Lattice Semiconductor has been on quite the roll from an accelerated product roadmap and stock price standpoint the past two years under the leadership of CEO Jim Anderson. Since his arrival in September 2018, the stock is up 4X, and Lattice is churning out new products at a dizzying pace. I documented this turnaround last summer when I attended the company’s financial analyst event in New York City, back when I used to travel. The company has not slowed down since then with its new, rapid-fire strategy of product announcements, including introducing the Lattice Nexus FPGA development platform, and CrossLink-NX, the first family of FPGAs on the new Nexus platform, announcing the MachXO3D Security FPGA, and introducingnew Certus-NX FPGAs. Today, Lattice Semiconductor announced two new solutions targeted for end-to-end supply chain security management, the Lattice Sentry Solutions Stack and SupplyGuard.
A big issue with today’s supply chains
The need for end-to-end supply chain security is increasing dramatically. According to Gartner, which I don’t often agree with but do here, 70% of organizations that don’t have firmware upgrade plans in place by 2022 are at risk of a firmware vulnerability exploits. Having a static solution will not suffice in today’s complex environment, where the number of firmware attack vectors is continuing to grow. Attack vectors now include counterfeits and overbuilds, malicious peripherals, malicious backdoors and thefts, equipment hijacking, and many others. It is no longer as simple as ensuring a device is secure through manufacturing and transit. I believe organizations need reliable and dynamic firmware to protect devices through product installation and operation, and until the product reaches the end of life. It’s also worth noting that different market segments have variable security needs. For example, client computing’s security needs may not be reflective of the industrial or aerospace sectors.
The keywords echoed continuously throughout Lattice’s launch materials were ‘Dynamic Trust.’ Lattice is in the low power FPGA business, which gives the company a tremendous edge because of the ability to reprogram its FPGAs as customer needs shift. As the number of attack vectors continues to grow, I believe it puts more pressure on how dynamic the security solution needs to be to combat those attacks. The demand for a dynamic security solution is there. One that can detect threats quickly and adapt as attack vectors become more numerous and complex. The supply chain attacks that organizations solve for today will likely not be representative of what they will have to address next.
Lattice Sentry Solutions Stack
The need for solutions like Lattice Sentry comes from the number of firmware attacks that plague organizations today I outlined above. These Supply chain breaches can cost organizations time, money, and in worst-case scenarios, the loss of IP.
Sentry is Lattice’s new end-to-end supply chain protection solution. Customers that adopt Sentry will put their trust in the solution throughout the supply chain process, including manufacturing, transit, installation, system operation, and end of life of the product. The Lattice Sentry Solutions Stack umbrella includes a combination of customizable reference designs, IP, embedded software, and development tools that look to accelerate the implementation times of secure systems. All systems that implement the Sentry Solutions Stack will have to comply with NIST Platform Firmware Resiliency (PFR) Guidelines, enabling them to protect, detect, and recover firmware under attack.
Lattice Sentry will focus on solving security issues in real-time following the PFR guidelines. These solutions are reprogrammable, which means that when security threats change, so can the code within the FPGA. Lattice Sentry also helps ensure firmware integrity and repair compromised firmware in real-time, the recovery aspect of PFR. Not to mention that it can complete these actions in parallel with other tasks.
I believe the most significant value of Sentry lies in its ability to complete all three critical security functions simultaneously. Developers can create their own by threading point solutions together, but that does take a lot of time and effort, and I would say it could be insecure. As we have seen in enterprise security, the more modules that need architected, designed, developed, tested, and updated, the more inherently insecure the total solution becomes. The cost of integration is why enterprise security suites have become so popular.
Lattice says Sentry can enforce strict access on controls to all firmware while monitoring external memories and interface buses. It can autonomously authenticate firmware of protected IC’s before booting. Lastly, Sentry can restore corrupted firmware to a known good state and recover through standard authenticated firmware rollback. These functions are mission-critical in protecting the firmware of a device. The microcontroller and trusted platform module (TPM) could provide some of the lift needed to protect, detect, and recover firmware, but none of them offer the same robustness of Sentry. Unlike FPGAs, they are not parallel task optimizable architectures and require multiple clock cycles to achieve any critical task and can easily overload when attempting to manage multiple devices securely, in real-time. Unlike FPGA’s, they do not have dynamic trust and the parallel processing capabilities of an FPGA that allow real-time monitoring of several firmwares in parallel.
According to Lattice, Sentry has several security features that will automatically initiate on boot.
- Protects the platform by cryptographically authenticating firmware for each IC, before boot
- Detects attacks in real-time, before/during/after boot
- Recovers any corrupted firmware to known good state
- Sentry software on MachXO3D provides complete, validated PFR solution
The Sentry Solutions Stack will provide pre-verified and tested application demos, reference designs, and development boards that will look to accelerate time to market exponentially. Lattice Sentry marks the third solutions stack launched in 2020, which directly follows mVision and Propel.
In addition to Sentry, Lattice also announced another unique security solution called Lattice SupplyGuard. Like Sentry, SupplyGuard will target end to end supply chain security. The service seeks to provide a more cost-effective security solution to OEMs and ODMs.
The value of SupplyGuard comes from Lattice’s ability to deliver FPGAs factory-locked and ensure that they are trackable throughout the entire supply chain lifecycle. Additionally, Lattice’s novel SupplyGuard service enables secure ownership transfer of customer IP and cryptographic assets (e.g., keys) without exposing them to any of the traditional Supply Chain vulnerabilities, customers completely control, and protect these valuable items when they use SupplyGuard.
The supply chain lifecycle is vast and includes manufacturing, transit through the global supply chain, system integration and assembly, initial configuration, and deployment. The intent of devices being offered factory locked is that only authorized manufacturers will be able to build on OEM designs. SupplyGuard enables Lattice customers to use the lowest cost manufacturing process without cumbersome and risky extra security measures that competing solutions require. This should allow Lattice customers to reduce the total cost of their supply chain burdens without compromising security or trust.
What SupplyGuard allows is OEM to build their devices at an unsecured/non-trusted contract manufacturer as Lattice is a root of trust device. Providing the OEMs with a secure infrastructure will likely prevent the activation of customer IP on unauthorized components, preventing cloning or overbuilding. SupplyGuard should also protect platforms and systems against equipment hijacking and cyberattacks through securing devices against the download and insertion of Trojans, malware, and other unauthorized software.
SupplyGuard will likely lower operating costs associated with implementing a secure manufacturing process, and that is a win for Lattice and its customers.
The industries that Lattice FPGAs touch are vast, ranging from client & server computing and communications to automotive and aerospace. That wide variety of sectors drives the demand for highly customizable solutions. Lattice ensures that SupplyGuard will be highly customizable to meet different security and supply change needs across a wide variety of industries.
It is excellent to see Lattice addressing large growing markets like client computing, communications, data center, industrial, automotive, and others, in deeper and more meaningful ways. With the number of attack vectors increasing exponentially, systems must remain secure, and FPGAs appear to have many benefits with minimal downsides. This is precisely why we see many designers running to use FPGAs to secure designs versus ASICs and microcontrollers.
I believe the customizability of these new security solutions will likely help customers get to market quicker and ensure that sensitive IP remains safe throughout the product lifecycle. The security and platform-agnostic programmability of Lattice’s FPGAs will be essential to the company’s continued success. In addition to the product performing as advertised, it will be necessary for Lattice to establish long term dynamic trust with its customers. Ensuring that the client’s devices are secure through every stage of the supply chain is worth the investments that Lattice is making in new security solutions like Sentry and SupplyGuard.
I look forward to hearing how Lattice customers will leverage these new security offerings.
Note: Moor Insights & Strategy writers and editors may have contributed to this article.