Overbuilding is a looming threat to the global electronics supply chain. Overbuilding of electronic systems can be particularly damaging.
According to the U.S. Chamber of Commerce, intellectual property (IP) threats, including overbuilding, cost domestic companies an estimated $250 billion per year or more in lost revenues. Once contract manufacturers have the bill of materials (BOM), programming files, and test programs, there is nothing to stop them from building more units than authorized. Overbuilding can result in a significant loss of revenue and unnecessary support costs related to systems that did not generate any revenue for the manufacturer.
There are two key requirements for protecting field programmable gate array (FPGA)-based designs from overbuilding in an untrusted contract manufacturing environment: 1) ensuring confidentiality of user design and security keys used via a secure initial key loading mechanism, and 2) preventing unauthorized programming of the user design via an overbuild protection mechanism.
Hardware security modules (HSMs) and secure FPGAs make this possible. An HSM is a physical computing device that safeguards and manages user key information. It protects the information it processes by using keys inside its security boundaries to execute algorithms. HSMs also feature specially sealed packaging and various tamper-resistant and tamper-evident protection mechanisms.
Microsemi's Secure Production Programming Solution (SPPS) offer one example of this approach. It builds upon the company's existing internal manufacturing infrastructure, which uses Thales e-Security FIPS140-2 level 3-certified HSMs for provisioning factory keys and certificates during wafer sort and package testing. Provisioning this approach to customers enables them to securely program their unique key material and designs into the FPGAs in untrusted locations anywhere in the world.
There are several basic steps in the secure production process. Workflow software generates a job file that only the target manufacturing HSM can read, containing critical information including the encrypted security parameters, the number of devices that have been authorized for production, and an FPGA bitstream. The SPPS also generates encrypted files for the reconfiguration of FPGAs that were previously “keyed” by the user, such as those in fielded systems. All sensitive operations occur within certified HSM's hardware security boundary.
Manufacturers need the highest possible security levels for detecting counterfeit devices, protecting design IP, and preventing overbuilding. Implementing an HSM-based secure production environment removes the insider threat at remote manufacturing locations, enforces overbuild protection during programming as a part of security protocols execution, and maintains confidentiality of sensitive data while preventing Trojan horse insertion and other tampering.