Enhance Secure Control Applications with Hardware Root-of-Trust and Dual Boot Capabilities

Builds on Proven MachXO3 Architecture – MachXO3D adds on immutable embedded security block, enhanced control functions, and expanded user flash memory up to 2700 kbits.

Highly Secured FPGA –Immutable security enables Hardware Root-of-Trust and pre-verified cryptographic functions such as ECDSA, ECIES, AES, SHA, HMAC, TRNG, Unique Secure ID and Public/Private Key Generation.

On Device Dual Boot Flash – No need for external memory for dual boot configuration. On device dual boot flash enables fail-safe programming and provides flexible in-field updates.


  • Simplifies implementation of hardware security by integrating Root-of-Trust in your platform’s first on, last off device
  • Supports security throughout the product lifecycle including device manufacturing and transport, platform manufacturing, installation, operation and decommissioning
  • Enables comprehensive protection against a variety of threats by providing data security, equipment security, data authentication, design security and brand protection
  • Programmable logic combined with secure dual boot configuration block provides flexibility during design implementation and enables secure updates after equipment deployment
  • Delivers robust security and pre-verified cryptographic functions compliant with NIST SP 800-193 PFR and CAVP guidelines to protect non-volatile memory, detect malicious code and recover in case of corruption

Jump to


MachXO3D is NIST-CAVP certified and complies with NIST SP 800-193 PFR Guidelines

Lattice has completed the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CAVP) certification for the MachXO3D™ cryptographic functions listed below. NIST CAVP provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components. Federal Information Processing Standards (FIPS) is the U.S. federal government’s standard for cryptographic software.

The MachXO3D establishes a hardware Root-of-Trust (ROT) to protect, detect and recover the device and other components from unauthorized firmware access throughout their systems’ lifecycle, from the point of manufacturing to end of life. These security functions are compliant with NIST SP 800-193 PFR guidelines and now certified with NIST-CAVP validation tests described in below table.

NIST-CAVP Certifications for MachXO3D™ cryptographic functions

Validation Number C998
Test Capabilities Description
AES-ECB Direction: Decrypt, Encrypt
Key Length: 128, 256
ECDSA KeyGen (186-4) Curve: P-256
Secret Generation Mode: Testing Candidates
ECDSA SigGen (186-4) Capabilities:
    Curve: P-256
    Hash Algorithm: SHA2-256
ECDSA SigVer (186-4) Capabilities:
    Curve: P-256
    Hash Algorithm: SHA2-256
HMAC DRBG Prediction Resistance: No
Mode: SHA2-256
Entropy Input: 256
Nonce: 256
Personalization String Length: 0
Additional Input: 0
Returned Bits: 256
HAC-SHA2-256 MAC: 256
Key sizes < block size
KAS-ECC Function: Key Pair Generation
KAS-ECC CDH-Component Function: Key Pair Generation
SHA-256 Message Length: 8-65536 Increment 8

To see this certification on the NIST website, click here.

To learn more about NIST CAVP, click here.

Family Table

MachXO3D Device Selection Guide
Features MachXO3D-4300 MachXO3D-9400
LUTs 4300 9400
Distributed RAM (kbits) 34 73
EBR SRAM (kbits) 92 432
UFM (kbits) 367/11223 1088/26933
PLLs 2 2
Hardened Security Block 1 1
Oscillator 1 1
On-chip Dual-boot Yes Yes
I3C compatible I/O Yes1 Yes1
MIPI D-PHY Support2 Yes Yes
Core Vcc 2.5 - 3.3V 2.5 - 3.3V
Commercial Temperature Grade Yes Yes
Industrial Temperature Grade Yes Yes
High Performance / Low Power Option HC / ZC HC / ZC

1. 4 pairs of I/O in bank 3 with I3C dynamic pull up capability.
2. HC device only.
3. When dual-boot is disabled, image space can be repurposed as extra UFM.

0.5 mm Spacing I/O Count
MachXO3D-4300 MachXO3D-9400
72 QFN (10 mm x 10 mm) 58 (HC / ZC) 58 (HC / ZC)
0.8 mm Spacing I/O Count
MachXO3D-4300 MachXO3D-9400
256-ball caBGA (14 mm x 14 mm) 206 (HC / ZC) 206 (HC / ZC)
400-ball caBGA (17 mm x 17 mm) 335 (HC / ZC)
484-ball caBGA (19 mm x 19 mm) 383 (HC)

Example Solutions

Secure Control PLD

  • Enhances Secure Control PLD functionality with dual boot and hardware root-of-trust to simplify implementation of comprehensive, flexible and robust hardware security throughout product lifecycle.

Secure Server

  • Hardened secure configuration block enables MachXO3D to protect, detect and recover itself from malicious attacks
  • FPGA fabric enables parallel processing capability to protect, detect and recover multiple platform firmware at the same time
  • Compliant with NIST SP 800 193 Platform Firmware Resiliency (PFR) guidelines

Chain of Trust Implementation

  • Hardware Root-of-Trust is the first link in chain of trust that protects entire systems
  • Hardened device configuration engine cryptographically authenticates MachXO3D’s configuration image at power-on
  • Embedded security block provides cryptographic functions to authenticate other platform firmware at power-on
  • With instant-on capability MachXO3D is the first device to boot up securely on the platform and as such is an excellent anchor for Chain of Trust

Design Resources

Intellectual Property & Reference Designs

Simplify your design efforts by using pre-tested, reusable functions

Application Notes

Learn how to get the most from our line-up of FPGAs / development boards


Complete Design Flows, High Ease of Use

Development Kits & Boards

Our development boards & kits help streamline your design process

Programming Hardware

Take the strain out of in-system programming & in-circuit reconfiguration with our programming hardware



Quality & Reliability

Reference Material to Help Answer Your Questions

Like most websites, we use cookies and similar technologies to enhance your user experience. We also allow third parties to place cookies on our website. By continuing to use this website you consent to the use of cookies as described in our Cookie Policy.