Denisismagilov |
Security Digital Promo

Pre-Boot Security Gets More Secure

March 12, 2021
Lattice Semiconductor takes its Sentry security solution to the next level, with boot times improving by up to 400%.

This article appears in Top Stories of the WeekEmbedded World 2021

This article is part of the TechXchangeCybersecurity

Lattice Semiconductor has been shipping the initial version of its Sentry pre-boot security solution for a while now, but heightened security requires even more robust hardware support. Its Mach-NX secure FPGA platform implements Sentry version 1. The new Sentry 2.0 (Fig. 1) provide enhancements to all aspects of the system. This includes support for 384-bit elliptical curve cryptography (ECC) while significantly increasing Elliptic Curve Digital Signature Algorithm (ECDSA) speed. SHA hashing speed has more than quadrupled.

The Sentry system is designed to monitor serial interface memories that are used to boot a system. Such pre-boot checking is independent of the host, providing a more secure environment. A single Sentry system can handle multiple devices (Fig. 2). The latest version supports 64-MHz quad SPI (QSPI) interfaces, and internal and external switch support has been added. The system can now handle five devices. In addition, the block/allow list size was doubled.

This translates into a more secure system as well as faster boot times—up to 400% improvement. Sentry 2.0 continues to support monitoring before, during, and after a system utilizes the serial memory for its initial boot. Like version 1.0, this latest version can recover from corrupted firmware by replacing the memory contents from a known-good source. The system is designed to meet NIST-compliant platform firmware resiliency (PFR).

Read more articles at the TechXchange: Cybersecurity


To join the conversation, and become an exclusive member of Electronic Design, create an account today!