Executive Summary
A look at today’s evolving security requirements affecting the semiconductor industry, including post-quantum cryptography (PQC) and the Cyber Resilience Act (CRA), and how Altera’s latest capabilities in Agilex™ 3 and Agilex™ 5 FPGAs and SoCs are helping to enable future-proof security functions today.
Modern Security as a Market Requirement
With the rise of AI and modern cyber threats, robust and agile security is no longer an optional capability in next-generation FPGA systems. Securing your product has evolved into a responsibility for many system designers to help keep customers’ data confidential and safe.
In the last 12 months, we have witnessed explosive growth in security chatter. Topics include both near- and long-term threats, emerging standards by technology, market segment, or geography, plus examples of successful attacks on embedded systems. In this discussion, we examine this year’s two biggest headlines:
Post-Quantum Cryptography (PQC) and The Cyber Resilience Act (CRA)
While both have generated significant questions and uncertainty, Altera’s latest FPGAs with the Secure Device Manager (SDM) have been designed to flexibly adapt to the changing security requirements that the future will continue to bring.
Post Quantum Cryptography is really the solution to a problem we have yet to face and may not face for many years to come. The primary uncertainty is the timeline for the availability of quantum computers: When will they be advanced enough and available to those seeking to break today’s standard cryptography? Fortunately, the second uncertainty is starting to resolve: Which algorithms will be best to integrate into next-generation long-life systems to be quantum-ready?
These last 12 months of chatter have included the standards-driven technical community, working to address this algorithmic uncertainty. In the United States, the NSA (and NIST by proxy) published CNSA 2.0 as a suite of quantum-safe algorithms that they will require in the coming years. The European Union (EU) has also released PQC-related guidance documents, with a significant move toward standardization in the latest Roadmap for the transition to PQC.
The EU has also approved the Cyber Resilience Act, a legislative set of high-level requirements meant to enhance cybersecurity for all products with a digital element. This will affect products sold in the EU, including OEMs around the world who wish to sell their products to EU customers starting December 11, 2027. The next step in the CRA process is the translation of the high-level requirements into enforceable regulations. Altera has been analyzing the high-level requirements and will be prepared to intercept the CRA’s regulations when published. As with PQC, the SDM’s flexibility will play a key role in addressing CRA regulations.
Altera’s Unique Approach to System Security
It’s useful to frame our security discussion using Altera’s focus as context to better understand our approach to semiconductor security, based on FPGAs, and system-level security. There are many academic and practical security models today, and each has its merits. Altera’s approach starts with a hardware focus and expands in scope to incorporate characteristics of different models. Figure 1 shows a simplified working model, based heavily on the Secure Device Manager (SDM), which is integrated into all Agilex™ FPGAs and SoCs.
Figure 1: Altera Security Model
In the Altera security model shown in Figure 1, our foundation is built on an immutable ROM boot of our Secure Device Manager (SDM). This establishes the Root of Trust, and in turn ensures the SDM is safe to apply the latest features and algorithms to the upper layers of the pyramid, roughly divided into IP security, Data Security, and System Security. The Application layer is included with a security bias, referring to all interactions we have with our systems. This includes development, deployment, and sustainment of the product, and how end customers will use it. These touchpoints represent the primary attack surface for unauthorized access, where the SDM plays a key role in fortifying each.
Let’s look at how this model can be applied to address today’s requirements. We start by looking at how the SDM functions within the FPGA as a system, and the layers of protection it establishes throughout the boot process.
- First: Establish Root of Trust (RoT). The SDM boots from Read-Only Memory (ROM, fixed) with a robust authentication scheme to verify the integrity of its full firmware image.
- Second: The SDM runs its updatable firmware to authenticate and configure the FPGA image, with the option to run the latest cryptographic algorithms to protect the system, IP, and data. This is commonly known as ‘crypto agility’.
- Third: With the FPGA securely running, the SDM offers crypto services into the system to provide additional layers of protection, such as Black Key Provisioning, Attestation, and Vendor Authorized Boot.
Table 1 shows the evolution of the SDM across the Agilex™ portfolio of families.
Security Features | Agilex 9 | Agilex 7 | Agilex 5 | Agilex 3 |
Bitstream Encryption | ✔ | ✔ | ✔ | ✔ |
SDM | ✔ | ✔ | ✔ | ✔ |
Updateable Security | ✔ | ✔ | ✔ | ✔ |
Black Key Provisioning | ✔ | ✔ | ✔ | ✔ |
Attestation | ✔ | ✔ | ✔ | ✔ |
Vendor Authorized Boot | ✔ | ✔ | ✔ | ✔ |
100 Gbps AES accelerator 1 | - | ✔ 1 | - | - |
PQC Data Path Support 2 | ✔ | ✔ | ✔ | ✔ |
PQC Native Boot Support | - | - | ✔ 3 | ✔ 3 |
Table 1: Security Capabilities Matrix for Altera Agilex™ Product Families.
Future Proof Your FPGA Systems
Altera has a long history in security, including the creation of the first firmware-driven, adaptable security engine in the Stratix® 10 Product Families. Each new family benefits from the latest SDM architecture, such as new capabilities like PQC Native Boot coming as an option in selected Agilex 3 and Agilex 5 devices.
Even with the uncertainties of quantum compute and the Cyber Resilience Act, Altera’s Agilex device families are architected to be updatable, allowing FPGA designers to adapt and address nearly any new security requirement that comes in the future.
With PQC Native Boot support and crypto agility, Agilex 3 and Agilex 5 devices will have options for long-life system designs requiring quantum readiness. Regarding the CRA’s forthcoming regulations, the initial high-level requirements articulate functionality already incorporated within Agilex devices, such as authentication, encryption, and secure remote update. For both CRA and PQC, Agilex devices have a robust and flexible security architecture to help address these market requirements, even as they continue to evolve.
- For publicly accessible information, read or download the following: Security Overview for SDM-Based FPGA Devices.
- For a deeper discussion and access to NDA-level information, please fill out the following contact form to have the appropriate Altera representative contact you: https://www.altera.com/contact.html
Notes:
1. Available in select Agilex 7 device variants.
2. Available as soft IP.
3. Available in select Agilex 3 and Agilex 5 device variants.