[fleventynine]

From the photo, that looks like a stock iCE40 FPGA, which does not support hardware attestation of the loaded bitstream. How does the user verify that the FPGA loaded the expected bitstream instead of something with a backdoor? A DICE chain that is not rooted in physical, immutable hardware isn't very useful.

[kfreds]

> From the photo, that looks like a stock iCE40 FPGA, which does not support hardware attestation of the loaded bitstream.

Which FPGA models support _attestation_ of the loaded bitstream? Do any?

> How does the user verify that the FPGA loaded the expected bitstream instead of something with a backdoor?

It's a Lattice ice40up5k, which contains a programmable and lockable NVCM memory in-package. The engineering samples we handed out today at OSFC store the FPGA configuration bitstream on a SPI flash memory though.

> A DICE chain that is not rooted in physical, immutable hardware isn't very useful.

When we start selling them we'll likely sell both security keys with pre-provisioned bitstreams in NVCM as well as unprovisioned security keys so you can provision your own.

[70rd]

An interesting approach to vendor-independent attestation was outlined in [1]. Basically the bitstream is fed into a physical unclonable function (PUF) which is used to derive a key to decrypt the rest of the bitstream. For attestation, one could simply store the secret part of an asymmetric key in the encrypted bitstream (for challenge-response).

[1]: An Autonomous, Self-Authenticating, and Self-Contained Secure Boot Process for Field-Programmable Gate Arrays, https://www.mdpi.com/2410-387X/2/3/15

[fleventynine]

> Which FPGA models support _attestation_ of the loaded bitstream? Do any?

I haven't seen this feature yet, but I desperately want it on every FPGA I use. NVCM eliminates most of the benefits of using an FPGA...