begins executing internal boot code

from a hardwired location within

the internal boot ROM. The ISBC

is inherently trusted. It confirms

the binding of the public key to the

device, validates the digital signature

of the ESBC, validates the ESBC

image, and confirms that the first

instruction falls within the validated

range and executes.

External Secure Boot Code (ESBC)

Phase:

5. The ESBC can be a monolithic

image, or multi-stage boot images,

which validates the digital signature

and image of the operating system

or application, thereby extending the

chain of trust.

COTS Secure FPGA

Technology

The FPGA security hub receives

input from tamper detection sensors

throughout the system and has the

ability to interface with the processor;

erase data, configuration and key

storage; and disable interfaces

to provide an appropriate tamper

response. The FPGA can use either

a standard COTS or a Commissioned

configuration to define its response

behavior. The FPGA configuration is

encrypted with various safeguards to

protect content. Both Xilinx Artix and

Lattice MACHXO2 devices are used to

serve as security hubs.

Xilinx

Xilinx Artix FPGAs provide various AT

features. Passive features are built-in

to the silicon - COTS features - and do

not require design development, while

active features can be incorporated as

needed as part of the Commissioned

FPGA design effort. available AT

features.

Lattice

Lattice MACHXO2 FPGAs incorporate

on-chip embedded flash memory to

eliminate configuration bit-stream

vulnerability. Device security bits

prevent read-back of the configuration

from the device, and a one-time-

programmable mode prevents erasure

or reprogramming of the configuration.

Conclusion

Anti-tamper plays a vital role in the

overall information assurance scheme

for embedded systems. A successful

AT campaign provides layered

safeguards for prevention, detection,

and response. A carefully considered

COTS/Commissioned

combination

leverages lower-cost, reliable COTS

elements while allowing customers

to incorporate sensitive or restricted

technologies, policies, and procedures.

Abaco uses its partner relationships

and engagements to provide synergy

between the hardware, middleware,

stacks, partitioned operating system,

and hypervisors. The use of Intel’s

Trusted Execution Technology and

Freescale’s Trust Architecture provides

industry-standard trust mechanisms,

while a Xilinx- or Lattice-based FPGA

security hub augments a robust tamper

response. Hardware build options are

available to provide the flexibility to

meet customer requirements

Table 1 Xilinx Artix AT Features

New-Tech Magazine Europe l 47