Overview

To help developers combat the evolving cybersecurity threat landscape, in 2020 Lattice introduced a revolutionary supply chain security service called Lattice SupplyGuard™ to help ensure the security of its field programmable gate arrays (FPGAs) from factory birth to end of life.

The Lattice SupplyGuard service is an end-to-end supply chain security service providing customers with factory-locked integrated circuits (ICs) that only they can unlock & program. This service helps make the FPGA more copy-and tamper-resistant. Using Lattice SupplyGuard, developers can protect their products across the entire supply chain through secure key provisioning and device ownership transfer performed in a secure, customer controlled fashion, differentiating it from other currently available provisioning solutions, which don’t give the customer such control.

The process begins with Lattice’s assignment of a customer-specific part number to the FPGA. Each customer-specific FPGA is programmed at the factory with customized, cryptographic credentials that allow only the customer to program the FPGA using a configuration bitstream and authentication keys. The chips depart the factory completely locked and Lattice SupplyGuard maintains trust and protection as the locked FPGAs move through the supply chain using common carriers and when systems are assembled in third-party factories. Only the customer has the required credentials to unlock the FPGA . Lattice generates these unlock credentials using certified Hardware Security Modules (HSMs) and provides them to the customer, who then uses their own HSM to decrypt the credentials. The customer’s HSM alone have the credentials needed to encrypt and sign the customer’s customized configuration bitstream and authentication keys. To ensure further protection, the customer’s intellectual property (IP) and cryptographic keys are never exposed to Lattice or the supply chain in any form, they always remain fully under the customer’s control.