Supply Chain Assurance Certificate

Counterfeiting in electronic parts takes various forms, including black-topping and re-marking the devices to misrepresent the used devices as new, change the date codes, improve the speed grade or temperature grade. To prevent counterfeiting, both the device families incorporate an X.509-compliant device unique supply chain assurance certificate.

The supply chain assurance certificate cryptographically binds the DSN, date code, enabled features, and a public key with a digital signature in a way that can be validated internally by the device and externally by the user. Any mismatch between how the device is represented by its shipping paperwork, the label printed on its surface and the supply chain assurance certificate indicates the possibility of counterfeiting fraud.

The supply chain assurance certificate can be fetched by running device certificate system service. For more information about system services usage, see PolarFire FPGA and PolarFire SoC FPGA System Services User Guide. When the supply chain assurance certificate is exported, the DSN and public key are checked for consistency against the actual values encoded in the device. Internally regenerating the public key from the private key adds an additional layer of protection against cloning, since the encrypted value of the private key and its authentication tag depend on the SRAM-PUF, thus deeply binding the private key to that particular device. The signature on the certificate is also checked using the immutable trusted Microsemi public key (MCPK) stored in the device.