Lattice Semiconductor has updated the security stack for its FPGA devices, boosting the performance to monitor the firmware of up to five devices on a board in real time.
Using the Sentry 2.0 stack on the Lattice MACH-NX FPGA provides hardware Root-of-Trust (HRoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and 384bit encryption for the communications, computing, industrial, automotive, and smart consumer markets.
The stack now supports the secure enclave IP block in the MACH-NX that enables 384bit cryptography (ECC-256/384 and HMAC-SHA-384), up from 256bits in the pervious generation. This 384bit crypto is a requirement for many next-generation server platforms.
The stack is four times faster for pre-boot authentication, supporting faster ECDSA (40 ms), SHA (up to 70 Mbps), and QSPI performance (64 MHz). These features enable Sentry 2.0 to deliver faster boot times that help minimize system down time and reduce exposure to attempted attacks on firmware during the boot process.
This higher speed is also needed to provide the ability to monitor up to five firmware images in real-time. This could be for monitoring the smart network interface card or a disk controller.
Firmware represents a significant threat vector for computer systems, appliances, and associated infrastructure. If the first code that executes on a device when it powers on were to become compromised, then the entire system can and should no longer be trusted as secure. Firmware can be compromised through malicious attacks or unintentionally.
With the latest version, the FPGA device and stack can now be configured with a Lattice tool called Propel without having to use RTL.
“With Propel and the solution stack you don’t need RTL experience, it’s all pre-built,” said Marshall Goldberg, product manager at Lattice. “With Propel you can integrate all the pre-validated IP, including the RISC-V core and C code and the