The solutions stack enables next-generation hardware Root-of-Trust (HRoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and supports 384-bit encryption.
This version of Lattice Sentry addresses the evolving security requirements of current and emerging server platforms by providing developers with an efficient and secure way to quickly implement enhanced system and cryptographic applications. The stack supports firmware security for the communications, computing, industrial, automotive, and smart consumer markets.
"Firmware represents a significant threat vector for computer systems, appliances, and associated infrastructure. If the first code that executes on a device when it powers on were to become compromised, then the entire system can and should no longer be trusted as secure. Firmware can be compromised through malicious attacks or unintentionally," according to the Cloud Security Industry Summit (CSIS), a group of cloud service providers working towards industry alignment on best-of-breed security solutions.
“Staying on top of evolving cybersecurity threats is a constant struggle for most organisations. To help them keep pace, Lattice is committed to the ongoing improvement of the security, performance, and ease-of-use capabilities of our Sentry stack,” said Eric Sivertson, Vice President of Security Business, Lattice Semiconductor. “With the Sentry stack, developers can easily add support for strong firmware security to system control applications based on Lattice secure control PLDs, creating a platform to establish a HRoT to validate the legitimacy of all firmware instances in a system.”
Key features for Sentry 2.0 include:
• Heightened security – The Sentry solutions stack supports the Lattice Mach-NX secure control FPGA and a secure enclave IP block that enable 384-bit cryptography (ECC-256/384 and HMAC-SHA-384) to secure Sentry-protected firmware against unauthorised access. Support for 384-bit crypto is a requirement for many next-generation server platforms.
•4x faster pre-boot authentication – Sentry 2.0 supports faster ECDSA (40 ms), SHA (up to 70 Mbps), and QSPI performance (64 MHz). These features enable Sentry 2.0 to deliver faster boot times that help minimise system down time and reduce exposure to attempted attacks on firmware during the boot process.
• Ability to monitor up to five firmware images in real-time – To further extend the PFR-compliant HRoT enabled by Lattice Sentry, the stack is capable of real-time monitoring of up to five mainboard components in a system at boot and during ongoing operation. Competing MCU-based security solutions, as an example, lack the processing performance to properly monitor that many components in real-time.