The Sentry stack is a combination of customisable embedded software, reference designs, IP, and development tools that look to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193).
The SupplyGuard service extends the system protection provided by the Sentry stack throughout the supply chain by delivering factory-locked devices to protect them from attacks like cloning and malware insertion, and enables secure device ownership transfer. These hardware security solutions are increasingly important to a range of applications, including communications, datacentre, industrial, automotive, aerospace, and client computing.
According to Patrick Moorhead, president and founder of Moor Insights & Strategy, “5G, Edge computing, and IoT are accelerating the pace at which devices are becoming connected, and security concerns are on the rise among high-tech OEMs serving every market. Developers need to know their hardware platforms are secured against cyberattack and IP theft. They need security solutions that support comprehensive protection throughout a product’s entire operating life in the field, which means the solution must be able to dynamically adapt to an evolving threat landscape.”
“Lattice continues to execute to our solutions stack roadmap and strategy to provide our customers with easy to use, system-level solutions for key focus applications. The Lattice Sentry solutions stack makes it easy for customers to implement a hardware Root-of-Trust (RoT)-based PFR solution compliant with the NIST SP-800-193 guidelines,” said Deepak Boppana, Sr. Director, Segments and Solutions Marketing, Lattice. “With Sentry’s validated IPs, pre-verified reference designs, and hardware demos, developers can quickly customize the PFR solution by modifying the C code provided with the RISC-V and Propel design environment to cut time-to-market from ten months to just six weeks.”
Firmware is an increasingly popular attack vector and, according to the National Vulnerability Database, between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent.
Protecting systems against unauthorised firmware access requires dynamic, persistent, real-time hardware platform security for all connected devices. This includes securing component firmware from unauthorised access and enabling the system to automatically protect, detect, and recover from an attack in an instant. TPM and MCU-based hardware security solutions use serial processing and, as a result, are unable to deliver the real-time performance that parallel processing solutions like FPGAs can.
“Lattice developed our SupplyGuard service to help our customers securely provision their devices while lowering their overall costs,” said Eric Sivertson, Vice President of Security Business, Lattice. “With Sentry and SupplyGuard, Lattice delivers comprehensive, truly parallel, nanosecond reactive, next-generation security to enable dynamic trust for our customers and the users of their products.”
Key features of the Lattice Sentry solutions stack include:
· Hardware security capabilities – the Sentry solutions stack provides a pre-verified, NIST-compliant PFR implementation that enforces strict, real-time access controls to all system firmware during and after system boot. If corrupt firmware is detected, Sentry can automatically rollback to a previously known good state version of the firmware so secure system operation continues without interruption.
· Compliance with latest NIST SP-800-193 standard and CAVP certifications – the stack enables implementation of a hardware RoT through its support for the cryptgraphically-sound Lattice MachXO3D™ family of FPGAs.
· Ease of use – developers can drag-and-drop Sentry’s validated IPs and modify the included RISC-V C reference code in the Lattice Propel design environment without any prior FPGA experience.
· Rapid time-to-market – the Sentry stack provides pre-verified and tested application demos, reference designs, and development boards that can slash development times for PFR applications from ten months to just six weeks.
· Flexible, platform-agnostic security solution – Sentry offers comprehensive, real-time PFR support for firmware and programmable peripherals. It can act as a RoT in a system and/or complement any existing BMC/MCU/TPM-based architecture for full NIST SP-800-193 compliance.
The Lattice SupplyGuard is a subscribed service that tracks locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport through the global supply chain, system integration and assembly, initial configuration, and deployment.
SupplyGuard also helps protect OEMs by ensuring only authorised manufacturers can build an OEM’s design, regardless of their location; providing OEMs with a secure key infrastructure to prevent the activation of their IP on unauthorised components to stop product cloning and overbuilding; and secures devices against the download and installation of Trojans, malware, or other unauthorised software to protect platforms and systems against equipment hijacking or other cyberattacks.
SupplyGuard is also highly customisable and is able to meet the specific security and supply chain needs of OEMs in all industries Lattice serves. The service lowers the operating costs associated with implementing a secure manufacturing ecosystem.