Please fill in the form below, so we can support you in your request.
Please fill in the form below, so we can support you in your request.


    ASICAMD (Xilinx)AchronixIntel (Altera)LatticeMicrochip (MicroSemi)Other

    X
    CONTACT MLE
    Contact MLE for Solutions
    Please fill in the form below, so we can send you the relevant information regarding our Solutions.

      By submitting this form you are consenting to being contacted by the MLE via email and receiving marketing information.

      X
      CONTACT MLE

      Security & Trust

      Security & Trust

      FPGA-Based Security Solutions

      Since October 2024 the European Union has adopted the Cyber Resilience Act (CRA) which covers all products that are directly or indirectly connected to other devices or networks, including those requiring high-speed, low latency data transfer.

      To help customers meet these new cybersecurity requirements, MLE provides a range of security solutions, including OP-TEE, Smart Data Diodes, Secure or Encrypted Networking, on top of network accelerators and NVMe accelerators for both modern and legacy FPGA systems.

      OP-TEE

      Open Portable Trusted Execution Environment

      OP-TEE

      The Open Portable Trusted Execution Environment (OP-TEE) is an open-source, small, secure operating system which, after authentication and decryption, gets loaded in a secured area in the memory.  MLE OP-TEE solutions for AMD/Xilinx Zynq UltraScale+ MPSoC / RFSoC and Versal include device-specific optimizations, customization and product life cycle support.

      OP-TEE for AMD/Xilinx Versal
      OP-TEE for AMD/Xilinx MPSoC
      OP-TEE for AMD/Xilinx RFSoC

      Smart Data Diodes

       

      Smart Data Diode

      MLE combines Network Accelerators with Smart Data Diodes to enable secure, high-speed data transfer and video streaming between networks with different security classifications.

      Smart Data Diode for AMD/Xilinx FPGAs
      Smart Data Diode for Altera/Intel FPGAs

      Secure Networking

      Secure Networking

      MLE partners with Xiphera, a leading provider of cryptographic IP solutions, to deliver multi-level security capabilities built on top of MLE’s network accelerators, enabling secure, reliable, and high-speed data transfer across industrial, data center, aerospace, defense, transportation, telecommunications, and financial applications.

      Encrypted Network Accelerator Solutions (ENAS)
      Media Access Control Security (MACsec)
      Internet Protocol security (IPsec)
      Transport Layer Security 1.3 (TLS 1.3)

      Upgrade Legacy Systems

      Security for Legacy System

      MLE has started to work with FPGA vendors on system upgrades and “bump-on-the-wire” solutions to bring security to upgrade existing legacy systems with better security. 

      Auto/RPS SDV Prototyping

      , , ,

      Automotive Rapid Prototyping System (Auto/RPS)

      MLE provides an FPGA-based Rapid Prototyping System (RPS) catering to the specific needs of automotive engineers designing next-generation Zone Based Architectures.

      MLE Auto/RPS enables automotive system engineers to design and to validate software-defined vehicle (SDV) functions along with MLE Auto/TSN in-vehicle networking. 

      MLE Auto/RPS was designed as a shortcut into A-sample hardware development of Zonal Gateways / ECUs and implements an FPGA Full System Stack based on the Trenz Electronic TE0950-02 SoC-FPGA Development Kit featuring the AMD Versal AI Edge FPGA, and an automotive FPGA subsystem from MLE.

      Inquire Now
      Edit Template

      Features and Benefits

      • Based on open standards and open-source software
      • Support for multiple, different sensor inputs
      • Backbone connectivity up to 100 Gbps
      • Open-source real-time operating systems 
      • Multi-core ARM processing system
      • Flexible, adaptable FPGA design for implementing data acquisition and data preprocessing (DADP)
      • Supports Secure OTA via ARM OP-TEE Trusted Execution Environment (optional)

      IO Interfaces

      • 12 V DC power supply
      • 1 Gig Ethernet
      • USB 2.0 for JTAG and console
      • 2x ports for 25G Ethernet (up to 4 ports optional)
      • MIPI CSI-2 x2 Camera Input (optional)
      • GMSL (via optional adapter AD-GMSL2ETH-SL)
      • Up to 2x CAN-FD (via CRUVI HS) (optional)
      • Up to 2x CAN 2.0B (via CRUVI HS) (optional)
      • PCIe 4.0 x4 NVMe M.2 SSD via Opsero FMC with 4x GTYP for (optional)

      Processing Functionality

      • Dual-core ARM Cortex A72
      • Dual-core ARM Cortex R5F
      • 8 GB DDR4 DRAM
      • 128 MByte SPI Flash (primary boot option)
      • 32 GB eMMC (secondary boot option)
      • MicroSD Card (for Linux root file system, for example)
      • 150k LUTs
      • 464 DSP Engines 
      • 34 AI Engines-ML with up to 45 TOPS INT8
      Industrial Networking Acceleration FPGA Subsystem - Processing Functionality

      Dual-Core ARM Cortex-A72 Software Environment

      • Ubuntu 2024.04 LTS (pre-installed)
      • Linux OS Debian 12 PREEMPT_RT (optional)
      • Yocto project design flow (optional)
      • AMD/Xilinx Petalinux (optional)
      AMD Versal Portfolio
      https://www.xilinx.com/products/design-tools/embedded-software.html

      Dual-Core ARM Cortex-R5F Software Environment (optional)

      • FreeRTOS (optional)
      Dual-Core ARM Cortex-R5F Software Architecture

      FPGA System Block Diagram

      Industrial Networking Acceleration FPGA Subsystem - Block Diagram

      FPGA Development Kit

      Auto/RPS-TE-0950-25G

      • Hardware based on  TE0950 AMD Versal™ AI Edge Evalboard from Trenz Electronic
      • Features the AMD Versal™ AI Edge VE2302-1LSE
      • FPGA Full System Stack for MLE Auto/TSN 2x25G
      • Ubuntu 24.04 LTS for ARM
      • Customized MLE Auto/TSN Linux kernel 6.6.10
      • 12 VDC for lab and table top operation

      Pricing and Availability

      Product NameDeliverablesExample Pricing
      Rapid Prototyping System (Base) AUTORPS-TE-0950-25GFPGA Full System Stack for MLE Auto/TSN stack for 2x 25 GigE comprising hardware (FPGA board, power supply, active cooling, enclosure), system FPGA config (bitfile and rootfs).

      $3,880,- per unit ( MOQ 2 units)
      Purchase at Trenz Electronics Shop

      System FPGA Development KitAMD/Xilinx Vivado Design Project plus Commercial Single-Project-Use License delivered as encrypted netlists or RTL.Please Inquire
      Application-specific R&D ServicesAdvanced FPGA design services with access to acceleration experts from MLE.$1,880.- per engineering day (or fixed price project fee)
      Inquire Now
      Edit Template

      Documentation

      Encrypted Network Accelerator Solutions

      FPGA TCP/UPD/IP - Network Protocol Accelerator Platform (NPAP)

      Encrypted Network

      Accelerator Solutions (ENAS)

      Encrypted Network Accelerator Solutions (ENAS) with High-level Security

      TCP-TLS 1.3 for Secure 10/25/50 GigE

      Encrypted Network Accelerator Solutions (ENAS) are joint solutions of MLE’s TCP/IP Network Protocol Accelerator Platform (NPAP) and Xiphera’s TLS 1.3 to ensure secure and reliable connection between devices over LAN and WAN. It implements Transport Layer Security (TLS), a cryptographic protocol that provides end-to-end data security, on top of the Transmission Control Protocol (TCP) layer.

      ENAS is designed with hardware-based high-level security and enables high-bandwidth, low-latency communication for FPGA-based systems. The TCP-TLS 1.3 IP core can accelerate the device network up to 10/25/50G Ethernet line rates with data being protected through high-speed, hardware-based encryption and decryption under TLS 1.3. All the cryptographic mathematical operations are performed entirely in the FPGA, and the keys are stored in dedicated internal FPGA memory.

      Since the TCP/IP stack and the TLS 1.3 security protocol – including importantly both key exchange and key management – are both executed entirely in hardware, the joint solution has both scalable high-speed performance and minimise attack surface, especially when compared to a software-based approach. The FPGA hereby utilises the hardware Root of Trust, best suited for applications like critical communication in defense, space technology, and energy production and distribution .

      Encrypted Network Acceleration Solution - NPAP Block Diagram with TLS
      Product Availability Matrix by FPGA Vendors
      Edit Template

      Core Benefits

      • Resource-optimised IP core available for FPGAs and ASIC designs
      • High-speed traffic encryption and decryption
      • Secure design – Isolated processing and key management
      • All communication layers pre-designed for effective and fast integration

      Key Features

      • Highly modular TCP/UDP/IP stack with line rate up to 70Gbps in FPGA
      • Compact TLS 1.3 implementation
      • Hardware-based key management for IEC 62443 SL 3
      • Encrypted throughput of 10/25/50 Gbps
      • 128-bit bi-directional data paths with streaming interfaces
      • Multiple, parallel TCP engines for scalable processing

      Secure Communications for Applications Like

      • FPGA-based SmartNICs
      • In-Network Compute Acceleration (INCA)
      • Networked storage, such as iSCSI
      • Test & Measurement connectivity
      • Automotive backbone connectivity
      • System-of-Systems communication
      • Mission-critical environments

      Resource Utilization Estimation for 10GbE

      AMD/Xilinx Zynq Ultrascale+ LUT FFs RAMB 36 RAMBI 8 DSP 48
      NPAP ( Including MAC, ETH, IPv4, UDP, 3x TCP)* 33,500 35,000 71 10 6
      TLS1.3 (Including Crypto Engine, Key storage and
      handling)*      		 43,000 28,000 25 18 4
      Total 76,500 63,000 96 28 4

      Pricing

      MLE’s Encrypted Network Accelerator Solutions (ENAS) is available as a combination of Intellectual Property (IP) Cores, reference designs, and design integration services:

      Product Name Deliverables Example Pricing
      Network Processing Device Integrated processing device solution, built on top of leading FPGA technology, encapsulating one or more Encrypted Network Accelerators for 10GbE, 25GbE and/or 50GbE.

      Based on NRE and unit volume 

      Inquire
      Intellectual Property (IP) Cores Single-Project or Multi-Project Use; ASIC or FPGA; Modular and application-specific IP cores, and example design projects; delivered as encrypted netlists or RTL. Inquire
      Evaluation Reference Design (ERD) Available upon request as FPGA design project, with optional customizations (different target device, different transceivers, etc) free-of-charge
      Application-specific R&D Services Advanced network protocol acceleration R&D services with access to acceleration experts from MLE and/or Xiphera. $1,880.- per engineering day 
      Product Availability Matrix by FPGA Vendors
      Inquire Now
      Edit Template

      Documentation

      Xiphera Ltd.

      Xiphera

      Xiphera, Ltd, is a Finnish company designing hardware-based security solutions using standardised cryptographic algorithms. We have strong cryptographic expertise, extensive experience in system design, and deep knowledge on reprogrammable logic, enabling us to protect our customers’ critical information and assets.

      Xiphera’s product portfolio consists of secure and efficient cryptographic Intellectual Property (IP) cores, designed directly for Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs). Our widely applicable solutions for various end markets offer our customers peace of mind in a dangerous world.

      Robo/TSN

      ,

      Robo/TSN - Network Virtualization and Acceleration for Converged OT/IT Infrastructure. The “missing link” to run state-of-the-art virtualized IEC 61131-3 PLC software on modern cloud infrastructure

      Situation

      • Proprietary PLCs and IPCs cause significant costs for maintenance and modifications. Being closed systems, cloud connectivity and AI adoption is hampered. 
      • Security compliance is hard as many legacy fieldbus protocols are difficult to protect.

      Proposal - Convering IT/OT with Robo/TSN

      We propose a converged OT/IT infrastructure based on open standards that: 

      • Uses State-of-the-Art security mechanisms
      • Provides scalability and flexibility to run Your AI
      • Improves Overall Equipment Effectiveness (OEE)
      • Runs virtualized PLCs on open standard servers
      • Connects with installed fieldbus I/Os on Your Factory Floor

      Robo/TSN is fully transparent and backwards compatible with legacy protocols. To mitigate risks, Robo/TSN can be introduced step-by-step, without changes to the PLC software.

      Benefits

      Openness has greatly benefited other industries like automotive, aerospace, banking, datacenters and - finally - OT:

      No vendor lock-in, higher flexibility and better long-term-availability

      Robo/TSN utilizes open standards protocols, open-source software and, if desired, even open-source hardware.

      Cost reduction

      Virtualization enables system scalability and flexibility while allowing centralized maintenance and configuration. This improves Overall Equipment Effectiveness (OEE) and reduces Development Time.

      Meets today’s cyber security requirements

      Robo/TSN can use PQC for data transfers to protect against tampering or man-in-the middle attacks, for example.

      Opens-up use of AI

      Real-time process data and code is centralized, more flexibility in manufacturing flow management. OT becomes open and scalable to run Your AI!

      Remove the Barriers in Your OT!

      Contact us to join our Early Access Program to validate Robo/TSN in Your environment – and together with others shape the future of open, AI-ready OT infrastructure!

      Contact Us

      How Does Robo/TSN Work?

      MLE has developed breakthrough network virtualization technology that can be applied to existing IT network infrastructure to securely “tunnel” OT fieldbus protocols to connect IT infrastructure with existing sensors and actuators on the factory floor – fast, safe, secure, and always on-time. Now, You can add connections without adding wires

      Robo/TSN has two sides that make it all work:

      1. SmartNICs in the servers connect a Factory Cloud with existing multi-Gigabit Ethernet-based IT networks, effectively forming the Robo/TSN.
      2. Access Points on the Factory Floor connect sensors and actuators in automation cells with Robo/TSN, effectively connecting the virtualized PLCs.

      Hardware Acceleration for Bandwidth and Hard Real-Time

      Hardware-based network protocol accelerators on either side guarantee high-accuracy time synchronization and low, deterministic transport times measured in micro-seconds – fast enough for high-data rate sensors and for motion-control with hard real-time constraints. 

      Hardened Security

      Hardware-based Post Quantum Cryptography (PQC) engines on either side secure the connections and protect all data in-flight.

      High-Speed Sensor Interfaces

      Cameras, Radar, Lidar sensors can be connected using common industrial or consumer protocols such as MIPI CSI-2 or GMSL2 or GigEVision or PCIe or else.

      Technical Specifications

      Based on modern, cost-optimized FPGA device technology from leading vendors, Robo/TSN provides an extensible platform to accommodate changes over the life-cycle and to support the many industry protocols, even EOL’ed or in-house protocols. 

      The following is an (incomplete) list of standards and specifications for Robo/TSN:

      • IT Standards Supported
      • PCI-SIG CEM 3.0, or newer, FHHL formfactor
      • OCP 3.0 Open Compute Platform formfactor
      • PCI Express 3.1, or newer, for typical server installations 
      • PCI Express 5.0, or newer, for advanced integrity and confidentiality
      • IEEE 802.3ae (2002) for 10 Gigabit Ethernet over fiber
      • IEEE 802.3an (2006) for 10 Gigabit Ethernet over twisted-pair copper (10GBASE-T)
      • IEEE 802.3by (2016) for 25 Gigabit Ethernet 
      • IEEE 802.3cd (2018) for 50 Gigabit Ethernet (using PAM4)
      • IEEE 802.3ba (2010) for 100 Gigabit Ethernet (10 lanes at 10 Gbps)
      • IEEE 802.3bm (2015) for 100 Gigabit Ethernet (4 lanes at 25 Gbps)
      • IEEE 802.3ck (2022) for 100 Gigabit Ethernet (single lane)
      • IETF Internet Protocol IPv4
      • Reliable transports via IETF TCP/IP and/or Quad-RP/IP
      • OT Standards Supported
      • IEC 61158 / IEC 61784 EtherCAT 
      • IEC 61158 / IEC 61784 ProfiNET
      • CC-Link IE TSN
      • CIA301 CANopen
      • and more
      • Security Standards Supported
      • Time Synchronization Standards Supported
      • IEEE 1588v2 Precision Time Protocol (PTP)
      • IEEE 802.1AS Time-Sensitive Networking (TSN) Time Synchronization
      • IEEE 1588-2019 (HA Profile) Precision Time Synchronization (a.k.a. CERN White Rabbit), or MLE “Light Rabbit”
      • and more
      • Time-Sensitive Networking Standards Supported
      • IEEE 802.1Qav Credit Based Traffic Shaper
      • IEEE 802.1Qbv Scheduled Traffic
      • IEEE 802.1Qcr Async Traffic Shaping
      • IEEE 802.1CB Frame Replication & Elimination (optional)
      • and more

      Robo/TSN SmartNIC for Industrial Network

      MLE NPAC-Ketch SmartNIC Card
      • Linux device drivers (GPL sources)
      • Application-specific expert design service 
      • Appliance implementation
      • License for ASIC/ FPGA Full System Stack
      • Pre-configured SmartNIC PCIe-Card, ready-to-run
      Inquire Now
      Edit Template

      Documentation

      Edit Template

      Fraunhofer Heinrich-Hertz Institute

      Founded in 1949, the German Fraunhofer-Gesellschaft undertakes applied research of direct utility to private and public enterprise and of wide benefit to society. With a workforce of over 23,000, the Fraunhofer-Gesellschaft is Europe’s biggest organization for applied research, and currently operates a total of 67 institutes and research units. The organization’s core task is to carry out research of practical utility in close cooperation with its customers from industry and the public sector.
      Fraunhofer HHI was founded in 1928 as “Heinrich-Hertz-Institut für Schwingungs- forschung“ and joined in 2003 the Fraunhofer-Gesellschaft as the “Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institut„. Today it is the leading research institute for networking and telecommunications technology, “Driving the Gigabit Society” .

       

      Fraunhofer Institute for Photonic Microsystems

      Fraunhofer IPMS is a worldwide leader in research and development services for electronic and photonic microsystems in the fields of Smart Industrial Solutions, Medical & Health applications and Improved Quality of Life. Innovative products can be found in all large markets – such as ICT, consumer products, automobile technology, semiconductor technology, measurement and medical technology – products which are based upon various technology developed at Fraunhofer IPMS.

      Auto/TSN

      Auto/TSN

      In-Vehicle Network - Auto/TSN

      Auto/TSN stands for automotive data over Time-Sensitive Networks which is an in-vehicle network infrastructure based on open standards such as IEEE Ethernet. Auto/TSN is the results of a collaborative effort between MLE and MLE partners from Fraunhofer.

      Fundamentally, Auto/TSN virtualizes the in-vehicle network infrastructure: Key objective is to reduce costs, increase scalability and enable upgradability for next-generation automotive architectures including electric and/or autonomous vehicles.

      in-vehicle network

      By tunneling sensor data along with PCIe and NVMe over Real-Time Multi-Gigabit Automotive Ethernet Auto/TSN simplifies the wire harness and enables more centralized architectures with higher levels of hardware / software integration. By offering PCIe as a common interface (for sensor-to-CPU and CPU-to-CPU connectivity) Auto/TSN different semiconductor SoCs become interchangeable. This significantly reduces semiconductor dependencies and infrastructure costs at the same time.

      Auto/TSN is highly scalable and supports line-rates up to 50 Gbps in FPGA and 100 Gbps in ASIC. It is agnostic to the physical layer and can, for example, run over the new IEEE 802.3cz-2023 optical fiber standard for automotive

      Based on IPv4, the space for addressing nodes is 32 bits wide. The small hardware footprint allows zonal gateways with many ports. Auto/TSN is “software-defined” and builds from open standards such as IEEE 802.1Q TSN, IEEE 802.3 Ethernet, IETF TCP/IP, MIPI CSI-2, PCIe 4.0 and NVMe 1.4 and open-source Linux which eases hardware / software / system upgradability.

      Features & Benefits of In-Vehicle Network Auto/TSN

      Auto/TSN is a network infrastructure with a system/software focus which reduces the complexity of connecting sensors and centralized computers because it follows de-facto standards of open source network APIs such as RDMA, Linux netdev or SOME/IP.

      Benefits include:

      • Significant cost-down for in-vehicle networking and wire harnesses
      • Digital circuit implementation for zero CPU load
      • Deterministic and very low transport latencies, typ. within 5 micro-seconds
      • Low footprint enables ASIC or FPGA implementation

      The current implementation of TSN supports time-synchronization (IEEE 802.1AS) with 20 nanosecond precision, traffic shaping (IEEE 802.1Qav, 802.1Qbv), frame replication (IEEE 802.1CB) and stream prioritization (IEEE 802.1Qat) for high reliability, low-cost redundancy for functional safety and real-time behavior. Because for PCIe “best effort” is not sufficient, Auto/TSN implements a reliable transport on top of TSN which is compliant to IETF TCP/IP.

      For in-vehicle network security Auto/TSN can be complemented with state-of-the-art IEEE 802.1AE MAC Security Entities (MACsec) and/or IETF RFC 6071 Internet Protocol Security (IPsec) and/or IETF RFC8446 Transport Layer Security (TLS).

      Various Connectivity Schemes are supported:

      • Single CPU (PCIe Root-Port) to multiple devices (PCIe Endpoints)
      • Single CPU to multiple SSDs via NVM Express (NVMe)
      • Multiple CPUIs to multiple NVMe SSDs (via NVMe proxy)
      • Multiple CPUs to multiple CPUs via Inter-System Bridge (a.k.a. PCIe NTB)
      • Asymmetric sensor connectivity, e.g. MIPI CSI-2 to PCIe
      • IEEE 1722 style video transport
      in-vehicle network - Auto/TSN over 10G/25G/50G Ethernet

      Data-in-motion processing runs on dedicated on-chip full accelerators and frees up the CPUs from protocol handling. Our patented and patent-pending Heterogeneous Packet-Based Transport mechanism packetizes and de-packetizes PCIe, MIPI CSI-2 and other packet-based protocols and features low protocol overhead for high bandwidth and low and deterministic micro-second transport latency.

      PCIe Over Auto/TSN

      Auto/TSN implements a PCIe switch compliant with PCI-SIG Base Specification 3.0 (or newer) and NVM Express Specification 1.2 (or newer).

      PCIe Inter-System-Bridge for Auto/TSN

      Integrated PCIe Inter-System Bridges (a.k.a Non Transparent Bridges / NTB) enable CPU-to-CPU connectivity. The PCIe Inter-System Bridges use a least-cost write-only protocol to deliver very high read/write performance. This allows direct connectivity between sensors and multiple CPUs, GPUs, FPGA, SoCs, peripherals and next-generation storage within the entire vehicle.

      MIPI CSI-2 Over Auto/TSN

      Image sensors can connect via standard MIPI D-PHY and MIPI CSI-2, or else. Multicast functionality transports data from each image sensor to one, or more, central compute units under real-time conditions. Hence, Auto/TSN allows symmetric (e.g. PCIe-to-PCIe) and asymmetric (e.g. MIPI CSI-2-to-PCIe) communication schemes.​

      IEEE 1722 Video Transport Over Auto/TSN

      Complementing the MIPI CSI-2 over Auto/TSN transport, MLE has also implemented a solution that follows the Raw Video PDU Format from IEEE 1722.Similarly, this IEEE 1722 Raw PDU Transport supports point-to-point connectivity or multicast where one sensor's image data can be sent to multiple CPUs simultaneously.

      Availability

      Auto/TSN is available as a licensable integrated subsystem stack comprising digital circuit implementations and device driver software. This business model gives OEMs and Tier1s full control over how to integrate, either as a dedicated semiconductor component, or as modular function blocks inside a custom System-on-Chip with additional customer-specified functionality.

      MLE has been working with key semiconductor partners to deliver FPGA and ASIC based implementations of Auto/TSN ready for design and for production. Our early access program supports OEMs and Tier1s to perform in-house benchmarking and validation of Auto/TSN.

      Current implementations support gateway nodes with PCIe 3.0 and NVMe 1.2 with up to 4 lanes and with 5 or 8 GT/s, MIPI D-PHY 2.0 with up to 4 lanes and 2 Gbps and MIPI CSI-2 2.0 and up to 8 1G/10G Ethernet ports over copper or over fiber. “Lab Cars” based on professional 3rd party ASIC hardware emulators are available upon request.

      in-vehicle network - labcar

      Documentation

      Fraunhofer Heinrich-Hertz Institute

      Founded in 1949, the German Fraunhofer-Gesellschaft undertakes applied research of direct utility to private and public enterprise and of wide benefit to society. With a workforce of over 23,000, the Fraunhofer-Gesellschaft is Europe’s biggest organization for applied research, and currently operates a total of 67 institutes and research units. The organization’s core task is to carry out research of practical utility in close cooperation with its customers from industry and the public sector.
      Fraunhofer HHI was founded in 1928 as “Heinrich-Hertz-Institut für Schwingungs- forschung“ and joined in 2003 the Fraunhofer-Gesellschaft as the “Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institut„. Today it is the leading research institute for networking and telecommunications technology, “Driving the Gigabit Society” .

       

      Fraunhofer Institute for Photonic Microsystems

      Fraunhofer IPMS is a worldwide leader in research and development services for electronic and photonic microsystems in the fields of Smart Industrial Solutions, Medical & Health applications and Improved Quality of Life. Innovative products can be found in all large markets – such as ICT, consumer products, automobile technology, semiconductor technology, measurement and medical technology – products which are based upon various technology developed at Fraunhofer IPMS.

      OP-TEE

      OP-TEE
      Open Portable Trusted Execution Environment

      The Open Portable Trusted Execution Environment (OP-TEE) is an open-source, small, secure operating system which, after authentication and decryption, gets loaded in an secured area in the memory. A rich OS (e. g. Xilinx PetaLinunx) driver can request, via a Secure Monitor Call, the execution of a trusted application.

      OP-TEE is an Open-Source initiative driven by a Linaro team who maintains the code and makes it available for download at GitHub.

      MLE took the effort to port OP-TEE to AMD/Xilinx Zynq UltraScale+ MPSoC / RFSoC and Versal devices and included device specific optimizations. The outcome is two-fold: Tightly integrated Open-Source maintained by experts of FPGA System-on-Chip and ACAP technology. And, additional professional services for customization and product life cycle support.

      Key Features of OP-TEE in FPGAs

      • Enables running secure & trusted applications from within a rich Linux operating system
      • Utilizes standard ARM Trusted Execution Environment (TEE)
      • Utilizes advanced security functions in Xilinx Zynq UltraScale+ MPSoC / RFSoC and Versal devices
      • Optional hardware acceleration for AES-CGM, RSA, SHA3, etc
      • Optional secure key handling with integrated PUF (Physically Unclonable Function) support
      • Optional handling for integrated eFUSE burning
      • Secure and non-secure bitstream loading
      • Support for custom secure functions in Programmable Logic
      MLE OP-TEE Full Architecture

      Applications

      • Secure data storage
      • Secure communication
      • Secure Over-the-Air (SOTA) updates
      • Key to meet compliance with standards such as IEC 62443, IEC 27001 etc
      • Protect Functional Safety (SIL, ASIL) related designs
      • Secure touch inputs
      • Secure key handling

      Pricing

      MLE OP-TEE is available as pure Open-Source or as a professionally maintained source code deliverable:

      Product Name Deliverables Pricing
      OP-TEE Open-Source Edition (OP-TEE Free) Licensed under BSD / Linaro terms and available for download from GitHub. Free of charge
      Download Now
      OP-TEE Professional Edition (OP-TEE PRO) MLE Single-Site or Multi-Site Source Code License. Delivered by MLE in electronic form. Annual subscription fees starting at $42,800.-
      Application / Project specific Expert Design Services System-level design, modeling, implementation and test for realizing Domain-Specific Secure appplications. $1,880.- per engineering day (or fixed price project fee)

      OP-TEE Free

      (Open Source Edition)

      The OP-TEE Open Source Edition for Zynq UltraScale+ MPSoC / RFSoC and Versal is licensed under Linaro / BSD license as Open Source and comes with all source code and necessary packages. This version is ideal to explore the TEE world and develop your own trusted application. 

      Key Features and Benefits:

      • Open Source and Free of Charge
      • Runs in external PS-attached DDR memory
      • No Hardware acceleration for AES, RSA, SHA3
      • No access to PUF

      OP-TEE PRO

      (Professional Edition)

      MLE OP-TEE PRO can be licensed from MLE and will provide all source code and necessary packages to run OP-TEE on Zynq UltraScale+ MPSoC / RFSoC and Versal.

      Key Features and Benefits:

      • Hardware acceleration for AES
      • Hardware acceleration for RSA
      • Hardware acceleration for SHA3
      • With secure boot: access to PUF (Physical Uncloneable Function) functionality
      • Can load OP-TEE into TCM
      Product Availability Matrix by FPGA Vendors
      Inquire Now

      Comparison Between OP-TEE Free And OP-TEE PRO

      Functionality Supported

      OP-TEE Free

      OP-TEE PRO

      OP-TEE Basic functionality
      Trusted Applications with your own secure application
      Secure Paging (Hashed DDR Memory)
      Testsuite (10k+ Test Cases for selftest)

      (extended)

      AES-GCM (Xilinx CSU hardware accelerated)
      RSA (Xilinx CSU hardware accelerated)
      SHA3 (Xilinx CSU hardware accelerated)
      Secure Key handling with Physical Unclonable Function (PUF)
      Support for eFuse burning
      Secure/Nonsecure Bitstream Loading
      Performance Measurement of context switch or Trusted Application
      Custom Secure PL Functions
      Inquire
      Inquire

      Documentation

      Edit Template

      Frequently Asked Questions

      Most of the Zynq UltraScale+ MPSoC / RFSoC and Versal specific code for OP-TEE is currently going upstream to become part of the free open-source edition.

      However, there are functions of Zynq UltraScale+ MPSoC / RFSoC and Versal which require special handling, like the one-time-programmable eFuses, or support for custom secure PL functions, for example. Such device and/or application specific security functions of Zynq UltraScale+ MPSoC / RFSoC and Versal will be covered only by the PRO edition. Please refer to the comparison table above.

      Yes, MLE ships source code for OP-TEE PRO. Those Zynq UltraScale+ MPSoC / RFSoC and Versal platform specific code portions are available today and have passed review by the Xilinx Security Center of Excellence (COE). The most recent review was November 2019.

      OP-TEE Free is free-of-charge open-source software (FOSS) and can be downloaded from here: https://github.com/OP-TEE/ under a BSD 2-Clause License.

      Solutions

      Network Acceleration and Security Solutions

      Solutions

      FPGA-Based Accelerators and Security Solutions

      To meet the growing demands of modern systems for higher data throughputs, lower processing latencies and heightened security, MLE leverages FPGAs to accelerate software-rich system stacks and protocols. Our solutions typically ship as FPGA Full System Stacks comprising software (based on Linux), hardware (based on vetted 3rd party FPGA boards), and FPGA design projects.

      Automotive

      Modern Zone-based automotive architectures require high data rates and real-time behavior at the same time. MLE solutions include stacks and subsystems for in-vehicle networking, and prototyping systems for efficient development and testing.

      Auto/TSN In-Vehicle Networks
      Auto/RPS - Zonal Gateway /ECU Prototyping
      Long-Range Tunnel for ADAS Sensors

      Industrial & Robotics

      FPGA solutions for industrial robots

      Generative AI and high data rate machine vision push bandwidth demands for real-time industrial networks beyond 10 Gbps. MLE solution include SmartNICs and access points for low-latency, low-jitter real-time networking, and for virtualizing PLCs.

      Robo/TSN Industrial Networking
      Industrial Connectivity Prototyping
      Smart Data Diodes

      Wired & Wireless Communication

      MLE provides FPGA Function Accelerator Cards and SmartNICs for wired and wireless communications. A unique combination of technology from Fraunhofer HHI plus MLE’s patented and patent-pending Full Accelerators accelerates Software-Defined Networking (SDN) and SD-WAN.

      TCP/UDP/IP Network Protocol Accelerator Platform
      FPGA Function Accelerator Cards
      SDN and SD-WAN Accelerators
      FPGA SmartNIC with TCP/UDP/IP Acceleration
      Smart Data Diodes

      Storage Solutions

       

      Next-generation storage protocols such as NVMExpress (NVMe) provide significant performance benefits and, when combined with FPGAs, can be used as storage acceleration IP cores for Computational Storage, Data-in-Motion processing and high-speed data capture and recording.

      NVMe Fast FPGA RAID (FFRAID) Cards
      NVMe Fast FPGA RAID (FFRAID) Recorder
      PCIe 3.0/4.0/5.0 NVMe Streamer
      Key-Value-Store (KVS) Accelerator for Data Center Storage

      Test & Measurement

      MLE has been working with 3rd party system companies to deliver reliable, customizable turnkey solutions for high-speed data acquisition, recording and replay, as they often are needed in Test & Measurement systems for automotive, aerospace, defense, industrial, etc.

      100/200/400G NVMe FPGA RAID
      High-Speed Data Recording
      High-Speed NVMe Streaming

      Security and Trust

      MLE provides solutions to secure products based on FPGA technology: MLE has ported OP-TEE to AMD/Xilinx Zynq UltraScale+ MPSoC / RFSoC and Versal including support for black keys, PUFs, eFUSES, etc. Furthermore, MLE has introduced networking security products for deep packet inspection and Smart Data Diodes, and high-speed TCP/UDP/IP Encrypted Network Accelerator Solutions (ENAS).

      Open Portable Trusted Execution Environment (OP-TEE)
      Smart Data Diodes
      Encrypted Network Accelerator Solutions (ENAS)