Lattice Semiconductor Corporation, the low-power programmable leader, launched Lattice Sentry 2.0, the latest version of its solutions stack for security system control. The solutions stack allows next-generation hardware Root-of-Trust (HRoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines and supports 384-bit encryption.
This new version from Lattice Sentry handles the rapidly evolving security requirements of current and emerging server platforms by facilitating developers with an efficient and secure way to quickly implement the enhanced system and cryptographic applications. The stack empowers firmware security for the communications, automotive, computing, industrial, and smart consumer markets.
As a cloud service provider group, the Cloud Security Industry Summit (CSIS) works toward industry alignment on best-of-breed security solutions. CSIS mentioned in a whitepaper it had authored collaboratively with the Open Compute Project (OCP), “Firmware represents a significant threat vector for computer systems, appliances, and associated infrastructure. If the first code that executes on a device when it powers on were to become compromised, then the entire system can and should no longer be trusted as secure. Firmware can be compromised through malicious attacks or unintentionally.”
“Staying on top of evolving cybersecurity threats is a constant struggle for most organizations. To help them keep pace, Lattice is committed to the ongoing improvement of the security, performance, and ease-of-use capabilities of our Sentry stack,” said Eric Sivertson, Vice President of Security Business, Lattice Semiconductor. “Lattice is a long-time leader in server control solutions, and Lattice control PLDs are the first-on/last-off component in many servers currently in service. With the Sentry stack, developers can easily add support for strong firmware security to system control applications based on Lattice secure control PLDs, creating an ideal platform to establish an HRoT to validate the legitimacy of all firmware instances in a system.”
The newly launched Lattice Sentry 2.0 Key features include:
- Heightened security – The Sentry solutions stack supports the Lattice Mach NX secure control FPGA and a protected enclave IP block that enables 384-bit cryptography (ECC-256/384 and HMAC-SHA-384) to secure Sentry-protected firmware against unauthorized access in a better way. Supporting 384-bit crypto is a must for many next-generation server platforms.
- 4x faster pre-boot authentication – Sentry 2.0 supports faster ECDSA (40 ms), QSPI performance (64 MHz), and SHA (up to 70 Mbps). These features allow Sentry 2.0 to deliver faster boot times to minimize system downtime and thus minimize exposure to attempted attacks on firmware during the boot process.
- Ability to monitor up to five firmware images in real-time – With the further extension of the PFR-compliant HRoT enabled by Lattice Sentry, the stack does real-time monitoring of up to five mainboard components in a system at boot and during ongoing operation. Competing MCU-based security solutions, as an example, lack the processing performance to monitor that many elements in real-time properly.