This article appears in Top Stories of the Week: Embedded World 2021
This article is part of the TechXchange: Cybersecurity
Lattice Semiconductor has been shipping the initial version of its Sentry pre-boot security solution for a while now, but heightened security requires even more robust hardware support. Its Mach-NX secure FPGA platform implements Sentry version 1. The new Sentry 2.0 (Fig. 1) provide enhancements to all aspects of the system. This includes support for 384-bit elliptical curve cryptography (ECC) while significantly increasing Elliptic Curve Digital Signature Algorithm (ECDSA) speed. SHA hashing speed has more than quadrupled.
The Sentry system is designed to monitor serial interface memories that are used to boot a system. Such pre-boot checking is independent of the host, providing a more secure environment. A single Sentry system can handle multiple devices (Fig. 2). The latest version supports 64-MHz quad SPI (QSPI) interfaces, and internal and external switch support has been added. The system can now handle five devices. In addition, the block/allow list size was doubled.
This translates into a more secure system as well as faster boot times—up to 400% improvement. Sentry 2.0 continues to support monitoring before, during, and after a system utilizes the serial memory for its initial boot. Like version 1.0, this latest version can recover from corrupted firmware by replacing the memory contents from a known-good source. The system is designed to meet NIST-compliant platform firmware resiliency (PFR).
Read more articles at the TechXchange: Cybersecurity