Recent news of high-profile breaches confirm that platform firmware increasingly presents a large and ever-expanding attack surface. Earlier this year, the U.S. Department of Homeland Security (DHS) and Department of Commerce issued a new joint report on supply chain security in the US IT and communications industries, outlining how firmware is now a priority target for hackers and represents a significant threat vector for computer systems and IT infrastructure. It urged businesses and individuals to take steps to protect their critical infrastructure from such firmware attacks.

To address this growing threat and provide users with the latest tools in firmware protection and security, today’s release of Tektagon XFR adds several new features to this already robust solution from AMI. Key among them is support for the Mach™-NX FPGAs from Lattice Semiconductor, which enables Tektagon XFR to deliver dual SPI support and real-time platform security monitoring. Tektagon XFR now also offers support for server architectures from AMD and Arm®, bringing affordable, easy-to-deploy Platform Firmware Resilience (PFR) to an even wider range of platforms for datacenter and cloud service provider applications.

Additional new features in this latest release of Tektagon XFR include Intel® PFR 3.0 support, seamless updates for the next-generation Intel® Xeon® (“Eagle Stream”) data center platform, attestation support and integration with our Aptio® V UEFI Firmware and MegaRAC® SP-X BMC Firmware. Tektagon XFR also gains support for AES, SHA and ECDSA encryption, key management and support for MegaRAC OpenEdition™ BMC Firmware from AMI.

About Tektagon XFR

Tektagon XFR is a hardware-based platform firmware security solution for servers that utilizes an AMI firmware stack on Lattice FPGA devices, strengthening system security by protecting firmware from unauthorized modification, detecting firmware-based malware and recovering the platform to a known good state. These capabilities make Tektagon XFR the perfect solution for protecting critical infrastructure firmware from unauthorized modification during power up and runtime.

Tektagon XFR is compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP 800-193) and compatible with the current draft of the Data Center Secure Control Module (DC-SCM) 2.0 Specification under the management of the Open Compute Project (OCP). It also supports Security Protocol and Data Model (SPDM) from DMTF for monitoring of a server’s peripheral devices, enabling firmware attestation for Broadcom’s MegaRAID™ 9600 Storage Adapter and 200G NIC family. With Tektagon XFR in place, you can be confident that your firmware is safe from tampering or corruption.

Recognizing the challenges that OEMs face developing a PFR solution from scratch, AMI and Lattice Semiconductor worked closely together to bring the industry an integrated, fully featured, pre-verified and secure PFR solution that is flexible, scalable, low cost, and easy to implement. Our partnership allows us to offer our PFR Firmware on secure FPGA solutions from Lattice, in combination with the Lattice Sentry™ solution stack and a full suite of design and development tools – for holistic, robust system security that conforms to PFR industry guidelines and represents a significant advancement in platform security for our customers.

Zachary Bobroff, Senior Director of Product Office at AMI, commented that “With security breaches becoming more prevalent, organizations must have a system to validate their platform firmware – to be aware of all firmware running on your platforms and ensure that it is trusted. AMI’s Tektagon solutions provide this root of trust, so you can be confident that your platform is secure against potential threats. Today’s new release is the next step in our vision for Tektagon XFR, bringing customers an affordable, flexible and comprehensive alternative to existing competitor solutions that is rooted in essential firmware security guidelines and truly breaks new ground in platform security.”

“As the security threat landscape continues to evolve, enabling system and platform developers to integrate added layers of protection and resilience is a key priority at Lattice,” said Nilesh Narayan, Marketing Director, Server Segment, Lattice Semiconductor. “We are excited to continue our strong collaboration with AMI by enabling Tektagon XFR with broader support for our award-winning low power product portfolio, giving our customers more ways to implement next-generation security and cyber resiliency.”

Zee Shirazi, Global Head of Marketing, Business Operations and Strategy, Data Center Solutions Group, Broadcom added that “With the growing number of sophisticated security threats, the Security Protocol and Data Model (SPDM) specification from DMTF will play a central role in platform security for both hyperscale and enterprise data centers by ensuring only authentic hardware and firmware components are being used. We are pleased to see that AMI has added a SPDM feature, to the Tektagon XFR platform, that supports our storage and server components including our MegaRAID™ 9600 storage adapter, 200G NIC, and PEX89xxx PCIe switch products— seamlessly protecting the same security attestation umbrella as other platform firmware.”

Lattice Mach™-NX and Lattice Sentry™ are trademarks of Lattice Semiconductor. MegaRAID™ is a trademark of Broadcom Inc. Intel® and Xeon® are registered trademarks of Intel Corporation. All other trademarks and registered trademarks are the property of their respective owners in the US and other countries.

The post AMI Releases Tektagon XFR Platform Root of Trust Firmware Security Solution to Protect Critical Compute Infrastructure with Built-in Cyber Resiliency appeared first on AMI.

Presented by Lattice Semiconductor

This seminar will explore the challenges, opportunities, and latest solutions for the global hardware security industry. You’ll walk away with a better understanding of what a Cyber Resilient system requires, especially in compute architectures and the new supply chain paradigms that will reduce your supply chain security costs while increasing your protections. Security industry leaders from AMI and Lattice will also discuss ways to prepare for and respond to threats when building and operating secure systems in today’s complex and ever-changing technology ecosystem.

DATE & TIME

• Monday, June 6, 2022
• 4 to 6 pm PDT

SPEAKERS

• Eric Sivertson – VP, Security Business, Lattice
• Nilesh Narayan – Director, Server Marketing, Lattice
• Kenneth Tao – Director, Business Development, AMI

AGENDA

• The Importance of Cyber Resilience & Supply Chain Security
• Current Threat & Risk Landscape
• Security & Protective Solutions
• Ecosystem Highlight – Platform Firmware Resiliency (PFR) Orchestration in Servers
• Q&A

The post Cyber Resiliency for Firmware Protections and Supply Chain Security Webinar Presented by Lattice Semiconductor appeared first on AMI.

The post Platform Security Starts at the Root of Trust appeared first on AMI.

Firmware Security Trends are Changing Faster than Ever

Firmware is an increasingly popular attack vector; the National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent¹. The NIST PFR guidelines were written to help developers understand how to protect legitimate firmware, detect unauthorized firmware, and restore compromised firmware to a known good state by establishing a PRoT. PRoT solutions validate platform firmware at boot to ensure it has not been modified illegitimately. Currently, developers with PFR design expertise are in limited supply, and OEMs requiring support for PFR often have strict time-to-market requirements that preclude developing a PFR solution from scratch. Recognizing these trends, AMI and Lattice worked together to deliver a tightly integrated, pre-validated PFR solution. It provides a robust PRoT, for real-time I2C bus and SPI monitoring of both BIOS and BMC SPIs, so from the moment a system boots all transactions over the SPI bus are monitored.

What is Tektagon™ XFR?

AMI has applied its 35 years of deep expertise in BIOS and BMC firmware development to deliver a robust PFR solution designed to detect, protect and recover firmware from unauthorized modification. As implemented in the AMI-Lattice joint solution, the Tektagon™ XFR firmware executing on the Lattice MachXO3D with the Lattice Sentry solution stack orchestrates the connection between the solution’s PRoT and all other ICs on the motherboard. Moreover, Tektagon™ XFR firmware is host CPU-agnostic, to give system developers greater flexibility in supporting the CPU requirements of their chosen server platform.
Thanks to its seamless integration with Aptio® UEFI Firmware and MegaRAC® SPX BMC Firmware from AMI, Tektagon™ XFR delivers a truly turnkey PFR solution – making use of the Lattice MachXO3D IP blocks to support detection and recovery of platform firmware, together with runtime monitoring of SPI flash memory used to store the platform firmware.

What is Lattice Sentry?

The Lattice Sentry solutions stack delivers a robust combination of customizable embedded software, reference designs based on the Lattice MachXO3D secure control FPGA, IP, and development tools to accelerate the implementation of secure systems compliant with PFR guidelines. As the system controller, the MachXO3D is the first component to execute code and attest power sequencing logic at system startup, making it an ideal platform for establishing a PRoT. Thanks to the MachXO3D FPGA’s parallel processing architecture and flash memory, the device monitors for and detects attacks in real-time – a truly groundbreaking innovation as real-time monitoring is currently beyond the processing capabilities of competing PRoT solutions like MCUs.
For more information on the joint Tektagon™ XFR PRoT Firmware on Lattice Sentry solutions stack, please call 1-800-828-9264 to speak with an AMI Security Solutions expert or contact us via ami.com/contact.
For more information about Lattice Sentry, please visit https://www.latticesemi.com/latticesentry.
About Lattice Semiconductor
Lattice Semiconductor (NASDAQ: LSCC) is the low power programmable leader. We solve customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive, and consumer markets. Our technology, long-standing relationships, and commitment to world-class support lets our customers quickly and easily unleash their innovation to create a smart, secure and connected world.
¹Source: National Vulnerability Database (2016 and 2019)
MachXO3D™ is a trademark of Lattice Semiconductor Corporation. All other trademarks and registered trademarks are the property of their respective owners.

The post AMI and Lattice Semiconductor Announce Joint Platform Firmware Resiliency Security Solution: Tektagon XFR Firmware with Lattice Sentry Solutions Stack appeared first on AMI.