EDITORIAL FEATURE EXCLUSIVE
IN XO3D WE TRUST Securing circuitry for data safety
Words by Christian Lynn, editor of Electronics W
ith recent stories pertaining to Jeep and Huawei and their data breaches, the protection of information stands in the spotlight of the electronics industry. Zeroes and ones have effectively taken the form of pronouns, holding the secrets of our identities, accessible to the most dedicated decoders; the ever-present threat of this invasion of privacy beckons the call to reinforce our cyberspace protection. Amidst a busy market, one company wishes to answer the call at this most opportune moment: Lattice Semiconductor. Their latest contribution to the circuitry market aims to address these concerns over security: the MachXO3D, a field-programmable gate array, developed to safeguard against any external interference with code and data. Lattice’s solution comes as a result
of the Platform Firmware Resiliency Guidelines, which state that firmware stores must be protected to avoid the insertion of bad code: the recent attack of Asus firmware highlights the risks of any firmware corruption. In this regard, an important facet of the MachXO3D FPGA is its ability to act as root-of-trust.
DESIGNING THE DEFENCE As the “first on/last off” component on the circuit board, the Mach XO3D takes the spot of the MCU, inspecting the serial periphery interface (SPI) memories of the central processing unit (CPU), board management controller (BMC) and other respective components, for any corrupted code trying to slip into said memories. There are two core points to this design decision. Firstly, the data must pass through the XO3D as the first device on, and remains protected until it is turned off as the last device off, thus making it the port of call for rejecting rogue data streams: the circuit is secure.
6 JUNE 2019 | ELECTRONICS
Secondly, unlike a standard, serial MCU, which inspects the relevant components in turn, the Mach XO3D works parallelly: it performs its checks simultaneously. Considering the perpetuality of data and its transferences, this all-encompassing process could prove effective in handling the demands of the digital world. Despite the rigidity of this circuit
protection, one mustn’t deny developers the chance to change software, rewrite code and redesign hardware for specific applications. The pin compatibility of the Mach XO3D is significant in this regard: allowing current users of MachXO3 to retrofit security into their systems. The configuration of MachXO3 and the devices it protects can be upgraded after equipment deployment. But without forgetting the risk that this poses to the exploitation of firmware, one must assert that any changes must be approved by the FPGA first: the Mach XO3D checks access to both its own configuration and external SPI memory, for any unauthorised access during updates.
SECRET SECURITY SERVICE Speaking of memory, the FPGA is designed to support up to 2700 kilobits of user flash memory, storing security measures such as encryption keys and locks. These keys are tailored to the developer, whose signature must be inputted, in order for the FPGA to enable entry into the circuit’s memory. The Mach XO3D also has a particular feature – the embedded secure configuration engine – that allows for two FPGA specific configurations and recovery, in case of corruption. The devices can be locked with a customer specific key during manufacture, and only unlocked with this key during assembly and programming: only the most trustworthy sources can gain acccess.
Gordon Hands, director of product marketing at Lattice Semiconductor
APPLYING THE MACH XO3D The Mach XO3D appears suited to a computing application, where code is at the highest risk of intervention. But there is room for utilising this technology within telecommunications also: for 5G wireless base stations and remote radio heads as an example, both centripetal for large streams of data. Either way, the Mach XO3D looks set to integrate into the market at a key moment. With its security features, protecting both its internal configuration and the SPI memory of other system components from the insertion of bad code, circuit developers now have access to a possible solution to their current fears. As hackers develop their skills to break into advanced software, the equivalent security firmware can be installed to prevent further attacks. As Patrick Moorhead, president and founder of Moor Insights & Strategy, affirms: “Compromised firmware is particularly insidious, as it not only leaves user data vulnerable, but can also make systems permanently inoperable, disrupting the user experience and exposing OEMs to liability. FPGAs provide a compelling hardware platform choice for securing system firmware, as they’re able to perform multiple functions in parallel, identifying and responding to unauthorised firmware when detected.” “With MachXO3D,” says Gordon Hands, director of product marketing at Lattice Semiconductor: “We took care to retain flexibility, while adding a secure configuration block to deliver a control-oriented FPGA, compliant with NIST’s Platform Firmware Resilience specification.”
Lattice Semiconductor
www.latticesemi.com
/ ELECTRONICS
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44
