New York Institute of Technology - Vancouver Develops Secure Boot Application for Gowin SecureFPGA

April 21, 2020 -- GOWIN Semiconductor announced their SecureFPGA devices in 2019 which enable hardware PUF (Physically Unclonable Functionality) based security providing a root of trust on their µSoC FPGAs. Since then, GOWIN has been working with various security technologists to develop use case examples in order to fast track embedded security development on their embedded devices.

NYIT-Vancouver (New York Institute of Technology Vancouver Campus) started developing solutions with GOWIN SecureFPGAs as part of their INCS 870 Cyber Security graduate capstone course. As part of this course, students worked with GOWIN to solve general purpose security problems using the GOWIN SecureFPGA µSoC FPGA and developed a secure boot example using the included Intrinsic ID Broadkey security library.

Secure Boot is an industry standard that ensures that any device boots using only software that is digitally signed and verified by the Original Equipment Manufacturer (OEM). The device may be a PC or an embedded device. Typically, the secure boot process runs over a small amount of boot code prior to any application software. The process involves digital signature verification over the application firmware using an asymmetric key pair.

“After completing this project, students gained valuable experience in embedded system development. The multi-faceted nature of such systems makes it challenging to give students exposure to and experience in all facets of such systems,” said Yunlong Shao, Assistant Professor for the INCS 870 course at NYIT-Vancouver.

“In this capstone project, students used GOWIN’s SecureFPGA system and its Broadkey security library to perform the signature verification process over application firmware using an asymmetric key pair. The use of the Broadkey security library gave students practical experience and a sense of accomplishment, while reinforcing theoretical concepts. The results show that students perceived the project positively and that the learning objectives were met.”

SecureFPGA provides several additional layers of security for the secure boot process. First, SecureFPGA devices can be factory provisioned so that the root key pair of the device is initialized at the GOWIN factory floor. Second, the device uses SRAM based PUF technology taking intrinsic silicon properties of their device’s hardware SRAM to regenerate a root key pair rather than storing it in the device. Third, the private key is protected in a secure enclave that is never available to the developer and can only be accessed through the provided Broadkey security library.

“Secure boot is one of the most common requests we receive for customers wanting to add security capabilities to their embedded products,” said Grant Jennings, Director of International Marketing for GOWIN Semiconductor. “Partnering with New York Institute of Technology – Vancouver gave us incredibly valuable insight into our security product offering from graduate students with domain expertise specifically in cybersecurity.”

As a result of this successful capstone project by New York Tech - Vancouver, an example design is now provided at www.gowinsemi.com and can be evaluated using the DK-Start-GW1NSE-2C development kit from GOWIN providing developers an great starting point to integrate application firmware checking in their next product.

Duo Xu, graduate student at New York Tech -Vancouver explained that “In order to perform a secure boot, the developer needs to provide the start address and the size in bytes of the application firmware that will be verified using a digital signature . In the digital signature generation process, the program will initialize the ID Broadkey security library and generate the digital signature that is stored it in flash memory. As soon as the signature generation process finishes, the secure boot function can be called in any part of the code to regenerate the signature, compare it with the signature stored in flash memory, to verify that the application hasn’t been modified. If the verification is successful, the boot process jumps to the first address of firmware, if not, it shows an error message and jumps into an infinite loop.”

GOWIN Semiconductor looks forward to continuing collaboration projects through their overseas university program that enable successful application starting points for their customers. For more information on GOWIN Semiconductor and their SecureFPGA product visit www.gowinsemi.com.

About GOWIN Semiconductor Corp.

Founded in 2014, Gowin Semiconductor Corp., headquartered with major R&D in China, has the vision to accelerate customer innovation worldwide with our programmable solutions. We focus on optimizing our products and removing barriers for customers using programmable logic devices. Our commitment to technology and quality enables customers to reduce the total cost of ownership from using FPGA on their production boards. Our offerings include a broad portfolio of programmable logic devices, design software, intellectual property (IP) cores, reference designs, and development kits. We strive to serve customers in the consumer, industrial, communication, medical, and automotive markets worldwide.

For more information about GOWIN, please visit www.gowinsemi.com