Lattice Semiconductor has updated the security stack for its FPGA devices, boosting the performance to monitor the firmware of up to five devices on a board in real time.
Using the Sentry 2.0 stack on the Lattice MACH-NX FPGA provides hardware Root-of-Trust (HRoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and 384bit encryption for the communications, computing, industrial, automotive, and smart consumer markets.
The stack now supports the secure enclave IP block in the MACH-NX that enables 384bit cryptography (ECC-256/384 and HMAC-SHA-384), up from 256bits in the pervious generation. This 384bit crypto is a requirement for many next-generation server platforms.
The stack is four times faster for pre-boot authentication, supporting faster ECDSA (40 ms), SHA (up to 70 Mbps), and QSPI performance (64 MHz). These features enable Sentry 2.0 to deliver faster boot times that help minimize system down time and reduce exposure to attempted attacks on firmware during the boot process.
This higher speed is also needed to provide the ability to monitor up to five firmware images in real-time. This could be for monitoring the smart network interface card or a disk controller.
Firmware represents a significant threat vector for computer systems, appliances, and associated infrastructure. If the first code that executes on a device when it powers on were to become compromised, then the entire system can and should no longer be trusted as secure. Firmware can be compromised through malicious attacks or unintentionally.
With the latest version, the FPGA device and stack can now be configured with a Lattice tool called Propel without having to use RTL.
“With Propel and the solution stack you don’t need RTL experience, it’s all pre-built,” said Marshall Goldberg, product manager at Lattice. “With Propel you can integrate all the pre-validated IP, including the RISC-V core and C code and the streams to monitor on the bus. You can visually lay these out and place the I/O where its most convenient, change the chip layout to put the I/O in the right place. The PLD interface sits between the C Code and the optional RTL logic, and you modify the reference code eg for number of QSPI and memory addresses, firmware, update mechanisms, as well as response to attacks, eg failover to return to known good state – then you can add more functions such as power sequencing.”
“Lattice is a long-time leader in server control solutions, and Lattice control PLDs are the first-on/last-off component in many servers currently in service,” said Eric Sivertson, Vice President of Security Business at Lattice. “With the Sentry stack, developers can easily add support for strong firmware security to system control applications based on Lattice secure control PLDs, creating an ideal platform to establish a HRoT to validate the legitimacy of all firmware instances in a system.”
Related security articles
- Securing the Internet of Things
- Secure Thingz teams for IoT
- ASIC reference designs reduce cost and time by a third
Other articles on eeNews Europe
- Europe to build a digital twin of the earth
- FD-SOI breakthrough boosts performance
- Less is more: the challenge of 3D-NAND memory
- NXP shows first details of edge AI i.MX9 processor
- SiPearl teams for 6nm HPC chip
- Raspberry Pi links sensors to IoT digital twin