FPGA-enabled Trusted Boot is Part of Building Security Into Every Aspect of Trusted Computing Architectures

Article
Article
Article
September 25, 2019

FPGA-enabled Trusted Boot is Part of Building Security Into Every Aspect of Trusted Computing Architectures

Published in Military & Aerospace Electronics

FPGAs can defend against reverse engineering and offers capabilities such as black key storage or side channel resistant cryptography in some devices.


Embedded computing systems designers can establish enhanced trusted boot protection through use of an field-programmable gate array (FPGA)-based root of security (RoS).

An FPGA-based RoS defends against reverse engineering and offers capabilities such as black key storage or side channel resistant cryptography in some devices. It also can enable users to customize the FPGA to add in other protections to secure their system and meet specific program needs.

These enhanced protections provide the necessary hardware infrastructure to enable the RoS to interface with security sensors and processors, while maintaining the security of the system throughout the boot process.

What’s more, these enhanced trusted boot techniques provide mechanisms to ensure that any new code is authenticated prior to being stored in non-volatile memory, and that they also deliver additional trusted-computing checks and mitigations during the boot process.

An important concept in trusted computing is a holistic view, beyond just the hardware itself, with an eye to building security technologies and techniques into every aspect of the solution -- from design and testing to supply chain and manufacturing.

In other words, security doesn’t stop at the card edge. This comprehensive, end-to-end approach, often referred to as defense in depth, creates a mesh of protection layers that ensure the solution’s reliability.

At the module level, tying together as many of the available security techniques as possible, such as integrating the unique trusted boot technology on the processor with the unique trusted boot technology provided with an FPGA, enables security system engineers to realize a multiplier effect.

Here's a real-world example: in September 2019 Curtiss-Wright introduced the CHAMP-XD1S powerful digital signal processor (DSP). It features a 12 core Intel Xeon D processor, an AMD Zynq UltraScale+ multi-processor system-on-chip (MPSoC) FPGA, and a Flash-based Microchip SmartFusion2 IPMC FPGA to provide a secure processor board designed for high-performance embedded computing (HPEC) applications that must operate in harsh environments.

Read the full article here.

CHAMP-XD1S SOSA-Aligned 3U VPX Intel Xeon D Processor Card

The CHAMP-XD1S 3U VPX Intel Xeon D DSP module provides enhanced Trusted Computing features alongside leading-edge processing technology for unmatched performance.

TrustedCOTS Embedded Processor Cards

Curtiss-Wright’s TrustedCOTS embedded processor card family includes single board computers and digital signal processing engines. Designed using cutting-edge Trusted Computing techniques and mechanisms to enable the safe, reliable operation of embedded systems, our TrustedCOTS products provide confidence not only that systems are secure and un-compromised, but that critical data or IP will not benefit adversaries if hardware falls into enemy hands.

Trusted Boot

This paper focuses on establishing initial trust in the boot process and the various means to do that, although many of these same techniques are also useful for extending trust to the operating system and application code.