The new Lattice Mach-NX FPGA family from Lattice Semiconductor packs a range of features for cyber security applications. This is second-generation version of Lattice' secure control FPGAs after its earlier version called MachXO3D family launched in 2019. Mach-NX FPGAs with logic up to 11K LCs and high I/O count of up to 379, is designed to be power-efficient to implement a real-time Hardware Root-of-Trust (HRoT) on servers and other computers, communication systems, industrial and automotive systems.
“The race is on between bad actors trying to exploit firmware vulnerabilities and developers designing server platforms with the security features and performance to stop them,” said Patrick Moorhead, president and founder of Moor Insights & Strategy. “Protecting systems better requires a real-time HRoT with support for stronger cryptography algorithms like ECC 384 and new, robust data security protocols like SPDM. I believe technologies like Lattice’s Mach FPGA families can simplify and accelerate implementation of these technologies for server OEMs looking to better secure their platforms against cyberattack and IP theft.”
Esam Elashmawi, Chief Strategy and Marketing Officer at Lattice, added: “Securing systems against unauthorized firmware access goes beyond establishing a HRoT at boot. It also requires that components used to build the system are not compromised as they move through the global supply chain. When combined with the additional protection afforded by our SupplyGuard security service, Lattice Mach-NX FPGAs can protect a system throughout its entire lifecycle: beginning at the time components start moving through the supply chain, through initial product assembly, end-product shipping, integration, and throughout the product’s operational lifetime.”
The key features include:
1. Firmware securing Secure enclave (an advanced, 384-bit hardware-based crypto engine supporting reprogrammable bitstream protection) with a logic cell (LC) and I/O block to do system control functions such as power supply management and fan on/off and speed control.
2. Verification and installation of OTA firmware updates.
3. Parallel processing capability and dual-boot flash memory configuration feature enable instant response detecting and recovering from attacks, which Lattice claims a far better performance compared to microcontroller based HRoT platforms.
4. Mach-NX FPGAs to support the Lattice Sentry solutions stack. Sentry solutions stack is a package of customizable embedded software, reference designs, IP, and development tools to speed up the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193).
5. 384-bit hardware crypto engine supports cryptography and security protocols like ECC 384, NIST SP-800-193 and MCTP-SPDM.
6. supported by the Lattice SupplyGuard supply chain security subscription service which tracks locked Lattice FPGAs through their entire lifecycle, where they have born, how they physically moved in the global supply chain, system integration and assembly, initial configuration, and deployment.
Lattice is also offering graphic user interface based Lattice Propel design environment to design a customized, PFR-compliant HRoT solution with less need to write RTL code.