1. The Quest for Unforgeable IDs: Silicon’s Trust Challenge

Generating an unforgeable, unique identity for each piece of silicon—one that can be relied upon later —is one of the hardest problems in hardware security. It’s a challenging problem because mass manufacturing inherently produces identical items, making it difficult to imbue unique, unforgeable characteristics at scale.

Imagine trying to ensure a billion statues, all made from the same mold, have unique serial numbers inherently embedded during casting. You cannot achieve this uniqueness during casting without using unique molds for each statue. Such an approach contradicts the economics of mass manufacturing, which relies on identical molds. A common solution is to engrave serial numbers after casting. But if you do that, how do you prevent the engraver from compromising the system, perhaps by duplicating serial numbers or creating unauthorized statues? In this analogy, the engraver represents a potential vulnerability in the post-manufacturing provisioning process.

Physically Unclonable Functions (PUFs) can seem like a magical solution in hardware security. They promise to generate unique, device-specific secrets directly from the silicon’s physical variations, potentially eliminating the need for external key provisioning. This capability leads to the perception that PUFs can solve the critical security challenge of establishing a root of trust without needing to trust outsourced manufacturing facilities.

A common belief, therefore, is that PUFs offer a “trustless” method for establishing a root of trust. However, this view is often a misconception when considering the entire system implementation. This blog post will demonstrate that PUFs, while powerful security components, do not eliminate the need to trust the manufacturing process. In fact, the level of trust required remains significant, often comparable to traditional methods.

Why is trust in manufacturing facilities a critical concern? Modern System-on-Chip (SoC) manufacturing is globally distributed, relying on third-party foundries, assembly, and testing facilities. A critical trust issue arises because sensitive operations, such as handling root of trust keys, occur within these third-party facilities, beyond the direct control or visibility of the SoC vendors.

The risks are real: compromised equipment, insecure networks, and malicious insiders can all subvert key provisioning. A security breach at this level is catastrophic, affecting every device from the production line and being unfixable in software. Minimizing trust in these external facilities is therefore essential for device security.

2. Baseline Reality: The Legacy Approach to Secure Key Provisioning

Modern secure key provisioning generates cryptographic keys directly within the silicon. However, this does not eliminate the need to trust the manufacturing facility. The critical trust point merely shifts to firmware injection.

Here’s how modern secure key provisioning works and where trust remains:

• On-Chip Key Generation Firmware: Specialized firmware generates device-unique cryptographic keys within the SoC during manufacturing.
• Firmware Injection: This key generation firmware is loaded or “injected” into the SoC’s memory, often in the manufacturing facility.
• Key Generation Execution: The injected firmware executes, using an on-chip random number generator to create root of trust keys.
• Key programming: Generated keys are programmed into nonvolatile storage, such as one-time programmable (OTP) fuses, without the key ever leaving the chip and getting exposed externally.

These seem fine, but consider the point below about “Secure Injection Process”:

• Firmware Integrity: The injected firmware must be legitimate and secure. Compromised firmware can subvert device security.
• Hardware Security State During Execution: The hardware security state during manufacturing is often relaxed (e.g., debug enabled), creating a vulnerable execution environment for key generation firmware.

Despite mitigations like secure facilities, network isolation, and silicon roots of trust, modern secure key provisioning, even with on-chip key generation, still requires significant trust in manufacturing facilities. This trust centers on the integrity of the injected firmware and the security of the hardware execution environment during this process.

SoC vendors must deploy solutions to minimize this trust. The solutions may vary from renting a secure provisioning area within the manufacturing facility to elaborate architectures involving HSMs in manufacturing facilities. While the details of such solutions are beyond the scope of this blog, the key point is that such solutions must be deployed to minimize the trust in the manufacturing facility. This is the baseline solution that we should compare against a PUF-based provisioning solution.

3. The PUF Promise: A Path to Trustless Manufacturing?

Physically Unclonable Functions (PUFs) are claimed to reduce or eliminate the need to trust external manufacturing facilities for root secrets. PUFs generate device-unique secrets from random silicon variations.

The claimed advantage regarding manufacturing trust is:

• On-Device Key Generation: PUFs generate keys within the device, unlike traditional methods. This on-device generation is presented as bypassing sensitive key handling in external facilities.
• Eliminating Key Injection Trust: PUFs supposedly remove the trust point of secure key injection because keys are self-generated.
• Reducing Firmware Injection Trust: While some PUF setups use firmware, the key generation is intended to be hardware-intrinsic, reducing reliance on firmware security for the secret key.

PUFs promise to shift the root of trust to the silicon, away from the manufacturing facility. This is the core claim that makes PUFs appealing for a more trust-reduced root of trust in SoCs. However, as we will see below, system-level deployment reveals limitations to this claim.

4. Where the Myth Crumbles: PUFs, Public Keys, and Lingering Trust

PUFs are often used for public/private key pairs for device authentication. This is vital for devices proving identity to external entities. Let’s examine this use and the re-emergence of trust in manufacturing facilities.

The process is:

• PUF-Based Private Key Generation: PUFs generate a private key on-device during manufacturing, intended to remain secret.
• Public Key Derivation and Extraction: The public key is derived and extracted from the device during manufacturing.
• Public Key Distribution and Certification: The public key is transferred and often certified by a CA.
• Device Authentication: Devices use their private key (from the PUF) to sign challenges, verified by servers using the public key certificate.

Despite on-device private key generation, manufacturing facility trust remains comparable to secure provisioning.

Consider:

• Public Key Extraction - A Trust Point: Extracting the public key is a new trust point. The facility must extract the correct public key securely.
• Integrity of Public Key Distribution: The public key distribution to the device owner’s infrastructure must be secure.
• The “Phantom Device” Attack: A malicious actor could substitute an attacker-controlled public key during extraction. This allows “phantom devices” controlled by the attacker to impersonate legitimate devices.

Thus, even with PUF-based authentication, the promise of eliminating manufacturing trust fails. Critically, the types of solutions needed to minimize this trust—such as secure provisioning areas within the manufacturing floor or elaborate HSM-based architectures—are fundamentally similar to those required for the traditional on-chip key generation methods discussed earlier. Secure public key extraction and distribution, and protection against “phantom device” attacks, mean that the same manufacturing security mitigations remain crucial. Therefore, neither the risk of device impersonation nor the complexity of the required mitigation solutions are significantly reduced by using PUFs in this authentication context.

5. Conclusion: PUF - The Manufacturing Trust Myth Debunked

Physically Unclonable Functions are elegant technology, promising device-unique secrets from silicon, seemingly without manufacturing trust. However, security is a system-level property, not just a component feature. System-level PUF deployment reveals the reality: the promise of eliminating manufacturing trust does not materialize.

Despite PUF’s intrinsic security, the need for secure public key extraction and the “phantom device” attack demonstrate that PUFs do not eliminate manufacturing trust. The required trust level remains comparable to traditional secure key provisioning.

Therefore, the idea that PUFs bypass the need for manufacturing security is a myth. PUF deployment in complex SoCs does not remove the need for manufacturing security mitigations.

The question then is: If PUFs do not eliminate manufacturing trust, why use them in complex SoCs? The added complexity and cost become hard to justify if the fundamental trust issue persists.

This explains why complex, mass-market SoCs have not adopted PUFs widely for root of trust. PUFs are a security component, not a solution to manufacturing security. A comprehensive system-level security approach, actively mitigating manufacturing trust, remains essential for truly trustworthy SoCs.