Development tools help implement NIST Platform Firmware Resiliency Guidelines

Lattice Semiconductor Corporation launched the Lattice Sentry solutions stack and the Lattice SupplyGuard supply chain protection service. The Sentry stack is a robust combination of customizable embedded software, reference designs, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193). The Lattice SupplyGuard service extends the system protection provided by the Sentry stack throughout today’s challenging and rapidly changing supply chain by delivering factory-locked devices to protect them from attacks like cloning and malware insertion, and enables secure device ownership transfer. These hardware security solutions are increasingly important to a range of applications, including communications, datacenter, industrial, automotive, aerospace, and client computing.

The security paradigm is changing, and firmware is an increasingly popular attack vector. The National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent[1]. Protecting systems against unauthorized firmware access requires dynamic, persistent, real-time hardware platform security for all connected devices. This includes securing component firmware from unauthorized access and enabling the system to automatically protect, detect, and recover from an attack in an instant. TPM and MCU-based hardware security solutions use serial processing and cannot deliver the real-time performance that parallel processing solutions like Lattice FPGAs can.

Key features of the Lattice Sentry solutions stack include:

• Hardware security capabilities – the Sentry solutions stack provides a pre-verified, NIST-compliant PFR implementation that enforces strict, real-time access controls to all system firmware during and after system boot. If corrupt firmware is detected, Sentry can automatically rollback to a previously known good state version of the firmware so secure system operation continues without interruption.
• Compliance with latest NIST SP-800-193 standard and CAVP certifications – the stack enables implementation of a hardware RoT through its support for the cryptographically-sound Lattice MachXO3D™ family of FPGAs.
• Ease of use – developers can drag-and-drop Sentry’s validated IPs and modify the included RISC-V C reference code in the Lattice Propel design environment without any prior FPGA experience.
• Rapid time-to-market – the Sentry stack provides pre-verified and tested application demos, reference designs, and development boards that can slash development times for PFR applications from ten months to just six weeks.
• Flexible, platform-agnostic security solution – Sentry offers comprehensive, real-time PFR support for firmware and programmable peripherals. It can act as a RoT in a system and/or complement any existing BMC/MCU/TPM-based architecture for full NIST SP-800-193 compliance.

Key features of the Lattice SupplyGuard supply chain protection service include:

• Robust security throughout device lifecycle – SupplyGuard is a subscribed service that offers OEMs and ODMs peace of mind by tracking locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport through the global supply chain, system integration and assembly, initial configuration, and deployment. SupplyGuard helps protect OEMs by:

o   Ensuring only authorized manufacturers can build an OEM’s design, regardless of their location.

o   Providing OEMs with a secure key infrastructure to prevent the activation of their IP on unauthorized components to stop product cloning and overbuilding.

o   Securing devices against the download and installation of Trojans, malware, or other unauthorized software to protect platforms and systems against equipment hijacking or other cyberattacks.

• Flexible, low-cost implementation – SupplyGuard is highly customizable to meet the specific security and supply chain needs of OEMs in every industry Lattice serves. The service lowers the operating costs associated with implementing a secure manufacturing ecosystem.