Lattice Blog


Next-Generation MachXO3D FPGAs Make Automotive Space Secure

Next-Generation MachXO3D FPGAs Make Automotive Space Secure
Posted 09/16/2020 by JP Singh & Jay Aggarwal

Posted in

For close to 100 years following the invention of the first gasoline-powered car by the German engine designer and automotive engineer, Karl Benz, in 1895, the term “security” in the context of cars meant locking the doors and walking away with the keys in your pocket or purse. How things have changed...

In the late 1970s and early 1980s, computers in the form of microprocessor units (MPUs) and microcontroller units (MCUs) started to work their way into high-end vehicles in the form of sophisticated engine control units (ECUs), also commonly called engine control modules (ECMs).

Since that time, the electronic and computational content of cars has grown at an exponential rate. Today’s automotive electronics include engine ignition and management systems, in-car entertainment systems, and telematics systems.

Today’s automobiles are equipped with things like GPS, Bluetooth, Wi-Fi, and cellular communications, along with advanced safety systems including lane departure warning and collision warnings. Many automotive applications employ sensor fusion between radar, lidar, and machine vision systems powered by artificial intelligence (AI) and machine learning (ML). Some vehicles have the ability to parallel park themselves at the touch of a button, with more capabilities of this type on the way. As a result, a typical car, circa 2020, contains around 50 computers, while high-end vehicles can contain 100 or more.

Do You Feel Secure?

Like many things, automotive electronic systems can be something of a “double-edged sword.” On the bright side, these systems can provide a wide range of sophisticated safety, automation, and entertainment features. Many of today’s vehicles boast advanced driver-assistance systems (ADAS) that automate, adapt, and enhance vehicle systems for safety and better driving, even going so far as to take control of the vehicle if necessary. These systems include things like adaptive cruise control, lane departure detection, warning, and correction, and collision avoidance. Some vehicles even have the ability to parallel park themselves at the touch of a button, with more capabilities of this type on the way.

The downside of having all of these sophisticated systems is the increased attack surface presented to hackers and other bad actors, where the term “attack surface” refers to the sum of the different points where an unauthorized user can try to enter data or extract data from a system, or take control of that system. The last thing you want is for someone with bad intent to take control of your car while you are cruising down the interstate.

Chains and Roots of Trust

There are two concepts that are of critical importance when it comes to ensuring automotive security: chain of trust (CoT) and root of trust (RoT).

A huge problem these days is counterfeit chips, whereby the creators of the system are not working with the devices they think they are. Counterfeit chips come in a variety of flavors, including “reconditioned chips,” which are harvested from electronic waste using crude and poorly controlled pro¬cesses; “gray market chips,” which may originate from overbuilds, reworked failures, or reclaims from retired systems; and “rogue chips,” which are reverse-engineered devices that may include additional functionality that can be used to corrupt data, exfiltrate data, and cause malfunctions in the system. In order to secure the system against counterfeit chips, a chain of trust must be established that can validate each hardware and software component in the system.

A root of trust is a source that can always be trusted by the rest of the system. A hardware root of trust is a device that is powered on before the rest of the system. This device first checks itself, and it then orchestrates the powering up of the rest of the system, including checking that any firmware being used by other system components has not been compromised. But to what sort of device could we entrust such an important task?

MachXO3D FPGAs Save the Day!

Lattice’s flash-based MachXO3™ FPGAs provide “instant-on” capabilities that allow them to be the platform’s first-on, last-off devices. As a result, these devices dominate the market for system control and power management functionality.

Dominating the platform control arena, MachXO3 FPGAs are the system’s first-on, last-off devices
Dominating the platform control arena, MachXO3 FPGAs are the system’s first-on, last-off devices.

Offering up to 9400 LUTs and 384 I/Os, the MachXO3 family’s extended (junction) temperature range of -40°C to +125°C addresses the needs of harsh automotive environments, while AEC-Q100 Grade 2 certification* meets established industry standards for automotive quality (*full certification is anticipated by 1Q 2021).

With regard to the chain of trust, the Lattice SupplyGuard™ service provides customers with factory-locked ICs that can only be programmed using a configuration bitstream that has been developed, signed, and encrypted by the intended customer.

In the context of security, MachXO3D™ automotive FPGAs add hardware security features that bring NIST-level security to automotive systems. In addition to enabling hardware root of trust in the form of the system’s first-on, last-off device, the MachXO3D’s Immutable Security Engine also enables pre-verified cryptographic functions such as ECDSA, ECIES, AES, SHA, HMAC, TRNG, Unique Secure ID, and public/private key generation.

The Immutable Security Engine -- along with Lattice’s recently introduced software and services offering, Lattice Sentry Stack -- supports security throughout the product lifecycle, including device manufacturing and transport, platform manufacturing, installation, operation, and even decommissioning. It also enables comprehensive protection against a variety of threats by providing data security, equipment security, data authentication, design security, and brand protection.

MachXO3D-based secure boot
MachXO3D-based secure boot.

Compliant with NIST SP 800 193 Platform Firmware Resiliency (PFR) guidelines, the MachXO3D FPGA’s hardened secure configuration block and dual-boot capability enables the device to protect, detect, and recover itself from malicious attacks. Furthermore, the massively parallel processing capability of its programmable fabric gives the MachXO3D the ability to protect, detect, and recover multiple platform firmware elements at the same time.

We Have Your Back

Using MachXO3D FPGAs, OEMs and automakers can simplify the implementation of robust, comprehensive, and flexible hardware-based security for all system components. MachXO3D FPGAs can protect, detect, and recover themselves and other components from unauthorized firmware access at system run time.

Furthermore, in conjunction with Lattice SupplyGuard, MachXO3D FPGAs can protect a system from malicious activity at every stage of that system’s lifecycle, from the point of manufacturing all the way to its end-of-life (EOL). For more information, visit our MachXO3D FPGA product page.