Overview

The Lattice Sentry solutions stack delivers a robust combination of customizable embedded software, reference designs based on the Lattice MachXO3D secure control FPGA, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP 800-193). As the system controller, the MachXO3D is the first component to execute code and attest power sequencing logic at system startup, making it an ideal platform for establishing a Platform Root-of-Trust (PRoT). Thanks to the MachXO3D FPGA’s parallel processing architecture and flash memory, the device monitors for and detects attacks in real time – a truly groundbreaking innovation as real time monitoring is currently beyond the processing capabilities of competing PRoT solutions like MCUs.
Firmware is an increasingly popular attack vector; the National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent1. The NIST PFR guidelines were written to help developers understand how to protect legitimate firmware, detect unauthorized firmware, and restore compromised firmware to a known good state by establishing a PRoT. PRoT solutions validate platform firmware at boot to ensure it has not been modified illegitimately. Currently, developers with PFR design expertise are in limited supply, and OEMs requiring support for PFR often have strict time-to-market requirements that preclude developing a PFR solution from scratch. Recognizing these trends, AMI and Lattice worked together to deliver a tightly integrated, pre-validated PFR solution. It provides a robust PRoT, for real-time I2C bus and SPI monitoring of both BIOS and BMC SPIs, so from the moment a system boots all transactions over the SPI bus are monitored.