirements that most silicon IP vendors skip. We explain what the certification actually requires and how a pre-certified RTL block collapses the 18-month audit timeline.

Read article →
DICE attestation boot chain — UDS to application certificate hierarchy — article cover
DICE Attestation

Understanding the DICE Attestation Boot Chain: UDS, CDI Derivation, and Certificate Hierarchy

DICE establishes hardware-rooted identity through a layered certificate chain. We trace the full derivation from Unique Device Secret through CDI_0, CDI_1, to the application certificate.

Read article →
Silicon security lifecycle states: DEV, PROD, LOCKED, RMA, EOL — article cover
Lifecycle States OTP

Designing the Silicon Security Lifecycle: DEV, PROD, RMA, and EOL State Machine

The lifecycle state machine is the backbone of silicon security. Getting DEV-to-PROD locking wrong means field devices remain debuggable.

Read article →
View All Articles

Ready to integrate certified root-of-trust IP into your tape-out?

Request a datasheet or schedule a technical briefing with our IP integration engineers.

Request Datasheet Schedule Briefing