MachXO3D: Enabling Hardware Security
Posted 05/20/2019 by Gordon Hands
We live in an increasingly connected world, filled with communication systems, cloud computing and Edge devices working together to increase safety, comfort and convenience. But with that connectivity comes risk. We’re all familiar with how hackers exploit vulnerabilities in software to illegitimately access systems, but hardware is also vulnerable. In 2018, security vulnerabilities rendered over 3 billion chips in systems of all types vulnerable to data theft via the exploitation of firmware. For additional examples, check out these stories:
1.4 million vehicles recalled after hardware hack
IoT-devices hijacked to perform world’s biggest DDoS attack ever
System developers are looking to respond to the threats outlined above and others to ensure their hardware provides security against data and design theft, product cloning and overbuilding, and device tampering or hijacking. Failure to address these risks can spell disaster for a company’s reputation and financial performance. Even scarier? Components are vulnerable during their entire lifecycle, including at the point of manufacture, transit, installation, operation and decommissioning. According to Symantec, there was a 78 percent increase in supply chain-related attacks between 2017 and 2018.
Today, Lattice makes an important contribution to the development of secure systems with the introduction of our new MachXO3D FPGA. MachXO3D adds Root-of-Trust (RoT) capability and a variety of security related functions to an FPGA architecture that is already a popular choice for implementing control functions in communications systems, computer servers, industrial and other applications. Typically in performing these control functions, the MachXO3D is the first digital device on in a system and the last device off. This is an ideal place to implement RoT as it allows the development of systems where trust is established for all components. Developers can build on this foundation to secure systems against the threats outlined above.
Increasingly, organizations are creating new standards that address different aspects of hardware security. NIST recently introduced a new standard addressing the issue of firmware security, the Platform Firmware Resiliency (PFR) Standard. The Lattice MachXO3D is the first control-oriented FPGA to comply with this standard. It also enables implementation of complete systems that comply with this standard.
The MachXO3D can be used to enable security in a wide range of applications in a variety of markets.
This protection is in effect throughout the component’s entire lifecycle, including system manufacture, transit, installation, operation and decommissioning.
Features of the MachXO3D include:
- Control function FPGA that provides 4K and 9K look-up tables for implementing logic that instantly configures at power up from on device flash memory
- On-device regulator for single 2.5/3.3-volt power supply operation. Support for up to 2700 Kbits of user Flash memory and up to 430 Kbits sysMEM™ embedded block RAM to provide more flexible design options
- Up to 383 I/Os, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a wide variety of system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate
- Embedded Security Block that provides pre-verified hardware support for cryptographic functions such as ECC, AES, SHA, Public Key Cryptography and Unique Secure ID
- Embedded Secure Configuration Engine provides Root-of-Trust by ensuring FPGA configurations can only be installed from trusted sources
- Dual on-device configuration flash to enable fail-safe reprogramming of component firmware in the event of compromise
I invite you to visit our MachXO3D product page for more information, including examples of possible secure system configurations leveraging this innovative new FPGA.