Secure by Design: Plug-and-Play Hardware Root of Trust with Promwad’s M.2 FPGA Module
Co-owner & Tech Expert at Promwad
You don’t need to redesign your server board to meet the EU Cyber Resilience Act or NIST SP 800-193. With Promwad’s new Secure M.2 RoT Module, you can plug advanced firmware protection directly into your existing platforms — from AI edge boxes to rack servers and industrial PCs.
This article walks through the real trade-offs between MCU and FPGA-based security, shows where the new module fits, and outlines how OEMs like Aetina, Supermicro, and Advantech can get to market faster — with post-quantum resilience built in. Whether you’re leading embedded security or managing platform compliance, this is your shortcut to hardware trust without the hardware overhaul.
According to the SANS Supply Chain Cybersecurity Forum 2025, enterprise-grade firmware remains a blind spot in telecom and data center infrastructure. Devices such as routers, VPN appliances, and BMC-enabled servers often lack basic protections like secure boot or runtime monitoring. This makes them prime targets for attackers seeking stealth, persistence, and early access into critical systems.
As Paul Asadoorian, Principal Security Researcher at Eclypsium, put it:
The Security Dilemma: MCU vs. FPGA Root of Trust
Choosing how to protect your firmware isn’t just about price — it’s about control, flexibility, and futureproofing. As embedded systems face more sophisticated attacks, designers are rethinking the foundation of trust in their architectures. At the heart of this shift lies a decision: secure the system with a fixed-function MCU, or move to a programmable FPGA-based root of trust?
MCU-based approaches — using chips from NXP, Infineon, or Microchip — offer:
- Lower cost and power
- Simple integration for secure boot and key storage
- Fast time-to-market
But they’re rigid: what you buy is what you get. No runtime upgrades, no deep customisation.
By contrast, FPGA-based security offers:
- Fully customisable root of trust logic
- Real-time SPI/I²C filtering and rollback mechanisms
- Greater resilience to side-channel attacks
- Support for post-quantum cryptography and modular updates
This comes at the cost of complexity — but opens the door to advanced use cases, compliance with upcoming cybersecurity mandates, and system-wide assurance that evolves with threats.
At a Glance: MCU vs FPGA Security for Root of Trust
| Feature / Capability | MCU-based Security | FPGA-based Security (e.g. MachXO5™-NX) |
| Custom Logic Support | Fixed functionality | Fully customisable |
| Secure Boot & Crypto Primitives | Built-in, limited options | Customisable stacks (e.g. Lattice Sentry) |
| Firmware Monitoring & Filtering | Rarely supported | Supported (real-time SPI/I²C filtering) |
| Side-Channel Attack Resistance | Basic (depends on chip) | Advanced |
| Post-Quantum Cryptography | Often requires silicon upgrade | Updateable in logic — no chip change required |
| Lifecycle Flexibility | One-time programmed | Field-upgradable |
So, if you’re building secure, upgradeable edge devices or gateways, FPGA-based RoT gives you the flexibility and protection you’ll need 3-5 years from now.
A Drop-In Root of Trust: The Promwad Secure M.2 Module
What if you could add advanced firmware protection without touching your baseboard? That’s the idea behind Promwad’s Secure M.2 RoT Module: a compact 22×42 mm card that brings full hardware root of trust and platform firmware resiliency.
Built around the Lattice MachXO5™-NX FPGA and designed for seamless integration, this module gives server and edge device manufacturers a fast track to compliance and runtime protection without disrupting their production roadmap.
Block Diagram: MachXO5™-NX
Reference compliance and certification trajectory
The MachXO5D™-NX family and Sentry 4.0 solution stack are marketed and available as a secure reference platform aimed at supporting pre-compliance and validation activities for security standards, such as NIST SP800-193, and are positioned for use in industrial applications where compliance with rigorous frameworks like IEC 62443 and ISASecure CSA is essential.
Key highlights of the Promwad Secure M.2 Module:
- Powered by Lattice MachXO5™-NX: the same FPGA platform supported by Lattice Sentry 4.0 for secure boot, firmware filtering, and device attestation.
- Built-in QSPI flash: stores golden images and rollback logic in a tamper-resistant format.
- M.2 Key B form factor. In some cases, it can be used as a plug-and-play solution with no redesign.
- Low power budget (<3W).
- Industrial-temp option (−40 to +100 °C): ready for deployment in harsh environments.
Designed to meet NIST SP 800-193 and FIPS 140-3 recommendations, this module helps OEMs meet today’s compliance requirements — and prepare for tomorrow’s post-quantum standards.
Built for the Edge: Where This Module Delivers
Security features only matter when they meet real-world constraints. That’s why Promwad designed its M.2 RoT Module to drop into the platforms you’re building today — across industrial, telecom, and data center environments. Whether it’s a rugged factory controller or a 1U rack server, this module brings firmware trust to the field without delay or redesign.
Industrial & Energy (IIoT, SCADA, Smart Grid, EV-chargers)
In power grids, EV-chargers, or SCADA environments, protecting firmware from tampering is non-negotiable. This module adds cryptographic verification, rollback protection, and runtime filtering to critical nodes — helping you meet IEC 62443 and NIST 800-193 without changing your motherboard. Works with x86 and ARM-based industrial PCs, even in harsh conditions.
Use Case: Lessons from the Field
In 2023–2024, security researchers at US Cyber Defence Agency uncovered multiple critical vulnerabilities in widely deployed industrial controllers, including Mitsubishi MELSEC Q/L and Omron PLCs (CVE-2023-22357). These flaws enabled attackers to bypass authentication, manipulate firmware, or execute arbitrary code — in some cases without any credentials.
The root cause? A lack of hardware-enforced firmware protections such as secure boot, cryptographic verification, or platform firmware resiliency. Without a dedicated root of trust, these devices remained vulnerable to persistent malware and firmware tampering, posing major threats to sectors like chemical processing, semiconductor fabrication, and power distribution.
FPGA-based security modules offer a robust defense against such threats by validating firmware integrity in real time, isolating critical boot logic, and enabling secure rollback — all without redesigning the host platform.
Source: US Cyber Defence Agency
Telecom & Networking
From baseband units to edge routers, telecom hardware needs security that evolves. The Promwad module enables hardware-assisted secure boot as a steppingstone toward SPDM, Zero Trust, and full DC-SCM migration — without halting your product cycle.
Use Case: When Protocols Become Attack Vectors
In 2024, malware strains like FrostyGoop began targeting IoT gateways and edge controllers used in telecom infrastructure and industrial networks. These devices often lacked secure firmware protections and were vulnerable to protocol-level exploits — notably through unauthenticated access via Modbus TCP.
By exploiting firmware-level weaknesses, attackers were able to manipulate industrial control functions, disrupt telecom service continuity, and establish persistent backdoors within critical network segments.
The absence of hardware-based root of trust made it nearly impossible to verify firmware integrity or restore a known-good state. In contrast, FPGA-based RoT modules can intercept and validate every SPI/I2C transaction in real time — preventing such tampering and enabling swift recovery.
Source: Cyberscoop.com
Data Center & Cloud Edge
If you’re running cloud edge boxes or OCP-based servers, this module lets you evaluate and deploy PFR (Platform Firmware Resilience) now, even if your baseboard doesn’t yet support it. Plug it into a Key B slot on sleds, appliances, or custom AI accelerators to achieve compliance with Cyber Resilience Act and Executive Order 14028.
Whether it’s a substation controller, a base station, or an AI inference box, Promwad’s M.2 module extends a hardware root of trust to the places that need it most — without waiting for a redesign.
Use Case: AMI Tektagon Platform RoT
A demonstration by AMI showcases a joint solution with Lattice Semiconductor for next-generation platform firmware resiliency (PFR). The project integrates the post-quantum ready Lattice MachXO5D™ FPGA with the AMI Tektagon Platform Root of Trust (RoT), forming a silicon-firmware bundle to protect system firmware in critical infrastructure, such as data centers and telco edge equipment.
This setup enables real-time firmware attestation and secure recovery, fully compliant with Intel PFR 4.0 requirements. It also supports CNSA 2.0 encryption to address future post-quantum threats. The solution exemplifies how tight coupling between hardware RoT and firmware logic can enforce robust, standards-compliant protection against unauthorized code execution and firmware corruption across the lifecycle of servers and cloud edge appliances.
Source: Lattice MachXO5D™ Videos
More Than a Module: What You Get with Promwad
Security isn’t a feature you bolt on. It’s a system-wide discipline — and that’s where Promwad goes beyond hardware. Our M.2 RoT module is the starting point, but our engineering team supports every step of your integration journey, from first test to full deployment.
Here’s what you get when you work with Promwad:
Custom Integration
We adapt the module’s interfaces, filtering logic, and flash layout to your platform — whether you're booting an x86 server, a Jetson carrier, or a telecom appliance. We also help with BIOS, BMC, or firmware adaptation to ensure seamless secure boot and recovery flow.
Compliance Readiness
Our architecture is designed for NIST SP 800-193, FIPS 140-3, and the upcoming EU Cyber Resilience Act or CRA (Regulation (EU) 2024/2847). We help you prepare for platform-level compliance by ensuring verifiable firmware integrity, secure logging, and physical isolation of the root of trust.
Flexible Business Models
Whether you need prototypes, licensed reference designs, or full-scale production modules, we adapt to your go-to-market plan. We offer OEM delivery with optional branding, or joint development for platform-specific security modules.
At Promwad, we don’t just ship modules. We help engineering leaders build a security foundation that lasts for years — and stands up to tomorrow’s regulations and threats.
Get Ahead of the Threat. Book Your Demo Today
The regulatory landscape is shifting fast, and attackers are moving faster. Waiting for your next platform refresh to implement hardware root of trust may not be an option. With Promwad’s Secure M.2 RoT Module, you can act now — without waiting on a board respin or SoC migration.
Engineering samples will be available in Q3 2025. Full production starts in early 2026.
| Market ready for: | Extra integration support can include: |
|
|
Secure boot. Firmware filtering. Post-quantum readiness.
Now with a PCIe M.2 card.
→ Book a live demo — remote or on-site at our Essen lab in Germany
→ Or visit promwad.com/lattice-secure-m2 for the full spec sheet
Our Case Studies in FPGA Design
