FPGA-enabled trusted boot is part of building security into every aspect of trusted computing architectures
ASHBURN, Va. – Embedded computing systems designers can establish enhanced trusted boot protection through use of an field-programmable gate array (FPGA)-based root of security (RoS).
An FPGA-based RoS defends against reverse engineering and offers capabilities such as black key storage or side channel resistant cryptography in some devices. It also can enable users to customize the FPGA to add in other protections to secure their system and meet specific program needs.
These enhanced protections provide the necessary hardware infrastructure to enable the RoS to interface with security sensors and processors, while maintaining the security of the system throughout the boot process.
What’s more, these enhanced trusted boot techniques provide mechanisms to ensure that any new code is authenticated prior to being stored in non-volatile memory, and that they also deliver additional trusted-computing checks and mitigations during the boot process.
An important concept in trusted computing is a holistic view, beyond just the hardware itself, with an eye to building security technologies and techniques into every aspect of the solution -- from design and testing to supply chain and manufacturing.
In other words, security doesn’t stop at the card edge. This comprehensive, end-to-end approach, often referred to as defense in depth, creates a mesh of protection layers that ensure the solution’s reliability.
At the module level, tying together as many of the available security techniques as possible, such as integrating the unique trusted boot technology on the processor with the unique trusted boot technology provided with an FPGA, enables security system engineers to realize a multiplier effect.
Here's a real-world example: in September 2019 Curtiss-Wright introduced the CHAMP-XD1S powerful digital signal processor (DSP). It features a 12 core Intel Xeon D processor, a Xilinx Zynq UltraScale+ multi-processor system-on-chip (MPSoC) FPGA, and a Flash-based Microsemi SmartFusion2 IPMC FPGA to provide a secure processor board designed for high-performance embedded computing (HPEC) applications that must operate in harsh environments.
Related: Trusted computing and the challenges of cryptographic algorithms in quantum computing
To protect against malicious attacks and reverse engineering, the board incorporates data security, including cyber security and physical protection. Its built-in advanced security features include enhanced trusted boot capabilities like FPGA-based authenticated boot code.
The board supports the Intel TXT secure boot technology, and also can support UEFI secure boot via the operating system. This module features additional protection that uses the physically unclonable function (PUF), which resides in the on-board MPSoC FPGA, to authenticate the boot code.
The PUF, only available in Xilinx Zynq UltraScale+ devices, provides a unique identifier associated only with one piece of silicon. The PUF, which takes advantage of silicon variations unique to Zynq UltraScale+ devices, generates a cryptographically strong encryption key unique to that device.
The resulting key is unreadable by anyone, including the user, and can be used in combination with the FPGA’s built-in advanced encryption standard (AES) cryptographic core. The PUF, in addition to generating the encryption key, also generates the helper that enables the PUF to regenerate the encryption key later to provide a heightened level of key security.
Use of the PUF makes it essentially impossible for a malicious actor to spoof, clone, or change the FPGA, since the system would not be able to recognize the device with its altered PUF value. The unique identifier signature can be a seed for encryption and for authenticating the boot image and boot code for the FPGA. Even better, the authentication can be extended to protect other portions of the system, including other boot artifacts apart from the FPGA itself.
Two FPGAs are better than one. In addition to the module’s MPSoC FPGA, the board also features a Microchip SmartFusion 2 FPGA which provides not only health and management, but also integrates additional security functions.
The SmartFusion 2 FPGA is a flash-based FPGA, rather than SRAM-based like the Xilinx MPSC. It can be encrypted, and has its own set of internal protections to provide the user with two different types of FPGA technologies.
This new board also features a rev 2.0 Trusted Platform Module (TPM) security chip that uses cryptographic methods to ensure platform integrity throughout the entire boot process until applications are running. The TPM often functions as the basis for supporting Intel TXT but more generically, it manages and generates keys. TPM 2.0, compared to earlier versions, has updated and additional cryptographic algorithms, providing trusted computing designers with more flexibility. It also supports several different cryptographic keys, rather than just one. Users also can use the TPM’s security features post-boot as well.
Due to sensitive nature of trusted computing design, it is not possible publicly to discuss all of the security capabilities and features built into the CHAMP-XD1S. It is important to note, though, that the security architecture is designed with flexibility as a core requirement, so that customers can add their own unique capabilities as needed.
To ease that process, the board comes with an FPGA toolkit that enables customers to add in their own custom security capabilities or additional enhanced security capabilities provided by Curtiss-Wright or even other third parties. For example, we develop additional IP that can be integrated into the FPGA to further enhance secure boot and trusted computing operation beyond what is available off-the-shelf from the device vendors.
Related: Cryptography in trusted computing: an introduction to secure hashing
While it’s important for security designers to understand and implement each of the available individual security approaches available with their hardware, it’s also important that they consider how implementing several different approaches, and tying them together, can deliver a multiplier effect. Of course, all correct hardware architecture guidance must be followed, but when done correctly, the whole is truly greater than the sum of the parts.
Denis Smetana is senior product manager of digital signal processing (DSP) products at the Curtiss-Wright Corp. Defense Solutions division in Ashburn, Va. Contact him by email at [email protected].