• Resources
  • Directory
  • Webinars
  • CAD Models
  • Video
  • Blogs
  • EDGE Awards
  • Advertise
    • Denisismagilov | Dreamstime.com
    Security Digital Promo 603d3c622d1b5
    1. Markets
    2. Automation

    Pre-Boot Security Gets More Secure

    March 12, 2021
    Lattice Semiconductor takes its Sentry security solution to the next level, with boot times improving by up to 400%.
    Related To: Electronic Design

    This article appears in Top Stories of the WeekEmbedded World 2021

    This article is part of the TechXchangeCybersecurity

    Lattice Semiconductor has been shipping the initial version of its Sentry pre-boot security solution for a while now, but heightened security requires even more robust hardware support. Its Mach-NX secure FPGA platform implements Sentry version 1. The new Sentry 2.0 (Fig. 1) provide enhancements to all aspects of the system. This includes support for 384-bit elliptical curve cryptography (ECC) while significantly increasing Elliptic Curve Digital Signature Algorithm (ECDSA) speed. SHA hashing speed has more than quadrupled.

    1. Sentry 2.0 extends security and performance across the board.
    1. Sentry 2.0 extends security and performance across the board.

    The Sentry system is designed to monitor serial interface memories that are used to boot a system. Such pre-boot checking is independent of the host, providing a more secure environment. A single Sentry system can handle multiple devices (Fig. 2). The latest version supports 64-MHz quad SPI (QSPI) interfaces, and internal and external switch support has been added. The system can now handle five devices. In addition, the block/allow list size was doubled.

    2. Lattice Semiconductor’s Sentry system is designed to monitor serial boot memories.
    2. Lattice Semiconductor’s Sentry system is designed to monitor serial boot memories.

    This translates into a more secure system as well as faster boot times—up to 400% improvement. Sentry 2.0 continues to support monitoring before, during, and after a system utilizes the serial memory for its initial boot. Like version 1.0, this latest version can recover from corrupted firmware by replacing the memory contents from a known-good source. The system is designed to meet NIST-compliant platform firmware resiliency (PFR).

    Read more articles at the TechXchange: Cybersecurity

    About the Author

    William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

    I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

    You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

    Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

    You can visit my social media via these links:

    I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

    I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

    Email

    Continue Reading

    Sponsored Recommendations

    Comments

    To join the conversation, and become an exclusive member of Electronic Design, create an account today!