Lattice Blog

Share:

[Blog] Redefining the Root of Trust Architectures of Tomorrow

[Blog] Redefining the Root of Trust Architectures of Tomorrow
Posted 09/27/2024 by Lattice Semiconductor

Posted in

The rapid digitalization of enterprise environments, coupled with a surge in sophisticated cyber threats, evolving security regulations, and the rise of quantum computing technology, has created a perfect storm in the cybersecurity landscape that demands heightened levels of agility and resiliency. To combat this, organizations must remain proactive in their approach to cyber defense and compliance. In the latest Lattice Security Seminar, Lattice security experts sat down with partners from AMI and Rambus to discuss how organizations can navigate this new regulatory environment using advanced security technology. The discussion covered the latest updates to Trusted Platform Module (TPM) technology, the innovative introduction of the Root of Trust for Measurement (RoTM) with Caliptra, and the seamless integration of these solutions into Field Programmable Gate Array (FPGA) technology implementations.

[Blog] Redefining the Root of Trust Architectures of Tomorrow - Panel

Navigating Evolving Security Regulations

Various regulatory guidelines have been, or soon will be, introduced to help ensure cyber resiliency and security. For example, on August 13, 2024, the National Institute of Standards and Technology (NIST) released its first three finalized post-quantum cryptography (PQC) algorithms. In addition, the National Security Agency (NSA) has increased efforts to prepare for quantum-powered attacks with the introduction of the Commercial National Security Algorithm Suite 2.0 – which will require national security system owners, operators, and vendors to implement PQC for all new software starting 2025. The European Union has also launched a myriad of new regulations including the Digital Operational Resilience Act (DORA) and Cyber Resiliency Act (CRA), designed to mitigate risk from accelerating security threats.

Emerging TPM Technology Updates

TPMs have long been a cornerstone of hardware-based security. A TPM is a specialized chip on a computer's motherboard that is designed to enhance overall system security by providing a secure way to store sensitive information like encryption keys, passwords, and digital certificates. The TPM standard, first developed by the Trusted Computing Group, provides an hardware root of trust (HRoT) that ensures the integrity of the system. It is likely one of the earliest standardized HRoTs that entered the market.

The TPM technology landscape is facing significant challenges. With Internet of Things (IoT) adoption expanding across industrialized settings, there is a need for the development of more flexible and power efficient HRoT implementations. In addition, amidst widespread shifts towards cloud computing and virtual workloads, HRoTs are being required to better support zero trust architectures via remote attestation and secure access to cloud resources, ensuring that only trusted devices can access sensitive data and systems. The use of artificial intelligence (AI) in cybersecurity is challenging the TPM’s static ASSP implementation. HRoTs must be agile to incorporate potential future updates to support AI-based threat detection and response directly at the hardware level. Finally, the biggest challenge arises from the advent of quantum computers. TPMs rely on traditional asymmetric cryptography, which becomes vulnerable to quantum attacks. Therefore, there is an urgent need to integrate PQC algorithms into TPMs. Incorporating TPM functionality into agile HRoT devices like FPGAs is crucial to ensure that devices remain secure in the face of emerging threats.

TPMs will need to be updated to provide stronger capabilities as attacks become more advanced and defense environments become more complex.

Caliptra: A Paradigm Swing in RoTM

The rise of open-source computing is driving a need for more interoperable RoTM capabilities. RoTM, a fundamental security concept, refers to the process of verifying the integrity and authenticity of a system's hardware and software components, starting from a trusted, immutable foundation. It is intended to establish a chain of trust that begins with a component that is inherently trusted (the "root") and extends to other parts of the system through a series of measurements and verifications.

In the context of RoTM, Caliptra – an open-source silicon RoT developed by the Open Compute Project – provides the essential functions of measuring, storing, and reporting system states in large-scale datacenters and Edge computing environments. Integrated into System-on-Chip (SoC) designs, Caliptra allows for secure boot processes and runtime attestation, which are vital for maintaining system integrity and detecting potential security breaches.

Caliptra represents a key development in the evolution of RoTM, establishing a standardized, open-source framework for safeguarding interoperable computing ecosystems. By providing an open-source, standardized implementation of a silicon RoT, it addresses several key challenges such as consistency, flexibility, future-proofing, and transparency. It also offers a uniform approach to RoTM across different hardware platforms, which is crucial for securing large-scale cloud and Edge computing environments. Moving forward, Caliptra will continue to be critical for maintaining secure interoperability between different cloud and Edge computing environments – providing a consistent security foundation across various software and hardware platforms.

Driving Dynamic HRoT with FPGAs

Lattice FPGAs play a pivotal role in supporting HRoT features like TPMs and Caliptra, with versatility and hardware-based capabilities that make them ideal for implementing and enhancing the security features provided by these technologies. For example, Lattice MachXO3D™, Lattice MachXO5D™-NX, and Lattice Mach™-NX offer a strong HRoT foundation with secure, immutable unique IDs for self-authentication, fast secure boot times, and a full suite of verified security services native to specific devices.

[Blog] Redefining the Root of Trust Architectures of Tomorrow - Device List

Lattice FPGAs also incorporate “crypto agile” capabilities in HRoT products to deliver future-proofed protection of server platforms and other connected device applications, such as PQC extensions. In addition, they provide an excellent platform for prototyping and testing new designs or features for both TPMs and Caliptra. Since FPGAs can be reprogrammed over the air, they allow designers to quickly iterate and validate designs without the need for fabricating new silicon each time. This is particularly useful for security modules like TPMs and Caliptra, where updates and improvements are required to meet evolving standards and regulations. In addition, they provide an excellent platform for prototyping and testing new designs or features for both TPMs and Caliptra.

Lattice FPGAs with HRoT capabilities have a dedicated cryptographic engine with both symmetric and asymmetric cryptographic functions. Additionally, Lattice HRoT products with integrated locking flash protects code from being erased, read, or rewritten from unauthorized access. They can establish unique device identities that are verified prior to allowing data exchanges, ensuring that a system’s core functions and components are protected. Additionally, they allow for the implementation of custom security features that can complement or enhance standard TPM or Caliptra implementations in specialized applications with unique security requirements, such as demanded by cyber resiliency standards. For systems already using FPGAs, integrating TPM or Caliptra functionality directly into the FPGA can also lead to more efficient and cost-effective designs.

FPGAs will continue to serve as an invaluable security asset in modern computing systems by providing essential support for dynamic technologies like TPMs and Caliptra. By leveraging the capabilities of FPGAs, organizations can build highly secure and reliable platforms that are well-protected against a wide range of threats. To learn more about FPGAs and their role in cybersecurity, contact the Lattice team today.

Share: