Comprehensive hardware security
Total text: 2900 words 2 pictures
Estimated reading time: 8 minutes
OEMs are generally interested in developing secure hardware that can address a wide range of security threats, such as data theft, data corruption, device hijacking, cloning, and design theft . In addition, security threats are no longer limited to systems in use. Attackers may target components at any point in the product lifecycle, from initial component production and shipment to contract manufacturers, to system integration and operation. Therefore, OEMs need a reliable solution that can protect hardware from threats at all stages of the system lifecycle.
How do OEMs solve this problem? They must use one or more hardware root-of-trust devices as a platform to provide cryptographic functions to ensure system security. This process includes data encryption, data authentication, firmware authentication, system authentication, and code/configuration encryption .
The root of trust device is the first link in the chain of trust that protects the entire system. Once designers identify the first trusted device (usually a PLD, FPGA, or MCU), it can serve as the cornerstone for implementing cryptographic functions and ensuring system hardware security. The root of trust device must contain hardware that can verify its own configuration and should be the first device to power up and the last to power down.
As the number and sophistication of security threats grow, what kind of security architecture do system designers need? First, any solution must be reliable enough to protect against existing or new firmware threats. To help designers evaluate the performance of their solutions, the National Institute of Standards and Technology (NIST) has recently defined a new unified security mechanism. NIST SP 800 193 Platform Firmware Protection and Recovery Guidelines aims to ensure that all system firmware has a trusted root of protection.
The developers of the standard emphasized the following three principles:
• Protection : Protect non-volatile firmware memory with access control
• Detection : Encrypted detection to prevent launching from malicious code
• Recovery : If compromised, revert to the latest trusted firmware
Engine Choice
Ideally, the engine that implements hardware security should have low power consumption, high design flexibility, scalability, and small physical size. MCUs can provide good computing resources, but they usually do not have the comprehensive functions required to help other system processors or components start up. In addition, once the MCU is running, it is difficult for it to monitor its own boot memory.
Field Programmable Gate Arrays (FPGAs) offer significant advantages over MCUs. FPGAs are often the first device to power up and coordinate system startup, and the last to power down after coordinating system shutdown. This first-up/last-down feature makes FPGAs ideal for quickly building a root of trust. Designers can use the parallel nature of FPGAs to check multiple memories simultaneously, significantly reducing boot time. Unlike MCUs, FPGAs can protect nonvolatile memories through real-time monitoring. Finally, in the event of a system corruption, FPGAs can provide the logic and interfaces required to initiate firmware recovery.
Lattice MachXO3D – Fully Hardware Secure Root of Trust FPGA
To meet the growing demand for firmware security in various applications, Lattice has recently announced the launch of MachXO3D FPGA, the first small-size, low-power FPGA for system control applications, which can ensure system firmware security in various applications such as computing, communications, industrial control and automobiles. This new device helps OEMs prevent data theft, data tampering, design theft, product cloning, overbuilding, device tampering and hijacking by implementing a comprehensive, flexible and reliable hardware security system throughout the product life cycle.
The new MachXO3D is pin-compatible with Lattice’s popular MachXO3 series, which is widely used in various control PLD applications, and will become an important control PLD choice for implementing secure firmware applications in the Lattice product portfolio.
Simplify integration
Ensuring easy implementation of firmware security was a key consideration when designing the MachXO3D. Lattice designers wanted to make it easy for designers to use the new device. Since more than 50% of communications systems and servers use control PLDs based on the MachXO architecture, the new device is designed to be pin-compatible with the original architecture. This helps developers improve or add new security features to existing control solutions. The demand for these new security features is growing, and the popularity of the MachXO architecture has already led more than five leading server OEMs to work with Lattice on MachXO3D related designs. Because developers often use MachXO3 devices as the first components to power up and the last components to power down, they can quickly establish a root of trust and a chain of trust without having to worry about whether other components were powered up before the Lattice PLD.
Implement flexible security mechanisms and maintain system integrity
∞Most control PLDs for critical infrastructure are developed using the MachXO architecture
∞MachXO3 and MachXO3D pin compatible
∞MachXO3D is the first
∞The device that powered up and last powered down
∞ 5 server OEMs have started to adopt MachXO3D designs
Comprehensive security
1. MachXO3D encrypts the bitstream to ensure design security and prevent IP theft.
2. To protect OEM revenue and brand reputation, the device has added a security ID that can be used in conjunction with other security features for device/platform authentication.
3. Elliptic curve encryption, public key/private key function and AES encryption/decryption can effectively prevent data theft.
4. Elliptic curve verification and signature generation provide the cornerstone for verifying firmware and general data.
Reliable design that meets NIST standards
MachXO3D is designed to be very reliable and is the industry's first control FPGA that complies with NIST SP 800 193 Platform Firmware Protection and Resilience (PFR) guidelines. The device can protect non-volatile memory through access control, cryptographic detection and prevent booting from malicious code, and can recover to the latest trusted firmware when the firmware is compromised. In addition, MachXO3D can dynamically reconfigure I/O ports at any time, thereby minimizing the system's attack surface.
Flexible design implementation
Design flexibility is also a key consideration. Most of Lattice's customers want to upgrade the XO architecture after the device is deployed. This reprogrammable feature helps to dynamically control the attack surface and allows users to easily update the FPGA to address the latest firmware attacks. Therefore, Lattice designers want to ensure programmability while providing reliable security performance.
To meet this diverse demand, MachXO3D has added two key features. As part of the hardware configuration engine, the device supports code verification, ensuring that each loaded configuration has a legitimate digital signature. At the same time, MachXO3D has added additional on-chip flash memory to store two sets of device configurations at any time. This dual-boot function allows the system to use the backup configuration by default when a problem occurs.
typical application
MachXO3D is designed to address a wide range of applications across multiple markets. Potential applications include 5G wireless communications equipment such as switches and routers, servers and enterprise computers, factory automation and industrial IoT devices.
The following block diagram depicts a typical application of MachXO3D in a secure server, which includes a baseboard management controller (BMC), a main CPU, and multiple auxiliary CPUs or FPGAs. Typically, a small FPGA called the control PLD manages all reset and power control on the board. All processors boot from SPI or Quad SPI memories. Developers can now use MachXO3D as the small FPGA described above and add switches to achieve server security upgrades. This configuration allows the FPGA to boot itself, then verify each SPI memory, and then release these components to start booting (assuming the memory is good and the signature is valid). If there is a problem with the SPI memory, MachXO3D can take the next step based on user preferences, such as shutting down the system or trying to reconfigure from another source. After the system boots up, MachXO3D also monitors access to each SPI memory to prevent unauthorized writes .
Security throughout the entire life cycle
To meet the growing demand for security throughout the product lifecycle, Lattice has optimized its device production test integration process to support the use of public key cryptography to securely program devices in an unprotected environment, making each device secure throughout its lifecycle. This new capability ensures that customers' devices will remain secure from the time they leave the Lattice factory until they are scrapped.
京公网安备 11010802033920号