{"id":4778,"date":"2023-05-01T01:04:00","date_gmt":"2023-05-01T01:04:00","guid":{"rendered":"https:\/\/www.pufsecurity.com\/?post_type=dlp_document&p=4778"},"modified":"2023-05-05T01:47:57","modified_gmt":"2023-05-05T01:47:57","slug":"securing-system-on-chips-hardware-protection-in-the-age-of-chiplets","status":"publish","type":"dlp_document","link":"https:\/\/www.pufsecurity.com\/zh-hant\/document\/securing-system-on-chips-hardware-protection-in-the-age-of-chiplets\/","title":{"rendered":"Securing System-on-Chips: Hardware Protection in the Age of Chiplets"},"content":{"rendered":"\n

It seems that almost weekly, the semiconductor industry\u2019s all-encompassing barometer, Moore\u2019s Law, is pronounced dead, dying, or actually healthier than ever<\/a>. As the debate continues to speculate on its health, there is an unequivocal certainty that singular monolithic chip designs are simply becoming unsustainable as FinFET technology replaces a larger slice of the traditional 2D planar gate market.<\/p>\n\n\n\n

The Day of Reckoning <\/strong><\/p>\n\n\n\n

An increasing number of companies are reviving the \u201cSystem in Package (SiP) or \u201cHeterogeneous Integration (HI)\u201d approach by fabricating standardized \u201cChiplets\u201d and, from them, assembling a series of more complex designs. This modular approach of LEGO-like pieces of silicon combined into a single packaged device is nothing new and has been around since the 1980s with MCMs. Even Gordon Moore\u2019s original essay<\/a> acknowledged that a day of reckoning would come for his theory and that a more lateral approach would be needed.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Why Now for Chiplets?<\/strong><\/p>\n\n\n\n

Chiplets offer a flexible, scalable, and cost-effective approach that can match the ever-changing complexity of demands on modern systems.<\/p>\n\n\n\n

Compared to an SoC\u2019s more homogenous single-die integration, this heterogeneous approach can dramatically reduce fabrication and design costs, as not all chiplets would necessarily need to be fabricated on the latest nodes. For example, core logic chiplets may utilize the latest and greatest from a top-tier fab, while I\/O chiplets can be produced in a smaller, more affordable foundry. So, SiPs can offer substantial benefits over single-die SoCs, such as higher wafer yields and a faster time-to-market, despite the complexity of integrating them into a single package with a specialized chiplet substrate (the interposer layer).<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

As the feature size for each advancing process node reduces, there is a corresponding trend of increased defect density, presenting a significant problem for the manufacturer. Combined with the larger absolute size of complex SoC designs, there are significantly fewer usable good dies per wafer for large monolithic designs. If the defect density continues to grow as we push further and further towards sub-nanometer technology, what choice is left but to decrease the size of the dies themselves?<\/p>\n\n\n\n

Yields, however, can be improved by producing smaller designs (chiplets) to be assembled into a larger design (SiP). Another benefit is better wafer utilization, which is achieved by packing more chiplets per wafer than a die of large SoCs, which wastes a significant amount of space.<\/p>\n\n\n\n

Chiplet Implementation Today<\/strong><\/p>\n\n\n\n

The system\u2019s flexibility means that only the chiplets corresponding to the update in function require a redesign, minimizing the overall workload of a design transitioning to a newer node. The cost savings can also be passed along the supply chain, removing the need for a separately designed product family targeting different markets. This simplifies stock-keeping unit (SKU) costs by substituting the appropriate chiplet to match the targeted market segment in price and performance.<\/p>\n\n\n\n

Given the benefits of chiplet-based design, it comes as no surprise that many industry heavyweights have started their chiplet programs: Intel with their Agilex FPGAs and SoCs, AMD and their EPYC and Ryzen processor families, Nvidia using their chiplet interconnect technology NVLink-C2C, and even TSMC in 2020 when they introduced their 3DFabric technologies to help customers design their own chiplet-based SiPs. Not to miss out on the action, the US government has also put resources into exploring this promising style of chip design with DARPA\u2019s Common Heterogeneous Integration and Intellectual Property Reuse Strategies (CHIPS). Finally, demonstrating that chiplet-based design is not just a passing fad, there is already a push for formalizing the way chiplets talk to each other, with the Universal Chiplet Interconnect Express (UCIe) open standard being promoted by companies such as Intel, AMD, Arm, TSMC, Samsung, Qualcomm, Google, and Microsoft.<\/p>\n\n\n\n

Security Implications<\/strong><\/p>\n\n\n\n

As prevailing trends favor a chiplet-based approach over a monolithic single-die SoC, we will likely have upwards of ten chiplets, each potentially from different wafers, integrated into a single design. From a security viewpoint, the number of attack surfaces will rapidly multiply when moving from one single SoC die to multiple dies for SiP. Each chiplet procured has numerous possible foundry sources and design companies involved. Not only are there multiple sets of I\/Os to protect, but each vendor will not necessarily adhere to the same set of security protocols.<\/p>\n\n\n\n

Currently, this may not be a concern, as chiplets only take a small market share. However, as chiplets begin to see wider adoption, the number of chiplet vendors will expand, and managing the different security conventions will quickly become a significant risk.<\/p>\n\n\n\n

The Chiplet Supply Chain Risk<\/strong><\/p>\n\n\n\n

The geopolitical tensions that link vendors internationally only add to the complexity, especially as tensions between the US and China continue to rise, each seeking to bifurcate the already fragile semiconductor supply chain. Therefore, safely tracing the components through the supply chain from one location to the next is crucial for securing SiPs. Therefore, any potential weak link in the supply chain presents a ripe target for an adversary to insert a compromised chiplet, possibly with a malicious payload, trojan, or spyware.<\/p>\n\n\n\n

PUF Chip Fingerprinting<\/strong><\/p>\n\n\n\n

Given these new security challenges being faced during this transition to chiplet-based architecture, it is reassuring to know that the same PUF protection currently deployed with SoCs can also create a foundational root of trust for SiPs. When integrated into the design, they can provide each chiplet with a Unique Identity (UID)<\/a> derived from a PUF Chip Fingerprint<\/a>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

A physically unclonable function (PUF) embedded into every chiplet in a SiP will bring together the fragmented nature of chiplet-based design and support the four central security functions.<\/p>\n\n\n\n