Secure FPGA

Field-programmable gate arrays (FPGAs) offer system flexibility in the field to transfer circuitry and IP by copying configuration information. This flexibility can expose confidential IP when security is not top of mind. As an FPGA designer it is critical to prevent unauthorized cloning or overbuilding of the design. To protect IP it is important to consider root of trust, device tampering and secure communications.

As FPGA products and designs have become more complex, the potential for malicious attacks has increased over time. Ways to secure devices during programming and while deployed are critical for customer success. Intel has responded to these challenges by implementing the Secure Device Manager (SDM) feature in many of their FPGAs. The SDM is a microprocessor block that provides a fully-authenticated, customizable configuration. It is comprised of several security features, including sector-based security, flexible key management, and remote command authentication. The SDM allows users to implement the most robust, most effective security configuration for their design every time. To learn more, see Intel’s white paper on the SDM below:

Even for smaller, simpler FPGAs, security concerns are a very real thing. Historically, most FPGA security features have been targeted at the biggest and most complex devices, but even smaller devices need security today. The MachXO3D provides many security features at a low cost for applications such as secure servers, chain of trust implementation, and more. It sports an integrated hardware root-of-trust and pre-verified cryptographic functions, such as unique secure ID and public/private key generation. On-device dual boot flash removes the need for external memory for configuration and allows for fail-safe programming. This can help prevent attacks were a bad actor is trying to steal IP are create vulnerabilities by intercepting the communications for external memory. These features protect devices through the entire product lifecycle. Watch the video below to learn more.

Overbuilding is a potential security risk that original equipment manufacturers (OEMs) regularly face today. Overbuilding is when contract manufacturers produce more units than ordered and sell these surplus units illegally. With all the design IP available at the contract manufacturer, preventing this can be difficult, resulting in a potential loss of sales and reputation.

This problem can be eliminated by using Microsemi’s Security Production Programming Solution, which is comprised of certified hardware security modules (HSMs), custom firmware, and state-of-the-art security protocols built into every Microsemi FPGA. Customers can specify how many devices to be programmed and who has the authority to program these devices, removing the possibility of overbuilding. Watch the video below to learn more: