Component firmware is an increasingly popular attack vector for cyberattacks. According to a report in “MIT Technology Review,” security vulnerabilities rendered over 3 billion chips in systems of all types open to data theft via the exploitation of their firmware1. Unsecured firmware also exposes OEMs to the financial and brand reputation risks associated with device hijacking (for use in DDoS attacks) and device tampering or destruction. Failure to address these risks can negatively impact a company’s reputation and financial performance.
According to Patrick Moorhead, president and founder of Moor Insights & Strategy, “Compromised firmware is particularly insidious as it not only leaves user data vulnerable, but can also make systems permanently inoperable, disrupting the user experience and exposing OEMs to liability. FPGAs provide a compelling hardware platform choice for securing system firmware as they’re able to perform multiple functions in parallel, making them much faster at identifying and responding to unauthorized firmware when detected.”
When used to implement system control functions, MachXO3 FPGA devices are typically the “first-on/last-off” component on circuit boards. By integrating security and system control functions, the MachXO3D becomes the first link in a chain of trust that protects entire systems.
With MachXO3D, Lattice is enhancing the device configuration and programming steps in the manufacturing process. These enhancements, in combination with MachXO3D’s security features, protect systems by securing communication between the MachXO3D and legitimate firmware providers. This protection stays in effect throughout the component’s entire lifecycle, including system manufacture, transit, installation, operation and decommissioning. According to Symantec, there was a 78 percent increase in supply chain-related attacks between 2017 and 20182.
“System developers commonly take advantage of FPGA flexibility to enhance system functions after deployment,” said Gordon Hands, Director of Solutions Marketing, Lattice Semiconductor. “With MachXO3D, we took care to retain that flexibility while adding a secure configuration block to deliver the industry’s first control-oriented FPGA compliant with NIST’s Platform Firmware Resilience specification.”
Key features of the new MachXO3D include:
- Control function FPGA that provides 4K and 9K look-up tables for implementing logic that instantly configures at power up from on device flash memory
- On-device regulator for single 2.5/3.3-volt power supply operation
- Support for up to 2700 Kbits of user Flash memory and up to 430 Kbits sysMEM™ embedded block RAM to provide more flexible design options
- Up to 383 I/Os, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a wide variety of system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate
- Embedded security block that provides pre-verified hardware support for cryptographic functions such as ECC, AES, SHA, PKC and Unique Secure ID
- Embedded secure configuration engine to ensure only FPGA configurations from a trusted source can be installed
- Dual on-device configuration memories to enable fail-safe reprogramming of component firmware in the event of compromise
Samples are available. For more information about MachXO3D, please visit http://www.latticesemi.com/MachXO3D.
About Lattice Semiconductor
Lattice Semiconductor (NASDAQ: LSCC) is the low power programmable leader. We solve customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets. Our technology, long-standing relationships, and commitment to world-class support lets our customers quickly and easily unleash their innovation to create a smart, secure and connected world.
Lattice Semiconductor Corporation, Lattice Semiconductor (& design) and specific product designations are either registered trademarks or trademarks of Lattice Semiconductor Corporation or its subsidiaries in the United States and/or other countries. The use of the word “partner” does not imply a legal partnership between Lattice and any other entity.
GENERAL NOTICE: Other product names used in this publication are for identification purposes only and may be trademarks of their respective holders.
1 Giles, M. (2018, Jan. 5). At Least 3 Billion Computer Chips Have Spectre Security Hole, MIT Technology Review. Retrieved from https://www.technologyreview.com/s/609891/at-least-3-billion-computer-chips-have-the-spectre-security-hole/
2 Symantec. (2018, February). ISTR: Internet Security Threat Report. Retrieved from https://www.symantec.com/security-center/threat-report?om_ext_cid=biz_vnty_istr-24_multi_v10195