Security solution with new Mach-NX FPGA
Lattice Semiconductor has announced the Lattice Mach-NX FPGA family, the second generation in its successful line of secure control FPGAs. Building on the capabilities of the Lattice MachXO3D family announced in 2019, Mach-NX FPGAs deliver heightened security features and the fast, power-efficient processing needed to implement a real-time Hardware Root-of-Trust (HRoT) on future server platforms, as well as computing, communications, industrial, and automotive systems.
Mach-NX marks the third FPGA family developed on the Lattice Nexus FPGA platform in a year.
“The race is on between bad actors trying to exploit firmware vulnerabilities and developers designing server platforms with the security features and performance to stop them,” said Patrick Moorhead, President and Founder of Moor Insights & Strategy. “Protecting systems requires a real-time HRoT with support for stronger cryptography algorithms like ECC 384 and new, robust data security protocols like SPDM. Lattice’s Mach FPGA families can simplify and accelerate implementation of these technologies for server OEMs looking to secure their platforms against cyberattack and IP theft.”
Esam Elashmawi, Chief Strategy and Marketing Officer at Lattice, added: “Securing systems against unauthorised firmware access goes beyond establishing a HRoT at boot. It also requires that components used to build the system are not compromised as they move through the global supply chain. When combined with the additional protection afforded by our SupplyGuard security service, Lattice Mach-NX FPGAs can protect a system throughout its entire lifecycle: beginning at the time components start moving through the supply chain, through initial product assembly, end-product shipping, integration, and throughout the product’s operational lifetime.”
Building on the system control capabilities of the Mach family, Mach-NX FPGAs combine a secure enclave (an advanced, 384-bit hardware-based crypto engine supporting reprogrammable bitstream protection) with a logic cell (LC) and I/O block. The secure enclave helps secure firmware, and the LC and I/O block enable system control functions such as power management and fan control.
Mach-NX FPGAs can verify and install the over-the-air firmware updates that keep systems compliant with evolving security guidelines and protocols. The Mach-NX FPGA’s parallel processing architecture and dual-boot flash memory configuration provide the near instantaneous response times needed to detect and recover from attacks (a level of performance beyond the capabilities of other HRoT platforms like MCUs).
Mach-NX FPGAs will support the Lattice Sentry solutions stack, a robust combination of customisable embedded software, reference designs, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193).
Key features of the Mach-NX family include:
- Secure system control: Mach-NX FPGAs’ logic (up to 11K LCs) and high I/O count (up to 379) enable fast and secure system control. Lattice is a long-standing leader in programmable logic for system control. Mach FPGAs have an attach rate of over 80 percent on current shipping server platforms.
- Robust standards and protocol compliance: The Mach-NX FPGAs’ 384-bit hardware crypto engine supports quick-and-easy implementation of leading-edge cryptography like ECC 384 and industry-standard security protocols such as NIST SP-800-193 and MCTP-SPDM. Upcoming server platforms will require support for these protocols.
- End-to-end supply chain protection: Mach-NX FPGAs are supported by the Lattice SupplyGuard supply chain security subscription service. SupplyGuard gives OEMs and ODMs peace-of-mind by tracking locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport via the global supply chain, system integration and assembly, initial configuration, and deployment.
- Rapidly customisable: The Lattice Propel design environment accelerates design of a customised, PFR-compliant HRoT solution. The tool uses a GUI-based development environment that allows developers to create PFR solutions while minimising the need to write RTL code.