Enhance Secure Control Applications with Hardware Root-of-Trust and Dual Boot Capabilities

Builds on Proven MachXO3 Architecture – MachXO3D adds an immutable embedded security block, enhanced control functions, expanded user flash memory up to 2700 kbits, and available in Commercial, Industrial and AEC-Q100 qualified Automotive grade.

Highly Secured FPGA – Immutable security enables Hardware Root-of-Trust and pre-verified cryptographic functions such as ECDSA, ECIES, AES, SHA, HMAC, TRNG, Unique Secure ID and Public/Private Key Generation.

On Device Dual Boot Flash – No need for external memory for dual boot configuration. On device dual boot flash enables fail-safe programming and provides flexible in-field updates.


  • Simplifies implementation of hardware security by integrating Root-of-Trust in your platform’s first on, last off device
  • Supports security throughout the product lifecycle including device manufacturing and transport, platform manufacturing, installation, operation and decommissioning
  • Enables comprehensive protection against a variety of threats by providing data security, equipment security, data authentication, design security and brand protection
  • Programmable logic combined with secure dual boot configuration block provides flexibility during design implementation and enables secure updates after equipment deployment
  • Delivers robust security and pre-verified cryptographic functions compliant with NIST SP 800-193 PFR and CAVP guidelines to protect non-volatile memory, detect malicious code, and recover in case of corruption

Jump to


MachXO3D is NIST-CAVP certified and complies with NIST SP 800-193 PFR Guidelines

Lattice has completed the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CAVP) certification for the MachXO3D™ cryptographic functions listed below. NIST CAVP provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components. Federal Information Processing Standards (FIPS) is the U.S. federal government’s standard for cryptographic software.

The MachXO3D establishes a hardware Root-of-Trust (ROT) to protect, detect and recover the device and other components from unauthorized firmware access throughout their systems’ lifecycle, from the point of manufacturing to end of life. These security functions are compliant with NIST SP 800-193 PFR guidelines and now certified with NIST-CAVP validation tests described in below table.

NIST-CAVP Certifications for MachXO3D™ cryptographic functions

Validation Number C998
Test Capabilities Description
AES-ECB Direction: Decrypt, Encrypt
Key Length: 128, 256
ECDSA KeyGen (186-4) Curve: P-256
Secret Generation Mode: Testing Candidates
ECDSA SigGen (186-4) Capabilities:
    Curve: P-256
    Hash Algorithm: SHA2-256
ECDSA SigVer (186-4) Capabilities:
    Curve: P-256
    Hash Algorithm: SHA2-256
HMAC DRBG Prediction Resistance: No
Mode: SHA2-256
Entropy Input: 256
Nonce: 256
Personalization String Length: 0
Additional Input: 0
Returned Bits: 256
HAC-SHA2-256 MAC: 256
Key sizes < block size
KAS-ECC Function: Key Pair Generation
KAS-ECC CDH-Component Function: Key Pair Generation
SHA-256 Message Length: 8-65536 Increment 8

To see this certification on the NIST website, click here.

To learn more about NIST CAVP, click here.

MachXO3D Security Features Enablement in Lattice Diamond

The following is needed to enable the MachXO3D security features:

  • Installation of the Encryption Pack (found in Lattice Diamond Downloadable Software of the Software Downloads & Documentation section). Lattice Diamond Webpage
  • A Diamond Subscription license or a MachXO3D Security license.

Buy / Renew License

Family Table

MachXO3D Device Selection Guide
Features MachXO3D-4300 MachXO3D-9400
LUTs 4300 9400
Distributed RAM (kbits) 34 73
EBR SRAM (kbits) 92 432
UFM (kbits) 367/11223 1088/26933
PLLs 2 2
Hardened Security Block 1 1
Oscillator 1 1
On-chip Dual-boot Yes Yes
I3C compatible I/O Yes1 Yes1
MIPI D-PHY Support2 Yes Yes
VCC - 2.5/3.3V HC / ZC 4 HC / ZC 4
VCC - 1.2V -
Temperature Grades C / I / A5 C / I / A5

1. 4 pairs of I/O in bank 3 with I3C dynamic pull up capability.
2. HC device only.
3. When dual-boot is disabled, image space can be repurposed as extra UFM.
4. HC = High Performance / ZC = Low Power Option
5. C = Commercial, I = Industrial, A = Automotive

0.5 mm Spacing I/O Count

MachXO3D-4300 MachXO3D-9400
72 QFN (10 mm x 10 mm) 58 (HC, ZC) 58 (HC, ZC)
0.65 mm Spacing I/O Count

MachXO3D-4300 MachXO3D-9400
69-ball WLCSP (5.2 mm x 6.2 mm)   58 (HE)
0.8 mm Spacing I/O Count

MachXO3D-4300 MachXO3D-9400
256-ball caBGA (14 mm x 14 mm) 206 (HC1, ZC) 206 (HC, ZC1, HE2)
400-ball caBGA (17 mm x 17 mm)
335 (HC, ZC)
484-ball caBGA (19 mm x 19 mm)
383 (ZC1, HE2)

1. Available in automotive grade
2. Available in automotive grade only

Example Solutions

Secure Control PLD

  • Enhances Secure Control PLD functionality with dual boot and hardware root-of-trust to simplify implementation of comprehensive, flexible and robust hardware security throughout product lifecycle.

Secure Server

  • Hardened secure configuration block enables MachXO3D to protect, detect and recover itself from malicious attacks
  • FPGA fabric enables parallel processing capability to protect, detect and recover multiple platform firmware at the same time
  • Compliant with NIST SP 800 193 Platform Firmware Resiliency (PFR) guidelines

Chain of Trust Implementation

  • Hardware Root-of-Trust is the first link in chain of trust that protects entire systems
  • Hardened device configuration engine cryptographically authenticates MachXO3D’s configuration image at power-on
  • Embedded security block provides cryptographic functions to authenticate other platform firmware at power-on
  • With instant-on capability MachXO3D is the first device to boot up securely on the platform and as such is an excellent anchor for Chain of Trust

Battery Management Control using MachXO3D

  • MachXO3D provides controller for the battery management for mobile and portable embedded systems
  • Intelligent cell balancing for charge equalization for each battery cell.
  • Control charge/ discharge process and receive real-time battery information like State of Charge (SOC) and State of Health (SOH)

Design Resources

Intellectual Property & Reference Designs

Simplify your design efforts by using pre-tested, reusable functions


Complete Design Flows, High Ease of Use

Development Kits & Boards

Our development boards & kits help streamline your design process

Programming Hardware

Take the strain out of in-system programming & in-circuit reconfiguration with our programming hardware


*By clicking on the "Notify Me of Changes" button, you agree to receive notifications on changes to the document(s) you selected.


Technical Support

Need Help? We're Here to Assist You

Quality & Reliability

Reference Material to Help Answer Your Questions

Like most websites, we use cookies and similar technologies to enhance your user experience. We also allow third parties to place cookies on our website. By continuing to use this website you consent to the use of cookies as described in our Cookie Policy.