中文 English

A Crisis In DoD’s Trusted Foundry Program?

GlobalFoundries’ decision to put 7nm on hold is raising concerns across the mil/aero industry.

popularity

The U.S. Department of Defense’s Trusted Foundry program is in flux due to GlobalFoundries’ recent decision to put 7nm on hold, raising national security concerns across the U.S. defense community.

U.S. DoD and military/aerospace chip customers currently have access to U.S.-based “secure” foundry capacity down to 14nm, but that’s where it ends. No other foundries provide similar “secure” foundry capacity beyond that in the U.S. right now, leaving the U.S. defense industry at a potential technological disadvantage across the globe.

The defense community uses a multitude of fabs to make chips for their systems. At the leading edge in the U.S., the defense industry relies on the DoD’s Trusted Foundry program, and GlobalFoundries is the sole leading-edge foundry vendor in the U.S. for the DoD and mil-aero customers at processes down to 14nm. There is no obligation to use the fab, but for the DoD the advantage is a secure flow for classified and unclassified chips.

GlobalFoundries continues to provide these services down to 14nm, but it halted its efforts at 7nm and beyond due to escalating R&D costs and a questionable return. Only a few companies need chips at 10/7nm and beyond, making it economically unviable to continue developing leading edge technology.

So now the U.S. defense community will have to look elsewhere for the technology. It’s not a dire situation yet. Generally, the defense community uses chips at mature nodes. But there are chips under development today at 16/14nm, and at some point they will require 10/7nm.

But for 10/7nm and beyond, the options are limited to three vendors and even that’s debatable. TSMC and Samsung are ramping up 7nm, while Intel is struggling to ship 10nm.

If they are needed, though, Intel and TSMC are known quantities in mil-aero. For years they have manufactured chips for mil-aero customers at various nodes. Both companies aren’t part of the DoD Trusted Foundry program, although they insist that their fabs are secure for all customers.

Still, the U.S. defense community would prefer to have access to foundry technology beyond 14nm on U.S. soil and with a trusted status for national security reasons. Even before GlobalFoundries’ announcement there were rising concerns.

“The absence of DMEA-accredited Trusted Foundries at advanced semiconductor process nodes has the potential to precipitate a crisis for DoD. Unmitigated, this crisis could disadvantage DoD with asymmetric semiconductor capabilities,” according to a white paper issued last year by the Trusted Microelectronics Joint Working Group. Part of the DoD, the Defense Microelectronics Activity (DMEA) administers the Trusted Foundry program. The working group is part of the National Defense Industrial Association, a non-profit organization.

It’s a matter of debate whether the situation is a crisis, but the issues go beyond process nodes. Commercial and defense customers face an alarming number of cyber-attacks, so more security is required across the flow.

Nevertheless, the U.S. defense industry likely will work more closely with leading-edge foundries that do not have trusted status. That would make the industry more reliant on commercial fabrication flows, which may be more vulnerable to cyber-attacks. At the same time, there is a push for better security for trusted fabs.

So the DoD is developing new methods to ensure trust in all fabs. Among them:

  • New supply chain methods.
  • New design, fabrication and packaging techniques, including chiplets.
  • Use of split fabs, where the transistor-level portion of a device is built in one fab and the metallization is done in a trusted facility. For this, the DoD is building its own fab for mature nodes.

It’s a complicated situation. To help the industry get ahead of the curve, Semiconductor Engineering has taken a look at mil-aero chip trends, the Trusted Foundry program, and the DoD’s strategy.

Mil-aero trends
In the 1960s and 1970s, the U.S. defense community was one of the big drivers for semiconductors, along with mainframe computers and telecommunications. The DoD has long recognized that chip technology is essential for U.S. military superiority.

“Advanced microelectronics technology is essential for current and next-generation defense capabilities,” said Kristen Baldwin, deputy director of strategic technology protection and exploitation for the DoD, at a recent event. “Our spectrum of requirements range from boutique, legacy and almost obsolete components all the way to state-of-the-art technologies that underpin our vision for future capabilities.”

But market dynamics have changed dramatically since then. The PC took off, starting in the 1980s, propelling the growth of the commercial IC market. That was followed by the cell phone. As the commercial IC market expanded, the mil-aero chip business became a smaller percentage of the overall semiconductor pie.

In 2017, the mil-aero semiconductor market reached $2.9 billion, up 8% from 2016, according to Databeans.


Fig. 1: Size of mil-aero chip market. Source: Databeans

“Today, although microelectronics are critical for advanced military systems, they are a tiny percentage, maybe 1% or 2%, of the demand for the big foundries,” said Michael Fritze, a senior fellow at the Potomac Institute For Policy Studies, an independent think tank. “So the government has no leverage in terms of market share. Not as many companies are chasing after that business. In fact, many of them see it as an annoyance.”

In mil-aero, the IC volumes are small, and there are long design cycles and rigid requirements. Moreover, the market is fragmented because the industry develops a wide variety of systems, such as aircraft, electronic warfare and radar. There are a few common denominators between those segments.

“A military system is a platform. It’s a complex system. It takes time to integrate and test a system,” Fritze said. “Most of the electronics are what we call state-of-the-practice. They are mature by a few generations, or even legacy. They tend to be older technologies for the most part, but that doesn’t mean that state-of-the-art is never used.”

All told, the mil-aero chip business consists of various niche markets. One example is the radiation-hardened chip segment. “We have military and reconnaissance satellites. We have missiles that need to work through radiation environments,” he said. “But it’s a tiny market. We’re talking about hundreds to thousands of the units.”

This is one of the reasons why FPGAs have become so popular in the defense business. After an FPGA is fabricated, it contains programmable logic blocks. The device is configured with proprietary data by a customer in the field. The defense industry uses FPGAs at 20nm and above, with 16nm/14nm and below in the works.

A large percentage of FPGAs for defense are made in fabs in Taiwan. The part can be made offshore, but it doesn’t become a secured device until it’s shipped and programmed by an OEM in the U.S.

“It’s okay to use offshore fabs like TSMC and UMC,” said David Gamba, senior director of aerospace & defense at Xilinx. “The FPGA is programmed by our customers, so no customer design information is known during the manufacturing process.”

ASICs and RF GaN-based devices are built in U.S. fabs. But the issues go beyond fab location. Commercial and defense customers are developing devices in complex supply chains with various EDA tools, IP and manufacturing flows.

Systems houses worry about cyber-attacks. For example, an adversary could insert a malicious change in the process flow, which provides an opening for IP theft and/or counterfeit devices. And this is where the DoD Trusted Foundry and related programs come into play.

“They want hardware assurance. They want to make sure that the technology cannot be subverted intentionally or accidently,” said Steve Mensor, vice president of marketing at Achronix.

The birth of Trusted Foundry
This isn’t a new concern. For years, the U.S. defense community has worried about obtaining secure devices. This was especially true when U.S. chip-manufacturing technology began moving offshore, starting in the 1990s. In response, the U.S. government in 1990 built its own fab to ensure a secure supply of chips. That fab was located at the National Security Agency (NSA) in Fort Meade, Md.

It was eventually shuttered, however. “They built chips for secure government applications,” Potomac’s Fritze said. “That worked for a while. It became increasingly expensive to upgrade the fab.”

So the DoD formulated a new plan in the early 2000s to outsource production to a U.S. fab, and in 2003/2004 IBM’s Microelectronics Group won a contract to become the sole provider of leading-edge, secure foundry services for the DoD. It was known as the Trusted Foundry program, and it included two IBM fabs—Essex Junction, Vt., and East Fishkill, N.Y.

Generally, in this program, executives and fab workers are subject to background checks and security clearances. Then, a fab line might process wafers for both commercial and defense customers. But for DoD business, there are certain portions of the flow that are separated from the rest of the fab.

In 2007, the program was broadened to include companies that cover the entire supply chain, such as IC design houses, photomask vendors, specialty foundries and packaging houses. These vendors are called “trusted suppliers,” and they must go through an accreditation process that includes background checks and securing their facilities.

Unlike the IBM deal, though, the “trusted suppliers’’ don’t have a yearly contract with guaranteed business. But they can leverage their trusted status and bid for government business.


Fig. 2: Trusted Foundry/Supplier List Source: DoD

In 2008, for example, Cypress Semiconductor’s 200mm fab in Minnesota obtained accreditation under the DoD “trusted supplier” program. Last year, SkyWater acquired Cypress’ 200mm Minnesota fab and it now positions itself as a foundry vendor with processes down to 90nm.

Skywater maintains its “trusted supplier” status, which gives it a leg up for government business. “It also propagates into the other parts of our business. We have this trusted mindset in terms of the way we engage with the government. But that also applies to the way we engage with all customers,” said Thomas Sonderman, president of SkyWater.

Obtaining “trusted supplier” accreditation is not for all companies. The process is involved and the payback is sometimes limited. The volumes in mil-aero are small.

In the “trusted supplier” program, meanwhile, there are various CMOS and specialty foundries. The most advanced process among those suppliers is 90nm.

At the leading edge, IBM provided foundry capacity under the Trusted Foundry program until 2015, when it sold its chip unit to GlobalFoundries. IBM no longer saw semiconductors as a core business.

This caused a stir in defense circles. Technically, GlobalFoundries isn’t a U.S.-based company—it is owned by Mubadala of Abu Dhabi.

Still, DMEA transferred the Trusted Foundry contract from IBM to GlobalFoundries. Thus, GlobalFoundries’ fabs in Vermont and New York remained part of the Trusted Foundry program with Category-1A and ITAR designation. In those fabs, GlobalFoundries provides silicon-germanium and RF processes. But the most advanced CMOS process is an older 32nm SOI technology.

Recently, DMEA extended the deal with GlobalFoundries to include 14nm finFET technology, which is produced in its 300mm fab in New York. Technically, this fab doesn’t have a “Trusted Foundry” status. Instead, the fab has a Category-2 designation, which means the facility incorporates integrity measures.

Regardless, defense customers have access to GlobalFoundries’ 14nm process as well as photomask and IC-packaging services. The company offers an end-to-end solution in partnership with IBM’s packaging operation in Bromont, Canada.

“We can do ITAR and Trusted Foundry with our partner in IBM Bromont. It’s a full turnkey,” said David McCann, vice president of packaging R&D and operations at GlobalFoundries. GlobalFoundries officials declined to comment further on the Trusted Foundry program.

Meanwhile, the Trusted Foundry program took another turn in August, when GlobalFoundries put 7nm on hold. GlobalFoundries will continue to provide services at 14nm and above, but defense customers will need to find another solution at 10nm/7nm and beyond.

The DoD will require 10nm/7nm at some point, but not in the near term. “For the military’s immediate needs, most platforms are older parts. It’s not a crisis situation,” Potomac’s Fritze said. “However, we do need to think about the future and develop this new AI hardware that requires computation. We do need access. It’s not a crisis situation at the moment, but we need to have a plan.”

The 10nm/7nm choices are limited to Intel, Samsung and TSMC. “Somehow, you have to find a way to work with one or more of those three players. The government is thinking about methods to do that,” he said.

Others agreed. “They are regrouping to figure out what their strategy needs to be right now,” said Joanne Itow, managing director at Semico Research. “They have their own roadmap with where they need to be. They are always coming out with hi-tech products, but it’s not necessarily always using the most advanced processes.”

DoD’s strategy
Today, the DoD is developing its new strategy for the trusted program, although it’s still a work in progress.

But understanding the DoD’s strategy also needs to be viewed in the context of the current mil-aero foundry landscape. In simple terms, mil-aero foundry customers have a number of options. They are:

• Work with GlobalFoundries at 14nm and above.
• Use a foundry on the DoD’s “trusted supplier” list.
• Use a foundry not on the list, which could be a U.S. or non-U.S. vendor.

Each company has a different strategy. Over the years, for example, Xilinx has had its FPGAs made by TSMC in Taiwan. TSMC isn’t part of the Trusted Foundry or “trusted supplier” program because that doesn’t include fabs in Taiwan or China.

TSMC, however, continues to push the technology, so Xilinx sees no need to make a change. “DoD/military customers want the most advanced technology for their warfighters,” Xilinx’s Gamba said. “The rationale for having offshore production is that the U.S. needs to have the latest, most advanced technology available. They are getting this from Xilinx/TSMC.”

Not all mil-aero chips are built offshore. Generally, the DoD wants various devices, such as RF gallium-nitride (GaN) for radar, to be built in U.S. fabs.

Then, it gets more complicated. Some devices are built in offshore fabs. Yet, mil-aero customers want that part built in a U.S.-based Trusted Foundry.

Embedded FPGA is one example. An embedded FPGA is equivalent to the core of an FPGA, which is then integrated into an SoC.

“People in the aerospace and the government communities want to get embedded FPGAs,” said Geoff Tate, chief executive of Flex Logix. “But they want them built in the U.S. They want finFET-class performance, so that leads you to GlobalFoundries. Being in the U.S. seems to make them feel comfortable. One issue, of course, is assurance of supply.”

There are some challenges, however. For example, Flex Logix has its eFPGA products built at TSMC. Flex Logix is shipping 16nm products with 7nm in the works.

Boeing recently licensed Flex Logix’ technology. That is being made in GlobalFoundries’ 14nm process within its fab in New York. For this, Flex Logix is porting its technology to GlobalFoundries’ 14nm process. But the bigger issue is that the business for defense is relatively small. To get a return, Flex Logix is leveraging the technology for both defense and commercial customers.

Even then, there are issues. GlobalFoundries only provides access down to 14nm. Eventually, the defense community wants access beyond 10nm, so it will need to work with TSMC and others that do not have a trusted status.

The challenge is that today’s commercial process flows involve a complex supply chain. A non-trusted or even a trusted flow might be at risk amid a growing number of cyber-attacks, prompting the need for new trusted solutions. For this, the DoD is developing a new supply chain methodology called the Trusted and Assured Microelectronics program. This effort, which is still in the works, involves traceable and observable methodologies.

“This is focused on developing and transitioning new trust and assurance methodologies, moving away from historical trusted foundry manufacturing approaches to broader secure by design and chain of custody capabilities,” DoD’s Baldwin said at a recent event. “These supply chain and secure by design features are intended to protect our intellectual property, confidentiality, and integrity of U.S. parts throughout our supply chain.”


Fig. 3: New Trust and Assurance Approaches Source: DoD

There are other solutions on the table. Last year, the Trusted Microelectronics Joint Working Group proposed several techniques using countermeasure methods, namely functional disaggregation, design-for-trust, and split fabs.

In functional disaggregation, “you disaggregate functions across a device and put them together in a system level in the U.S.,” said Brad Ferguson, senior director of sales at SkyWater and a co-author in the paper from the working group.

DARPA’s CHIPS program is an example of functional disaggregation. In this program, the idea is that you have a menu of modular chips, or chiplets, in a library. Those chiplets are assembled in a package and connected using an interconnect scheme.

Design-for-trust is another approach. For example, FPGAs could incorporate physically unclonable functions into the design.

Split fabs is another idea. “This is where you run the front-end overseas and the backend metallization in the U.S.,” Ferguson said.

Split fabs has several challenges. First, it would take sizeable resources. Then, one foundry may need to share sensitive data with another. There are a few options for this approach. The DMEA is building a metallization fab facility in California, but it only scales to 90nm. It’s unclear if any other foundry will do this.

Meanwhile, there are also some developments in the photomask market. For this, GlobalFoundries is the leading-edge mask supplier in the DoD program.

Today, though, the government wants a backup with two mask sources at 14nm. At present, the DoD has an RFI (request for information), which is looking for another mask shop that can produce masks down to 14nm. Photronics, a U.S. merchant mask maker, is participating in this process.

In 2010, Photronics was accredited as a “trusted supplier” for photomasks down to 150nm. Like mil-aero chips, the mask business for defense is small. But mil-aero can be a lucrative business as well. “Having the capability to do this and do it effectively, correctly and in a timely manner is a business opportunity that we look at. We want to support that going forward,” said Wayne DeCarlo, vice president of mil-aero and mainstream sales at Photronics.

To be sure, though, the Trusted Foundry program is in flux. It’s evolving, but there won’t be any major changes overnight.

That could be a problem. Cyber-attacks are on the rise, and technology development is not slowing down. China, for one, is pouring billions of dollars into ICs, and it’s not exactly clear at this point what are the best ways to counter that effort.

Related Stories
GF Puts 7nm On Hold
Foundry forms ASIC subsidiary as it focuses on 14nm/12nm and above.
The Chiplet Race Begins
DARPA and a number of major vendors are backing this modular approach, but hurdles remain.