Semiconductors
Modern semiconductor devices and processors are incredibly complex, integrating hundreds of IP blocks and custom Register-Transfer Level (RTL) code, along with the tens of millions of lines of firmware necessary to tame the complexities of the hardware. This foundational code and hardware architecture is critical to the security of the device and protecting its many attack surfaces. A critical challenge is that security flaws in the design or implementation, once committed to tape-out, become permanent, immutable vulnerabilities. Remediation post-fabrication is often technically impossible and can lead to considerable financial loss and reputational damage.
The Board Support Package (BSP) is often overlooked by vendors as mere reference code, while the downstream OEM community relies on it heavily to ship products. This expectation gap is often the cause of real user-impacting vulnerabilities. Shipping a robust secure BSP is a massive opportunity for chip vendors to differentiate themselves in the market.
Tetrel provides a comprehensive suite of services to empower semiconductor vendors and their customers in addressing their rigorous cybersecurity requirements. Our involvement spans the entire product lifecycle:
- Requirement Definition: Establishing robust, product or feature specific security specifications.
- Design & Implementation Review: Conducting in-depth review and assessment, from the individual IP module stage up to the complete system-on-chip (SoC) device.
- Firmware and BSP Review: Detailed implementation review of the device firmware and BSP.
Our expert team specializes in proactive vulnerability discovery, finding and mitigating critical security flaws before they are sent to the foundry, thereby safeguarding your investment and product integrity.
Services #
Tetrel provides crucial assurance for semiconductor vendors. We specialize in deep human-driven code review to find the vulnerabilities that your automation cannot.
We deliver comprehensive services focused on foundational security for hardware and firmware, including:
- Deep-Dive Firmware and RTL Review: Assessing boot processes, trusted execution environments, confidential-compute, secure management access (e.g., BMC), and cryptographic implementations on all core devices, ROM, firmware, and Board Support Packages (BSP).
- Supply Chain Risk Mitigation: Evaluating the security posture of third-party IP and firmware to reduce technical security debt.
- OCP S.A.F.E. and Caliptra Trademark Assessments: As an approved SRP, we help you navigate the OCP S.A.F.E., Caliptra, and OCP L.O.C.K. assessment processes, to meet and exceed the hyperscalar requirements.
- M&A Technical Security Diligence: Tetrel can assess large amounts of source code in a short time-frame to highlight risk, technical debt, and (in)secure development pattern. This is necessary diligence to understand and mitigate issues as new technologies are acquired.
Selected Publications #
A curated list of publications and presentations by our team is provided for your review.
- Hardware Security By Design: ESP32 Guidance
- Entropy for Embedded Devices
- Secure Device Provisioning Best Practices: Heavy Truck Edition
- Trends in Server Platform Security - Platform Security Summit 2019
- Secure Firmware Development Best Practices
- A Case for a Trustworthy BMC (Cloud Security Industry Summit)
- Importance of Embedded Systems Security Requirements
- OCP Common Security Threats v1.0