CAVP validates that critical MachXO3D cryptographic algorithms are compliant with Federal Information Processing Standards (FIPS), the US federal government’s standard for cryptographic software.
By complying with both the CAVP and NIST’s Platform Firmware Resilience specifications, the MachXO3D FPGA’s security mechanisms can protect, detect and recover the device and other system components from unauthorised firmware access throughout its entire operating life. That includes the device’s initial integration, system shipment, installation and its entire operational life.
“Securing hardware against unauthorised access is critical to preventing the potentially catastrophic damage caused by data and design theft, product cloning and overbuilding, and device tampering or hijacking. However, as the threat landscape is constantly evolving, it’s difficult for OEMs to confirm their system’s hardware is truly protected,” said Jim Tavacoli, Senior Director of Product Marketing, Lattice Semiconductor. “By obtaining CAVP certification for our MachXO3D FPGAs, Lattice addresses many of the hardware security concerns the industrial, automotive and computing markets currently face by assuring OEMs that their systems are protected by cryptographic solutions independently confirmed to be compliant with stringent US government regulations.”
Key features of the MachXO3D include:
- Up to 9K look-up tables for implementing logic that instantly configures at power up from on device flash memory
- On-device regulator for single 2.5/3.3-volt power supply operation
- Support for up to 2700 Kbits of user Flash memory and up to 430 Kbits sysMEM embedded block RAM to provide more flexible design options
- Up to 383 I/Os, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a wide variety of system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate
- Embedded security block that provides pre-verified hardware support for cryptographic functions such as ECDSA256, ECIES, AES, SHA, HMAC, TRNG, Unique Secure ID and Public/Private Key Generation
- Embedded secure configuration engine to ensure only FPGA configurations from a trusted source can be installed
- Dual on-device configuration memories to enable fail-safe reprogramming of component firmware in the event of compromise
MachXO3D combines the design flexibility of programmable logic with a secure dual-boot configuration block to provide easy application design. It also establishes a hardware-based Root of Trust to ensure system components only boot from authorised firmware, and enables secure delivery of firmware updates in the field.