Enhanced FPGA enables hardware root of trust

In a double announcement, Lattice Semiconductor unveiled a new control FPGA with enhanced security features, and updated its SensAI stack to improve artificial intelligence (AI) performance on its low power FPGAs by a factor of ten.

This is the company’s first silicon release since new CEO Jim Anderson took over last August, at which point most of the senior leadership team also changed. At the company’s financial analyst day in New York today, Anderson made reference to “remodelling” the company, completely revamping almost every element of the business, said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy.

“I took the characterization as a [combination of] a completely new leadership team with focusing on lowest power FPGAs, getting away from areas like HDMI IP, plus more financial discipline and a development change to reuse more IP for efficiency,” Moorhead said.

At the same event, Lattice R&D lead Steve Douglass teased the company’s next generation FPGA platform. This will include a new, more efficient architecture using a lower power Samsung 28nm FD-SOI process, increased DSP capabilities and 5x the on-chip memory. But the new design still uses a lower-risk, less complex 4 look up table design.

Devices built on the new architecture will be sampling in 2020.

Hardware Security
With the silicon announced today, Lattice has chosen to address a number of security threats caused by unauthorised firmware access.

“Our customers in a whole variety of areas are starting to worry a lot about security of their hardware,” said Gordon Hands, Lattice’s director of product marketing. “Traditionally, people have thought of computer security as being a software issue; they were worried about viruses, now people are starting to think about it at the hardware level.”

Component firmware cyberattacks are certainly on the increase. Hands referred to the hacking of Jeep vehicles, which led to parent company Fiat Chrysler recalling almost 1.4 million vehicles, and the Mirai botnet attack that hacked an army of internet of things (IoT) devices and used them to launch a huge distributed denial of service (DDoS) attack. The risks of security concerns — such as equipment hijacking, design theft, data corruption and theft, counterfeiting and overbuilding — still loom large, he said.

The new Lattice device, designated MachXO3D, can be used as a hardware root of trust (RoT), a device that can always be trusted to operate as expected. RoT functions, such as verifying the device’s own code and configuration, must be implemented in secure hardware. By checking the security of each stage of power-up, RoT devices form the first link in a chain of trust that protects the entire system.

Since Lattice’s MachXO3 family is widely used to implement system control functions in server boards, telecommunications equipment, and industrial equipment, devices in this family are often the first component to be powered up, and the last to power down.

“A lot of critical infrastructure boards have a control PLD that manages resets, manages the sequencing of the power supplies as the system powers up, then it also manages system shutdown. This makes them the ideal place to put the RoT capability,” said Hands. “The MachXO3D is the first small control-oriented FPGA that’s been developed to be compliant with [NIST’s Platform Firmware Resiliency] guidelines. It’s compliant itself, as a chip, and it also enables our customers to build systems that are compliant with the guidelines.”

The MachXO3D has functionality to protect non-volatile memory through access control, cryptographically detect and prevent booting from malicious code, and recovers to the latest trusted firmware in case of corruption. Ports can be dynamically reconfigured to minimize any attack surface; and the instruction set and security scheme can be changed dynamically.

Additional security functions, such as the use of transport keys and secure erase packets, extend security throughout the supply chain and to the product’s end of life.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.