Design security is a major focus of Microsemi’s update to its Igloo series of field-programmable gate arrays (FPGAs), adding features to support secure boot for external processors and to protect IP loaded into its configuration cells.
Like its predecessors, the Igloo2 is based on flash memory rather than the SRAM configuration cells used by Altera, Lattice and Xilinx and provides a capacity upgrade for the existing Igloo and ProASIC3 products.
“Igloo2 doesn’t replace Igloo and ProASIC3, it complements them,” said Paul Ekas, vice president of marketing at Microsemi’s SoC operation. “It has five times the capacity we had before, with an all-new core fabric based on a four-input lookup table with carry logic.”
The flash-based Igloo2 devices borrow some of the security features of the ARM processor-based Smartfusion 2 family, principally the AES encryption engine and key storage, and adds a hardwired memory and peripheral subsystem built around the ARM Amba bus. The device’s primary competition are the Cyclone devices from Altera and Xilinx’ Artix and Spartan families and, like later members of those families, provides a number of 5Gbit/s serializer/deserializer (serdes) channels.
As with the Igloo family, the Igloo2 supports the power-saving FlashFreeze function, which stores register contents into on-chip flash so that the volatile portions of the device are powered down. If the PLL driving the clock remains on, the Igloo2 will wake up again in 15µs.
To protect configuration data and user designs, the company has licensed reverse-engineering countermeasures from CRI. These are designed to prevent hackers from obtaining the secret key that can be used to lock configuration data inside the flash-based FPGA.
By providing secure key storage, Microsemi claims the Igloo2 can be used as the root-of-trust for a computer system, supporting functions such as secure boot. “Our device acts like an SPI boot device,” said Ekas. “The processor reaches out to the SPI device at boot but ours will provide the initial boot code, which can be updated securely. After the initial boot, the next step is to provide code from an actual SPI but this is actually encrypted code that is decrypted for the processor by our device. The processor also does some authentication with the FPGA to make sure it has booted with the right code by performing a challenge-response sequence.
“If our device doesn’t get the right responses from the processor it can shut the board down,” Ekas added. “So, it can respond accordingly if something is attacking the processor or the board and shut it down.”
Ekas said the use of external hardware to support secure boot will make more sense for many computer makers as it avoids the need to modify the operating system. “The software is often the bottleneck because it’s so hard to make software work across different platforms,” he added.