Security Is Critical For Commercial Chiplets

Experts at the Table: Semiconductor Engineering sat down to talk about the security issues and requirements in commercial chiplet ecosystem, with Frank Schirrmeister, vice president solutions and business development at Arteris; Mayank Bhatnagar, product marketing director in the Silicon Solutions Group at Cadence; Paul Karazuba, vice president of marketing at Expedera; Stephen Slater, EDA product management/integrating manager at Keysight; Kevin Rinebold, account technology manager for advanced packaging solutions at Siemens EDA; and Mick Posner, vice president of product management for high-performance computing IP solutions at Synopsys. What follows are excerpts of that discussion. To view part one, click here. Part two is here.

L-R: Arteris’ Schirrmeister; Cadence’s Bhatnagar; Expedera’s Karazuba; Keysight’s Slater; Siemens EDA’s Rinebold; and Synopsys’ Posner.

SE: Security is going to be paramount in chiplets. What do design teams and chip architects need to know here?

Karazuba: It’s hard enough to guarantee the provenance of monolithic silicon, especially, because even in a theoretical environment where silicon is fabbed in the same place that it is packaged, final tested, and shipped out, there are still ample opportunities for Trojans to be interjected, or man-in-the-middle attacks, whatever it might be. Chiplets are the Wild West of security. An ideal implementation where you have each chiplet with a secure element on board guaranteeing its provenance at all times, talking to all the other chiplets, and before anything actually happens inside of a multi-chip package, everything is guaranteed authentic — that’s an ideal implementation. But that’s a costly implementation from an IP perspective, and costly from the silicon perspective. Whether there’s the ability to fit that into a bill of materials is tough. That means people who use chiplets are going to have to make decisions largely based on cost and threat profiles of the kind of security they’re going to want to put in there. These are going to be tough choices. I don’t relish the job of the people who have to make those decisions because security should be a Day Zero consideration, and I’m not sure it’s going to be on a lot of these initial chiplet implementations.

Rinebold: I completely agree. It’s going to be a daunting task. It’s going to be managing an immense amount of data. It’s a data management problem. You have all of the revision tracking aspects of that including who’s touched it, when, how many times. Do we have the latest versions? And even when all that’s been done, how do you verify this? The comment was made earlier whether there is some built in verification IP that’s going out and touching all of the neighboring devices to make sure, ‘I’m supposed to be here. I’m functioning as expected.’ What I find interesting in some of the government programs I’ve been exposed to, is this is an underlying theme. It’s trust, traceability, provenance tracking, because again, so many of the defense industrial mil/aero-type customers are looking at chiplet-based, heterogeneous type based packaging as their next generation platform. So while it might be a bit of a daunting and overwhelming task, this is something we’ll get to. It’s just a matter of whether it’s going to be a 2-year horizon, a 3-year horizon, or a 10-year horizon.

Bhatnagar: One more aspect of security that you have to keep in mind here is the security of the application that is on the chip layer, but then also the security of the IP that is on the die layer, because the chiplets would be shipped without packaging — just as chiplets. And reverse engineering is a very mature reality that can happen. It can happen on package layer, as well, but it just adds one more layer. So that is something to be looked at. Also on the IP side, if you make a chiplet and it’s in the marketplace and being shipped all over, how you make sure that it is going only to your trusted partners and not bought by actors? You would not want your chiplets to go to market like that.

Posner: Yes, there are many aspects here. The key needs chiplet authentication so that, between chiplets, when they’re saying, ‘This is a system. This is the fingerprint. You know these are true and genuine chiplets.’ That’s one side of it. The other side is data integrity and encryption. When you’re implementing a confidential compute subsystem or system, every component fundamentally has to fit into this zero knowledge architecture. So even though the die-to-die links need to fundamentally have encryption, in a die-to-die space that’s going to add latency to some of the use modes where they’re trying to reduce latency. At the same time, in a zero knowledge architecture, that’s a requirement. From the hardware side, chiplet authentication, data integrity and encryption, and then supply chain — which is typically outside of our purview since we do not sell die, but that is also a key concern. The concern here is how to stop the reverse engineering of your silicon.

SE: What about the test aspect of security in chiplets? Are there security vulnerabilities for chiplets from the tester point of view?

Posner: Absolutely. The interface to the tester on a die — what is it? You’re going through a die-to-die link, and the same security holes that exist today if you’re going through JTAG or some high performance interface for the test, those holes remain, regardless of the end package.

SE: To wrap up, what do you see are the most interesting opportunities for chiplets?

Karazuba: The promise of ideal chiplet implementations for consumer products, industrial products, etc. That over-arching value of chiplets where everything you need and nothing you don’t. It sounds wonderful from a design perspective.

Bhatnagar: Democratization of a chiplet ecosystem provides opportunity for smaller players to get into chip design without having to design the whole thing. We will definitely see improvements in that aspect, and people competing for small portions, like multiple vendors available for one type of chiplet. Overall, it will reduce the cost of the uncertainties and bring more research into this field. That is definitely very exciting.

Slater: It’s creating an ecosystem where there are many more players that are able to get into the market — everything from who’s producing IP today until you get design wins and start to build up that credibility. Usually, to do that you need to be backed by a bigger company in order to make those first. I would hope that in the world of chiplets, you could design a chiplet, you’d prove and test that your chiplet interface works, and that’s enough. There could be a lot more trust because you’ve tested all the interfaces and they comply to UCIe. That would be my hope.

Rinebold: One thing that surprises me, and we’ll probably see more of this as there’s broader adoption of chiplet and heterogeneous technology, is there’s going to be a pointed diminishing return, depending on the number of die you can integrate within the package. Is that 10 die? Is that 30 die? Is that 50 die? That number is going to be different for everybody. Some companies have discarded discovering that. Overall, there are yield issues there. So what that exact number is will be different based on the types of devices, the number of devices, underlying substrate technology, testability, and so on. The challenge for some of these companies going out and adopting this is what’s that right number, and how do you strike the balance across all these different characteristics?

Posner: The vision of a chiplet marketplace has really been the catalyst and springboard for this major inflection point. Multi-die systems have actually been around for 10-plus years, but suddenly in the last year it’s across all applications. It’s driving so much innovation. I’ve not seeing a new interface IP or whole new protocols of this size being introduced to the market, so this is really an enabler to scale for the next generation of system design.

Schirrmeister: What’s especially exciting is it’s addressing an issue, which otherwise would cause severe halting effects a couple of years down the road. So to me it’s actually not optional. I’m excited about this because it gives us new protocols, new sensitization, new partners to work with in all this. But I’m also excited that it’s really progress on the overall semiconductor roadmap, because without it we wouldn’t be able to get all the innovation.