NIST security certification protects and detects MachXO3D FPGA
MachXO3D FPGAs have received the National Institute of Standards and Technology’s (NIST) Cryptographic Algorithm Validation Program (CAVP) certification. The program validates the fpga’s cryptographic algorithms comply with Federal Information Processing Standards (FIPS), the US government’s standard for cryptographic software.
Compliance with both the CAVP and NIST’s Platform Firmware Resilience specifications mean that the MachXO3D FPGA’s security mechanisms can protect, detect and recover the device and other system components from unauthorised firmware access throughout its operating life, from initial integration, through system shipment, installation and its operational life.
Securing hardware against unauthorised access protects against data and design theft, product cloning and overbuilding and device tampering or hijacking.
Jim Tavacoli, senior director of Product Marketing, Lattice Semiconductor, commented: “By obtaining CAVP certification for our MachXO3D FPGAs, Lattice addresses many of the hardware security concerns the industrial, automotive and computing markets currently face by assuring OEMs that their systems are protected by cryptographic solutions independently confirmed to be compliant with stringent U.S. government regulations.”
The company says the MachXO3D is the only FPGA on the market that combines the design flexibility of programmable logic with a secure dual-boot configuration block to provide easy application design, establish a hardware-based Root of Trust to ensure system components only boot from authorised firmware, and enable secure delivery of firmware updates in the field.
The MachXO3D includes up to 9k look-up tables for implementing logic that instantly configures at power up from on-device flash memory, on-device regulator for single 2.5 or 3.3V power supply operation, support for up to 2,700kbits of user Flash memory and up to 430kbits sysMEM embedded block RAM.
The FPGA also has up to 383 I/Os, configurable to support LVCMOS 3.3 to 1.0, and designed to integrate into a system environments with features such as hot-socketing, default pull-down, input hysteresis, and programmable slew rate.
It has an embedded security block that provides pre-verified hardware support for cryptographic functions such as ECDSA256, ECIES, AES, SHA, HMAC, TRNG, unique secure ID and public/private key generation.
Embedded secure configuration engine ensures only FPGA configurations from a trusted source can be installed and its dual on-device configuration memories enable fail-safe reprogramming of component firmware in the event of compromise, says Lattice.