As the semiconductor industry pivots from monolithic System-on-Chip (SoC) designs toward modular, heterogeneous chiplet architectures, the fundamental principles of hardware security are undergoing a radical transformation. In a monolithic environment, security is traditionally anchored in a single, centralized Root of Trust (RoT) that governs all cryptographic material and policy enforcement. However, the move toward disaggregated silicon—where multiple dies from various vendors are integrated into a single package—shatters this centralized model, necessitating a new, platform-level security paradigm where identity, trust, and communication must be verified at every intersection of the silicon fabric.
The transition to chiplets is driven by the diminishing returns of Moore’s Law and the escalating costs of manufacturing large, monolithic dies on leading-edge process nodes. By breaking a large design into smaller "chiplets," manufacturers can improve yields, mix different process nodes (such as using 3nm for compute and 7nm for I/O), and accelerate time-to-market. Yet, this modularity introduces significant security vulnerabilities. Each chiplet represents a potential entry point for attackers, and the interconnects between them—once protected within the internal circuitry of a single die—are now critical frontiers that require robust authentication and encryption.
The Evolution of Hardware Identity: Beyond the Single Root of Trust
In the legacy monolithic model, the device identity was synonymous with the identity of the entire chip. In the chiplet era, this is no longer sufficient. Every security-relevant chiplet within a package must possess its own unique, verifiable identity. This ensures that the "Main Security Chiplet" (often the primary compute die or a dedicated security manager) can distinguish between a genuine component and a malicious or counterfeit insert.
Industry experts, including those at Rambus Security IP, have identified two primary provisioning patterns that have emerged to address this challenge. These patterns allow for the establishment of a "Chain of Trust" that extends from the manufacturing floor to the end-user’s deployment environment.
Provisioning Pattern A: Externally Provisioned Certificate-Based Identity
The first model relies on traditional Public Key Infrastructure (PKI). In this scenario, each subordinate chiplet is provisioned with device-unique key material during a controlled manufacturing process. A certificate is then issued, chaining the chiplet’s identity back to the vendor’s root certificate.
This approach is highly effective for multi-vendor ecosystems. For instance, if a high-performance AI accelerator utilizes a compute chiplet from Vendor A and an HBM (High Bandwidth Memory) controller from Vendor B, the platform’s central security controller can be pre-loaded with the public keys of both vendors. This allows the system to evaluate credentials against a rigorous platform policy, checking for authorized product IDs, security version numbers, and revocation status. This model is favored by organizations that already maintain robust PKI-backed services and require explicit lifecycle management and traceability throughout the supply chain.
Provisioning Pattern B: Silicon-Derived Identity via PUFs
The second model leverages the inherent physical properties of the silicon itself, often through Physical Unclonable Functions (PUFs). Instead of injecting a key from the outside, the chiplet self-generates its root key material by sensing microscopic variations in its own transistors. From this unique "silicon fingerprint," the chiplet derives operational keys and generates its own public key pairs.
The primary advantage of this silicon-derived identity is that the underlying root secret never leaves the die, significantly reducing the risk of key theft during the logistics and assembly phases of the supply chain. In this model, the platform performs a "local enrollment" where the Main Security Chiplet validates the new component through an authenticated onboarding step, binding the chiplet’s identity into a platform-controlled trust database. This simplifies the manufacturing process for certain classes of chiplets while maintaining a high security bar.
Chronology of the Shift Toward Chiplet Standardization
The shift toward these security models did not happen in a vacuum. It is the result of a decade-long evolution in semiconductor integration:
- 2010-2015: The rise of 2.5D packaging, primarily for high-end GPUs and FPGAs, begins to prove the viability of multi-die integration. Security remains largely proprietary and vendor-locked.
- 2017-2019: AMD introduces the Zen architecture, popularized by the EPYC and Ryzen processors, demonstrating the commercial success of a chiplet-based approach for mass-market CPUs.
- 2020-2021: Industry consortia recognize that the lack of standardized die-to-die (D2D) communication protocols is a bottleneck. Work begins on the Universal Chiplet Interconnect Express (UCIe).
- 2022-2023: The UCIe 1.0 and 1.1 specifications are released, providing a standardized physical and link layer for chiplet communication. Security becomes a focal point, with the integration of the Security Protocol and Data Model (SPDM).
- 2024 and Beyond: The focus shifts to "Platform-Level Security," where identity management, orchestrated secure boot, and runtime monitoring become the standard requirements for AI accelerators, automotive SoCs, and data center processors.
Data-Driven Insights: The Economic Stakes of Hardware Security
The urgency of implementing these security patterns is underscored by the rapid growth of the chiplet market. According to recent industry reports, the global chiplet market is projected to grow from approximately $6.5 billion in 2023 to over $135 billion by 2030, a compound annual growth rate (CAGR) of over 40%.
As the market expands, so does the attack surface. A report from the Hardware Security Alliance suggests that hardware-level vulnerabilities have increased by 25% annually over the last three years. In sectors like automotive, where a modern vehicle may contain over 1,000 chips, a single compromised chiplet in an Advanced Driver Assistance System (ADAS) could have catastrophic consequences. The cost of a hardware recall in the automotive sector can exceed $1 billion, providing a powerful economic incentive for "secure-by-design" chiplet architectures.
Orchestrating Secure Boot in a Distributed System
One of the most complex challenges in a chiplet-based system is the orchestration of the boot process. In a monolithic chip, the boot sequence is linear and controlled by a single internal state machine. In a chiplet system, boot integrity becomes a distributed problem. If even one chiplet runs untrusted or malicious firmware, it can serve as a covert channel for data exfiltration or a Direct Memory Access (DMA) attacker, potentially bypassing the security measures of the rest of the platform.
A scalable security model requires an orchestrated secure boot process. This involves the Main Security Chiplet acting as a "Platform Root of Trust." It must:
- Verify the identity of every chiplet in the package.
- Challenge each chiplet to provide a cryptographic measurement of its loaded firmware.
- Compare these measurements against a signed "Golden Manifest" provided by the platform integrator.
- Only enable the interconnects and data paths once all components are verified to be in a known-good state.
This holistic approach ensures that the multi-die chip produces a coherent statement of integrity, representing the security state of the entire system rather than just the primary die.
Securing Die-to-Die (D2D) Communication
Once the system has booted securely, the ongoing communication between chiplets must be protected. Protecting the interconnect is no longer just about ensuring signal integrity; it is about binding communication sessions to authenticated identities.
Industry standards like the Security Protocol and Data Model (SPDM) are now being integrated into die-to-die protocols such as UCIe and CXL (Compute Express Link). These standards enable:
- Mutual Authentication: Ensuring that Chiplet A and Chiplet B have verified each other’s identities before exchanging data.
- Session Key Agreement: Establishing ephemeral encryption keys that protect data in transit across the interposer or substrate.
- Integrity Protection: Ensuring that data has not been tampered with or replayed by an attacker positioned on the interconnect.
The philosophy here is clear: secure links must be the consequence of a trust decision. Encryption without identity is insufficient, as it only protects the "what" and not the "who."
Lifecycle Security and the Challenge of Revocation
The operational complexity of chiplet systems extends throughout their entire lifecycle. Unlike a monolithic chip that is generally static once it leaves the factory, a chiplet platform may undergo multiple firmware updates across different domains and from different vendors. This creates a risk of "version skew," where mismatched security versions create unforeseen vulnerabilities.
Centralized lifecycle governance is therefore essential. This includes robust revocation mechanisms. If a vulnerability is discovered in a specific version of an AI accelerator chiplet’s firmware, the platform authority must have the ability to revoke that chiplet’s identity or block it from communicating with the rest of the system until it is patched. In high-value markets like cloud infrastructure and AI, where the incentive to attack is high and the operational life of the hardware is long, these lifecycle controls are not optional extras—they are fundamental requirements for maintaining a defensible security posture.
Strategic Implications for the Semiconductor Industry
The move toward chiplet-based security represents a shift in responsibility within the semiconductor supply chain. Platform integrators—the companies that buy chiplets from various vendors and package them—now assume the role of "Security Orchestrators." They must define the trust policies, manage the certificate chains, and ensure that the various components interoperate securely.
For chiplet vendors, the ability to provide a "security-ready" component with a verifiable identity and support for standard protocols like SPDM is becoming a key competitive advantage. Vendors who fail to provide transparent security credentials may find themselves excluded from high-value designs in the automotive, aerospace, and data center sectors.
Ultimately, the chiplet revolution is about more than just performance and cost; it is about creating a more resilient and flexible hardware ecosystem. By moving away from the "black box" security of monolithic SoCs and toward a transparent, policy-bound, and identity-centric platform model, the industry is laying the groundwork for a new era of trusted computing. As Berardino Carnevale and other leaders at Rambus emphasize, the goal is to ensure that the modular future is not just faster and cheaper, but fundamentally more secure.