A trustworthy solution for end-to-end supply chain protection

Lattice explains how its SupplyGuard service preserves trust throughout unprotected supply chains by protecting against counterfeiting, overbuilding and trojan insertion.

Lattice has launched its Sentry solutions stack and SupplyGuard supply chain protection service. Sentry stack comprises customizable embedded software, reference designs, IP and development tools to implement secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193). SupplyGuard extends this protection throughout the supply chain by delivering factory-locked devices protected from attacks like cloning and malware insertion. Application areas include communications, datacentre, industrial, automotive, aerospace and client computing.

The security paradigm is changing and firmware is an increasingly popular attack vector. The National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 per cent. Protecting systems against unauthorised firmware access requires dynamic, persistent, real-time hardware platform security for all connected devices. This includes securing component firmware from unauthorised access.

Lattice’s VP of security business, Eric Sivertson, said: “To provide them with peace of mind in a constantly changing and increasingly risky supply chain environment, Lattice developed our SupplyGuard service to help our customers securely provision their devices while lowering their overall costs. With Sentry and SupplyGuard, Lattice delivers comprehensive, truly parallel, nanosecond reactive, next-generation security to enable dynamic trust for our customers and the users of their products.”

The Sentry stack provides a pre-verified, NIST-compliant PFR implementation that enforces strict, real-time access controls to all system firmware during and after system boot. If corrupt firmware is detected, Sentry can automatically rollback to a previously known good state version of the firmware so secure system operation continues without interruption.

Compliance with latest NIST SP-800-193 standard and CAVP certifications, the stack enables implementation of a hardware RoT through its support for the cryptographically-sound Lattice MachXO3D family of FPGAs.

SupplyGuard is a subscribed service that offers OEMs and ODMs peace of mind by tracking locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport through the global supply chain, system integration and assembly, initial configuration, and deployment.

The service ensures only authorised manufacturers can build an OEM’s design, regardless of their location. It provides OEMs with a secure key infrastructure to prevent the activation of their IP on unauthorised components to stop product cloning and overbuilding.

SupplyGuard secures devices against the download and installation of trojans, malware, or other unauthorised software to protect platforms and systems against equipment hijacking or other cyberattacks. The service can be customised to meet the specific security and supply chain needs of OEMs in different industries. Lattice states the service lowers the operating costs associated with implementing a secure manufacturing ecosystem.