The appeal of more connected devices is not lost on the bad actors look to exploit firmware vulnerabilities – more connected devices mean more entries of attack. Cyber resilient control functions as a way of protecting firmware must be the first line of defense as traditional cybersecurity measures struggle to keep up with the increasing attack on firmware.
With the launch of the Lattice Mach-NX FPGA family, Lattice Semiconductor’s second generation of the MachXO3D family, aims to provide the real-time performance needed to counter attacks with security features and performance to stop them.
TheMach-NX FPGAs deliver heightened security features and the fast, power-efficient processing needed to implement a real-time Hardware Root-of-Trust (HRoT) on future server platforms, as well as computing, communications, industrial, and automotive systems. Mach-NX marks the third FPGA family developed on the Lattice Nexus FPGA platform in a year.
Building on the system control capabilities of the Mach family, Mach-NX FPGAs combine a secure enclave (an advanced, 384-bit hardware-based crypto engine supporting reprogrammable bitstream protection) with a logic cell (LC) and I/O block. The secure enclave helps secure firmware, and the LC and I/O block enables system control functions such as power management and fan control. Mach-NX FPGAs can verify and install the over-the-air firmware updates that keep systems compliant with evolving security guidelines and protocols.
The Mach-NX FPGA’s parallel processing architecture and dual-boot flash memory configuration provide the near-instantaneous response times needed to detect and recover from attacks (a level of performance beyond the capabilities of other HRoT platforms like MCUs). Mach-NX FPGAs will support the Lattice Sentry solutions stack, a robust combination of customizable embedded software, reference designs, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines.
“We are talking about dynamic, realtime, end-to-end protection,” says Peiju Chiang, Wireless Product manager at Lattice Semiconductor. “We give private key to our end customers so the only way this FPGA can be activated on the board is by loading this bitstream signed by the customers. The customer’s IP is protected as it moves through the supply chain. With Bitstream sign encrypted there is no way a contract manufacturer, for example, can reverse engineer the customer’s design.”
Key features of the Mach-NX family include:
Secure system control – Mach-NX FPGAs’ logic (up to 11K LCs) and high I/O count (up to 379) enable fast and secure system control. Lattice is a long-standing leader in programmable logic for system control. Mach FPGAs have an attach rate of over 80 percent on current shipping server platforms.
Robust standards and protocol compliance – the Mach-NX FPGAs’ 384-bit hardware crypto engine supports the quick-and-easy implementation of leading-edge cryptography like ECC 384 and industry-standard security protocols such as NIST SP-800-193 and MCTP-SPDM. Upcoming server platforms will require support for these protocols.
End-to-end supply chain protection – Mach-NX FPGAs are supported by the Lattice SupplyGuard supply chain security subscription service. SupplyGuard gives OEMs and ODMs peace-of-mind by tracking locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport via the global supply chain, system integration and assembly, initial configuration, and deployment.
Rapidly customizable – the Lattice Propel design environment accelerates the design of a customized, PFR-compliant HRoT solution. The tool uses a GUI-based development environment that allows developers to create PFR solutions while minimizing the need to write RTL code, and RISC-V embedded in the FPGAs allows for additional customization.