What is Root of Trust?

Definition: Highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. Roots of trust provide a solid foundation upon which security and trust can be built.


Root of Trust explained

Encryption, signing, authentication, and authenticated key exchange are all cryptographic operations that rely on secret keys that must be kept secure and remain secret. Therefore, any deployment of cryptography must be carefully considered on the basis of how the secret keys are stored and protected. A robust method of protection is critical in order to become the ‘root of trust’ - the foundation of trust for the entire computing ecosystem.

A root of trust is a vital component of any Public Key Infrastructure (PKI) and Symmetric Key Infrastructures to generate and protect root Certificate Authority keys which are required for:

  • Code signing to ensure software remains secure, unaltered, and authentic,
  • Generating and safe-guarding digital keys and certificates for credentialing and authenticating devices for IoT applications (managing the life-cycle of the device), and other network deployments.

Secure Root of trust functions usually include hardware security modules. A hardware root of trust serves as the foundation for all secure operations of a computing system. It generates, protects and stores the keys that are needed for cryptographic functions within its secure environment, and it is generally part of the secure boot process that provides the foundation for a software chain of trust.

The concept in a hardware root of trust stands out as highly effective compared to lower-level security measures. It is mandatory in many industry-grade standards and regulations (e.g., government, banking, military). A programmable hardware root of trust is designed to be updated on a regular basis in order to keep up with the latest network, app, and device threats and exploitations.



Blog posts

Blog posts

somebody is clicking on the phone
Blog post

Understanding the Role of Hardware Security Modules in Public Key Infrastructure (PKI)

Public key infrastructure protects communications between users and website servers. The underlying Hardware Security Modules are the root of trust which protect PKI from being breached.
digital avatar
Blog post

Understanding the Role of Hardware Security Modules in Digital Identities for Humans

eIDAS created standards for trust services to ensure that digital identities, including those for humans remain secure. Here we will examine the role that HSMs play in securing digital identities for humans.
a machine with icons around
Blog post

Understanding the Role of Hardware Security Modules in Digital Identities for Machines

Humans are not the only ones that need the security of a digital identity. Machines used in digital transactions are a target for hackers, necessitating the protection that digital identities provide for all stakeholders in order to prevent security breaches.
cloud icon
Blog post

Understanding the Role of Hardware Security Modules in the Hybrid Cloud

More businesses have come to rely on the use of public cloud environments as these environments have been proven to provide more security than typical on-premises data centers. However, it is essential that businesses keep data that is migrating between their data centers and the cloud secure at all times.
a girl is holding a phone
Blog post

Understanding the Role of Hardware Security Modules in Digital Signing

The standards mandated by eIDAS work to ensure the integrity of electronic signatures. However, what is also mandated is the need for sufficiently protecting the cryptographic processes.
ABI Research awards
Blog post

Utimaco named the Overall Leader and Top Implementer in the HSM Market by ABI Research

The latest Hardware Security Module, OEM competitive assessment by global technology intelligence firm ABI Research, announced Utimaco as the overall leader in the HSM market.
Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.