Microsemi proposes SmartFusion FPGAs as secure-boot vehicle for connected systems

February 11, 2014 // By Graham Prophet
Reference designs aim to enable FPGA-based Root-of-Trust solution for embedded systems, adding security to connected devices.

Microsemi has built an FPGA-based Secure Boot Reference Design for embedded microprocessors, using security features integrated in its SmartFusion2 SoC FPGAs, to securely boot any application processor in an embedded system, and to ensure that processor code can be trusted during execution. This allows applications running on the securely booted processor to extend that trust to their system and to other connected systems.

Microsemi’s reference design implements a “chain of trust” process. At each stage of the boot-process through to the top application layer, each subsequent boot phase is validated by the previously trusted code before further code execution is allowed.

The SmartFusion2 SoC FPGA incorporates a number of security features including on-chip oscillators, accelerators for cryptographic services, secure key storage, a true random number generator, on-chip boot code storage in secure embedded flash memory (eNVM) and at-speed serial peripheral interface (SPI) flash memory emulation to enable a secure boot of an external processor at speed. The devices also claim stronger design security than other FPGAs and include differential power analysis-resistant (DPA) anti-tamper measures using technology licensed from Cryptography Research (CRI).

The reference design also provides a public instance of Microsemi’s WhiteboxCRYPTO security product, which enables transport of a symmetric encryption key in a plain text environment through complex algebraic decomposition of the crypto key and strong obfuscation.

The company says that its techniques ( diagram, above ) have the property that the key is, “never present in static or runtime memory. Rather, the key becomes an inert collection of data that is useless without the uniquely generated whitebox algorithm that knows how to use that data to achieve the same output as the classical crypto counterpart.”

A graphical user interface (GUI) device allows users to encrypt their application code for subsequent programming into an SPI flash and decryption in the host processor for execution. In addition, a complete user’s guide assists developers with implementing secure boot capabilities in their