Lattice Semiconductor Corporation announced the MachXO3D FPGA for securing system firmware in a range of applications. Unsecured firmware can lead to data and IP theft, product cloning and overbuilding, and device tampering or hijacking. With MachXO3D, OEMs can implement robust, comprehensive, simple and flexible hardware-based security for all system components. MachXO3D can protect, detect and recover other components from unauthorized firmware access at every stage of a system’s lifecycle, from the point of manufacturing all the way to the system’s end of life.

Component firmware is an increasingly popular attack vector for cyberattacks. In 2018, security vulnerabilities rendered over 3 billion chips in systems of all types vulnerable to data theft via the exploitation of firmware vulnerabilities. Unsecured firmware also exposes OEMs to the financial and brand reputation risks associated with device hijacking (for use in DDoS attacks) and device tampering or destruction. Failure to address these risks can negatively impact a company’s reputation and financial performance.

Pat Moorhead, president and founder of Moor Insights, said, “Compromised firmware is particularly insidious as it not only leaves user data vulnerable, but can also make systems permanently inoperable, disrupting the user experience and exposing OEMs to liability. FPGAs provide a compelling hardware platform for securing system firmware as they’re able to perform multiple functions in parallel, making them much faster at identifying and responding to unauthorized firmware when detected.”

When used to implement system control functions, MachXO3 FPGA devices are typically the “first-on/last-off” component on circuit boards. By enabling the addition of security functions to system control components, the MachXO3D simplifies secure system development by maximizing the time during boot-up and boot-down cycles when security functions are operational.

The device is also the industry’s first control-oriented FPGA compliant with the new NIST PFR (Platform Firmware Resiliency) guidelines by protecting non-volatile memory through access control, cryptographically detecting and preventing boot from malicious code.

“The embedded security block are all hardened as part of the new architecture,” states Deepak Boppana, Sr. Director of Segment & Solutions Marketing at Lattice Semiconductor. “The key piece is the dual boot PFR  function accomplished with the use of a dual-embedded Flash function. If it is necessary to recover back to the original firmware, the second flash configuration helps to restore the FPGA to the original image in the event of a hack.”

With MachXO3D, Lattice is enhancing the device configuration and programming steps in the manufacturing process. These enhancements, in combination with MachXO3D’s security features, protect systems by securing communication between the MachXO3D and legitimate firmware providers. This protection is in effect throughout the component’s entire lifecycle, including system manufacture, transit, installation, operation and decommissioning. According to Symantec, there was a 78 percent increase in supply chain-related attacks between 2017 and 2018.

Key features of the new MachXO3D include:

• Control function FPGA that provides 4K and 9K look-up tables for implementing logic that instantly configures at power up from on-device flash memory
• On-device regulator for single 3.3-volt power supply operation
• Support for up to 2700 Kbits of user Flash memory and up to 430 Kbits sysMEM embedded block RAM to provide more flexible design options
• Up to 383 IO, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a wide variety of system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate
• Embedded Security Block that provides pre-verified hardware support for cryptographic functions such as ECC, AES, SHA, and PKC
• Embedded Secure Configuration Engine to ensure only FPGA configurations from a trusted source can be installed
• Dual on-device configuration memories to enable fail-safe reprogramming of component firmware in the event of compromise.

Customers can upgrade current systems seamlessly as the MachXO3D is pin-compatible with previous generations. Samples are available now.