FPGA enhances security with hardware root-of-trust capabilities
Lattice Semiconductor has announced the MachXO3D FPGA for securing systems against a variety of threats. Unsecured systems can lead to data and design theft, product cloning and overbuilding, and device tampering or hijacking. With MachXO3D, OEMs can simplify the implementation of robust, comprehensive and flexible hardware-based security for all system components.
MachXO3D can protect, detect and recover itself and other components from unauthorised firmware access at every stage of a system’s life cycle, from the point of manufacturing all the way to the system’s end of life.
Component firmware is an increasingly popular attack vector for cyber attacks. In 2018, security vulnerabilities rendered over three billion chips in systems of all types vulnerable to data theft via the exploitation of firmware vulnerabilities.
Unsecured firmware also exposes OEMs to the financial and brand reputation risks associated with device hijacking (for use in DDoS attacks) and device tampering or destruction. Failure to address these risks can negatively impact a company’s reputation and financial performance.
Patrick Moorhead, President and Founder of Moor Insights & Strategy, said: “Compromised firmware is particularly insidious as it not only leaves user data vulnerable, but can also make systems permanently inoperable, disrupting the user experience and exposing OEMs to liability. FPGAs provide a compelling hardware platform choice for securing system firmware as they’re able to perform multiple functions in parallel, making them much faster at identifying and responding to unauthorised firmware when detected.”
When used to implement system control functions, MachXO3 FPGA devices are typically the 'first-on/last-off' component on circuit boards. By integrating security and system control functions, the MachXO3D becomes the first link in chain of trust that protects entire systems.
With MachXO3D, Lattice is enhancing the device configuration and programming steps in the manufacturing process. These enhancements, in combination with MachXO3D’s security features, protect systems by securing communication between the MachXO3D and legitimate firmware providers. This protection is in effect throughout the component’s entire life cycle, including system manufacture, transit, installation, operation and decommissioning. According to Symantec, there was a 78% increase in supply chain-related attacks between 2017 and 2018.
“System developers commonly take advantage of FPGA flexibility to enhance system functions after deployment,” said Gordon Hands, Director of Product Marketing, Lattice Semiconductor. “With MachXO3D we took care to retain that flexibility while adding a secure configuration block to deliver the industry’s first control-oriented FPGA compliant with NIST’s Platform Firmware Resilience specification.”
Key features of the new MachXO3D include:
- Control function FPGA that provides 4K and 9K look-up tables for implementing logic that instantly configures at power up from on device flash memory
- On-device regulator for single 2.5/3.3V power supply operation
- Support for up to 2,700 Kbits of user Flash memory and up to 430 Kbits sysMEM embedded block RAM to provide more flexible design options
- Up to 383 IO, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a wide variety of system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate
- Embedded Security Block that provides pre-verified hardware support for cryptographic functions such as ECC, AES, SHA, PKC and Unique Secure ID
- Embedded Secure Configuration Engine to ensure only FPGA configurations from a trusted source can be installed
- Dual on-device configuration memories to enable fail-safe reprogramming of component firmware in the event of compromise