Lattice Sentry Solution Stack

Additional Info

CompanyLattice Semiconductor
Websitehttps://www.latticesemi.com/
Company size (employees)500 to 999
Type of solutionSoftware

Overview

Since its introduction in 2020, the Lattice Sentry solution stack has helped minimize in-system firmware attack vulnerabilities by providing real-time, dynamic protection, detection, and recovery capabilities to all programmable components in a system. Currently in its third iteration (version 2.1), Lattice Sentry now supports Lattice’s newest security-focused FPGAs, MachTM-NX, and includes key functionality to help its system design customers stay one step ahead of the ever-evolving cybersecurity threat landscape.

The Lattice Sentry solution stack consists of a complete reference platform, fully validated intellectual property (IP) building blocks, easy to use FPGA design tools, reference design/demonstrations, as well as a network of custom design services. Together, these form a comprehensive set of tools to help systems developers more easily design with security in mind and get to market quickly. In many instances, a fully functioning PFR solution can be developed by modifying the included RISC-V C source code. Yet, developers who wish to create additional RTL logic to supplement the functionality can do so using the included Lattice Diamond® and Lattice Propel™ software tools.

The latest iteration of the Sentry stack builds on the capabilities and features of the original, focusing on enhanced security for servers and datacenters as a key attack vector with the rising popularity of Cloud computing. The solution stack enables next-generation hardware Root-of-Trust (HRoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and supports 384-bit encryption. This new version of Lattice Sentry addresses the rapidly evolving security requirements of current and emerging server platforms by providing developers an efficient and secure way to quickly implement enhanced system and cryptographic applications. The stack supports firmware security for the Communications, Computing, Industrial, Automotive, and Consumer markets.

How we are different

• Heightened security – Now supporting the Lattice Mach™-NX secure control FPGA family launched in December 2020 (in addition to pre-existing support for Lattice MachXO3D™ secure FPGAs), and a secure enclave IP block that enables 384-bit cryptography (ECC-256/384 and HMAC-SHA-384) to better secure Sentry-protected firmware against unauthorized access. Support for 384-bit crypto is a requirement for many next-generation server platforms.
• 4x faster pre-boot authentication – Sentry 2.1 supports faster ECDSA (40 ms), SHA (up to 70 Mbps), and QSPI performance (64 MHz), enabling faster boot times that help minimize system down time and reduce exposure to attempted attacks on firmware during the boot process.
• Ability to monitor up to five firmware images in real-time – To further extend the PFR-compliant HRoT enabled by Lattice Sentry, the stack is capable of real-time monitoring of up to five mainboard components in a system at boot and during ongoing operation. Competing MCU-based security solutions, as an example, lack the processing performance to properly monitor that many components in real-time.