Lattice Sentry and SupplyGuard: Dynamic Trust and Hardware Security
Posted 08/12/2020 by Eric Sivertson
For developers designing electronic products serving nearly every market, securing their product designs against firmware-based attacks is becoming a serious concern. The National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent, and industry analyst Gartner reports by 2022 “70 percent of organizations that do not have a firmware upgrade plan in place will be breached due to a firmware vulnerability.”
Electronic systems must change and adapt to new threats as they evolve, and automatically take appropriate action when compromised firmware is detected. To protect system firmware, security solutions need “dynamic trust”: resiliency against firmware attacks based on a parallel, real-time, reactive solution that offers comprehensive firmware protection throughout a system’s lifecycle, beginning with the time components spend moving through the supply chain, from initial product assembly, end-product shipping, integration, and the product’s entire operational lifetime.
Keeping a component secure as it moves through the supply chain becomes challenging due to a range of potential threats.
How can OEMs protect themselves from a constantly evolving threat landscape? Thankfully, the U.S. federal government’s National Institute of Standards and Technology (NIST) recognized the threat to firmware and released the NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) to address the importance of properly implementing PFR. The guidelines promote resiliency in the platform by describing security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and recovering from attacks rapidly and securely.
The guidelines support resiliency of platforms against attacks by following three principles.
- Protection: NIST guidelines for protection include mechanisms for ensuring that platform firmware and critical data remain in a state of integrity and are protected from corruption, including a process for ensuring the authenticity and integrity of firmware updates. The guidelines also require concurrent monitoring of all protected external memories and their interface buses at runtime (with nanosecond response times) and enforcement of strict access controls to all firmware.
- Detection: Mechanisms for detecting when platform firmware code and critical data have been corrupted. This requires autonomous firmware authentication of protected ICs before they boot.
- Recovery: Mechanisms for restoring platform firmware code and critical data to a known good, authenticated state of integrity in the event they are detected to have been corrupted, even against Denial of Service and Replay Attack scenarios, and when forced to recover through an authorized mechanism. This recovery needs to occur automatically and in real time to keep the system online while minimizing the use of hands-on support resources.
To address this rapidly evolving market and developing standards, Lattice Semiconductor has dramatically extended the capabilities of its hardware security products with a new value-added security solutions stack and a new supply chain security service.
Introducing Lattice Sentry Solutions Stack
The Lattice Sentry™ solutions stack minimizes in-system firmware attack vulnerabilities by providing real-time, dynamic protection, detection, and recovery capabilities to all programmable components in a system. The Sentry solutions stack delivers a complete, fully validated, easily customizable NIST 800-193 compliant PFR solution using Lattice’s MachXO3D™ secure FPGA. The solutions stack includes a suite of ready-to-use, resilient, production validated IP cores to help protect and monitor SPI and I2C devices and their buses within a system. The stack also includes demo boards and reference designs to test and showcase PFR capabilities. Software tools available with the stack include Lattice’s latest IP ecosystem and development environment, Lattice Propel™. Propel helps even non-FPGA users customize their PFR implementations by letting them modify the C code for the stack’s RISC-V processor IP, and visually layout the IPs used to create a full system. This system can be imported into the Lattice Diamond Tool to generate a configuration bitstream. The stack includes a full PFR reference design featuring easily modifiable PFR management code, quick switch schematics for SPI/QSPi, a manifest generator, and a processor command emulator.
The Lattice Sentry Solutions Stack
Lattice SupplyGuard – A Trailblazing New Supply Chain Security Service
In addition to Sentry, Lattice offers SupplyGuard™, an end-to-end supply chain security service that secures customer IP throughout the supply chain by delivering factory-locked Lattice FPGAs resistant to tampering, unauthorized hardware modification, overbuilding, counterfeiting, and IP theft as they move through the supply chain. This service helps customers ensure that the configuration bitstream and external firmware authentication keys stored on the FPGA are copy- and tamper-resilient. Using SupplyGuard, developers can protect their products across the entire supply chain. SupplyGuard offers protection through secure key provisioning and device ownership transfer performed in a secure, proprietary fashion, setting it apart from currently available provisioning solutions.
The SupplyGuard process begins with Lattice’s assignment of a customer-specific part number to the customer’s FPGA. Each customer-specific FPGA is programmed at Lattice’s factory with customized, cryptographic credentials that allow only the customer to program the FPGA with a configuration bitstream and authentication keys. The services maintains trust and protection as FPGAs move through a supply chain using common carriers and when systems are assembled in third-party factories. The chips depart the Lattice factory completely locked, and only the customer has the required credentials to unlock the FPGA. Lattice generates these unlock credentials using FIPS 140-2 certified High Security Modules (HSMs) and provides them to the customer, who then uses their own HSM to decrypt the credentials; no human in the chain has access to these credentials. The customer’s HSM now has the credentials needed to encrypt and sign the customer’s customized configuration bitstream and authentication keys. Further, the customer’s IP and cryptographic keys are never exposed to Lattice or the supply chain in any form.
Once locked with SupplyGuard, a customer’s FPGA becomes a mini fortress as it moves through the supply chain: locked and inaccessible until ready to be programmed with the customer’s configuration bitstream. The customer’s encrypted, signed bitstream is the only one that can be loaded onto these custom-locked FPGA’s. At the same time, the customer’s bitstream cannot be loaded onto another FPGA, which protects the customer’s IP and their authentication keys against cloning and overbuilding. The process of programming the customer’s bitstream passes cryptographic control of the chip from the Lattice factory-locked state to the customer-locked state. This ownership transfer occurs in a protected, encrypted state within the Lattice FPGA and is performed on a standard manufacturing line, using standard bulk factory programming equipment. The configuration bitstream remains secure and encrypted at all times, and protected ownership transfer occurs without any special security procedures, personnel, or equipment (e.g., HSM). This eliminates added time and cost associated with other factory key provisioning solutions.
For more information about Lattice Sentry and SupplyGuard, please take a look at our whitepaper for more information.