Security IP Products

Helios Memory Guard

What Problem Helios Memory Guard (HMG) Solves

With physical access, instructions and data are vulnerable to inspection and modification as they get loaded from external memory and storage.  Physical attacks such as bus snooping, memory interposing, side channel analysis, and cold boot; which enable these vulnerabilities, have proliferated—to the point that hobbyists can now perform them using consumer-grade equipment. The authentication and encryption provided by HMG mitigates these physical attacks by ensuring that loaded instructions are authentic and that data remains confidential through its entire lifecycle.

Diagram of AMD Versal Prime chip architecture showing components like dual-core application processor, real-time processor, programmable logic, DSP engines, memory controllers, Ethernet cores, crypto engine, and PCIe interface.

How HMG Works

Helios Memory Guard (HMG) is shimmed in between the processor and memory controller to provide just-in-time encryption, decryption, and authentication for all memory write and read requests. This is done per cache line—in hardware—using ephemeral keys that roll on every write. HMG also performs decryption and authentication of boot/load-time images that have been encrypted by the Helios Packager prior to deployment. The user maintains full ownership and management of the load-time keys.

Benefits

  • Technology Protection: Maintains confidentiality and integrity of Intellectual Property (IP) and Critical Program Information (CPI) within the memory and storage subsystems
  • Performant Security: Inline memory encryption introduces less than a 6% latency impact in typical deployments
  • Tamper Resistant:Resistant to reverse engineering threats—including Differential Power Analysis (DPA)
  • Transparent to User/Developer: Maintains compatibility with existing software design and development practices, requiring no modification to the compilation process
  • Simple to Integrate: A drag-and-drop design delivered with reference designs and test benches using common interface IP.
  • Set and Forget, Simple Maintenance: No annual maintenance contracts or requirements, implementation of future updates are optional

Features

  • Data-at-Rest Encryption: Encrypts and signs data for provisioning and decrypts and authenticates during load
  • Inline Memory Protection: Encrypts and authenticates memory during runtime 
  • NIST Compliant, SCA Resistant Cryptography:  Uses CNSA 2.0 and FIPS 140-3 approved crypto algorithms with Side Channel Analysis (SCA) countermeasures
  • Compatible with Common Peripheral IP: Compatible with Xilinx LogiCORE and Synopsys DesignWare AXI Peripheral IP

Deliverables

  • IP_XACT Package      
    - HMG RTL
    - Cacheline Normalizer RTL
  • RTL Software Development Kit
    -HMG Driver
    - Packager (Software Encryption Utility with FIPS validated Hardware Security Module (HSM) Support 
  • User Documentation
    - Product Guide
    - Hardware Integration Guide
    - Software Developers Manual 
  • Reference Designs 
  • Technical Support

Frequently Asked Questions

Compatibility

+
What FPGAs can HMG be used with?
+
Can HMG be used in custom ASIC designs?

Security

+
Who generates the keys used by Helios?
+
Which encryption algorithms are used by Helios?

Performance

+
What is the memory performance impact of HMG?
+
How much fabric does HMG utilize?
Learn More about Helios Secure Processor >

Request More Info

Schedule a Time To Talk

Frequently Asked Questions

No items found.
Company
Who We AreWhat We DoCareersNewsContact Us
Security IP
Helios Cyber Secure Processor
Immunity Inline Memory Encryption
Immunity Side Channel Resistant Crypto Cores
BusCop MIL-STD-1553B Cyber Security
Integrated Security solutions
Keystone Security Architecture (Agent and Broker)
Copyright © 2025 Idaho Scientific
Terms and Conditions
Privacy Policy