“In recent years, the global supply chain environment has become increasingly fragile as cyber attacks have become more rapid, precise and mercenary. The most common security threat that people are familiar with is a ransomware attack, which locks a business’s systems until they pay a certain amount of ransom. According to a 2021 study by IBM Cyber ​​Resilient Organization, 61% of respondents have experienced ransomware attacks and paid ransoms. This shows that companies need to have not only cybersecurity mechanisms, but also cyber protection resilience in order to respond quickly in the event of an attack.

“

Lattice recently co-hosted a security workshop with partner AMI that focused on cybersecurity topics such as firmware and supply chain protection in computing and data center applications.

In recent years, the global supply chain environment has become increasingly fragile as cyber attacks have become more rapid, precise and mercenary. The most common security threat that people are familiar with is a ransomware attack, which locks a business’s systems until they pay a certain amount of ransom. According to a 2021 study by IBM Cyber ​​Resilient Organization, 61% of respondents have experienced ransomware attacks and paid ransoms. This shows that companies need to have not only cybersecurity mechanisms, but also cyber protection resilience in order to respond quickly in the event of an attack.

Network security provides the basis for the realization of network protection restoration. Platform Firmware Protection Recovery (PFR) is a specific form of network protection recovery in computing. In other words, PFR is a mechanism that computing systems rely on to protect themselves and maintain their normal operation when they are attacked.

This workshop focused on how emerging security standards, such as the NIST 800-193 PFR specification and the Trusted Computing Working Group’s Cyber ​​Recovery Technical Guide (CyRes), impact the development of system protection solutions. Ultimately, these standards propose three key functions for a system to be a network protection recovery mechanism: protection, detection, and recovery. As shown in the diagram below, these functions work together to secure the system at all stages of a cyber attack.

Most organizations know the need to provide robust protection for all critical firmware, but in many cases detection and recovery capabilities are overlooked. Due to the large number of vulnerable firmware components in the system, they need to be dynamically monitored through multiple channels, while being able to respond quickly to threats as they arise. Lattice SentryTM is a ready-to-use PFR solution that enables real-time dynamic monitoring. Other primarily microcontroller-based solutions lack this real-time monitoring capability and are less secure with response times in the microsecond range.

These three functions are at the heart of Cyber ​​Protection Recovery/PFR, and a strong Hardware Root of Trust (HRoT) is required to ensure these functions are functioning properly, giving the system credibility from the start. Lattice MachXO3D™ and Mach™-NX series FPGAs are CyRes compliant hardware roots of trust. They include a dedicated hardcore security engine that can be verified and tested with a unique, immutable ID.

This session also explores how the Lattice SupplyGuard™ service leverages locking keys and protection codes to reduce the “attack surface” of ransomware at all stages of the supply chain, providing low-value attack vectors with high-value attack vectors The same level of continuous security.

Lattice’s ecosystem partner AMI showcased “AMI’s Platform Root of Trust Solution: Tektagon™ XFR,” a CPU-less host chip solution jointly developed with Lattice.

AMI highlights that the increasingly complex cyber threat landscape requires systems to meet PFR standards and describes how Tektagon XFR provides continuous runtime monitoring capabilities to secure the platform.

A solution launched in partnership with Lattice, Tektagon XFR uses Lattice FPGAs to implement a standalone HRoT, giving customers maximum design flexibility. Individually, both the Lattice Sentry solution and the AMI Tektagon XFR are capable of PFR. However, if customers only use the Sentry solution, they will need to customize the firmware, baseboard management controller (BMC) firmware and custom BIOS. If they only have Tektagon XFR from AMI, they’ll need to do their own custom logic. And as a joint solution, its overall design enables advanced PFR capabilities and extreme flexibility, reducing heavy design burdens, helping to reduce time-to-market, and providing comprehensive security features that best meet customer platform design requirements. need.

Other key features of Tektagon XFR include secure firmware updates for recovery images and DC-SCM module implementation capabilities. The motherboard design of servers is more and more inclined to adopt DC-SCM to replace the traditional single-piece motherboard design, so that the CPU/memory and security control solutions can be independently developed and innovated.