Lattice Sentry Firmware Security Solutions Stack

Additional Info

CompanyLattice Semiconductor
Websitehttp://www.latticesemi.com
Company size (employees)500 to 999

Overview

The Lattice Sentry solutions stack delivers a robust combination of customizable embedded software, reference designs based on the Lattice MachXO3D secure control FPGA, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP 800-193). As the system controller, the MachXO3D is the first component to execute code and attest power sequencing logic at system startup, making it an ideal platform for establishing a Platform Root-of-Trust (PRoT). Thanks to the MachXO3D FPGA’s parallel processing architecture and flash memory, the device monitors for and detects attacks in real time – a truly groundbreaking innovation as real time monitoring is currently beyond the processing capabilities of competing PRoT solutions like MCUs.
Firmware is an increasingly popular attack vector; the National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent1. The NIST PFR guidelines were written to help developers understand how to protect legitimate firmware, detect unauthorized firmware, and restore compromised firmware to a known good state by establishing a PRoT. PRoT solutions validate platform firmware at boot to ensure it has not been modified illegitimately. Currently, developers with PFR design expertise are in limited supply, and OEMs requiring support for PFR often have strict time-to-market requirements that preclude developing a PFR solution from scratch. Recognizing these trends, AMI and Lattice worked together to deliver a tightly integrated, pre-validated PFR solution. It provides a robust PRoT, for real-time I2C bus and SPI monitoring of both BIOS and BMC SPIs, so from the moment a system boots all transactions over the SPI bus are monitored.

How we are different

1. Sentry provides real time, dynamic protection, detection, and recovery capabilities for all system firmware in a datacenter server or other connected system.
2. Enables persistent Platform Root-of-Trust throughout the product lifecycle by enabling non-bypassable security to protect system firmware.
3. Enables recovery from Platform Denial of Service attacks due to Sentry's ability to store a "golden image" of BMC recovery code in on-chip Flash​, so if an attack is detected the system can roll back to previous "known valid" of firmware to continue system operation securely and without interrupting normal system operation.



2021_winner_gold