Private Island: Open Source FPGA-Based Network Processor for Privacy, Security, IoT, and Control

Overview

Private Island™ is an open source FPGA-based project for Gigabit Ethernet networking. It's primary purpose is for building an open, trustworthy, and extensible foundation for packet processing, IoT, test & measurement, and control (e.g., sensors, motors, etc.) applications.

When the FPGA filters / detects specific addresses, ports, protocols, and data, we are able to confirm at the hardware layer that this has been accomplished. This is in stark contrast to off-the-shelf SoC implementations, which require developers & users to make assumptions of multiple layers (typically opaque) being free of bugs, back doors, and resident spies / spyware.

The open FPGA-based architecture supports numerous, highly parallel functions implemented at Ethernet line rate (125 MHz x 8-bit). Our Darsena™ development board, which is Arduino form factor and pin out compatible, supports Ethernet connectivity via two on-board Gigabit Ethernet PHYs and integrates an ARM micro controller, debuggers, and offers expansion via Arduino-style connectors.

The source code is hosted here using cgit.

Project Highlights

The figure below shows a block diagram of the FPGA Verilog modules comprising a typical Private Island instantiation. Note that the SERDES/PCS functionality is provided by a hard macrocell inside the Lattice ECP5UM. The receive (rx) path is into the soft Ethernet switch, and the transmit path is out of the switch.

Project Goals

Our Development Board: Darsena

• Arduino form-factor compatible with dozens of I/O for expansion and shield support
• Lattice ECP5UM FPGA (45K LUTs with integrated PCS/SERDES)
• Two Texas Instruments DP83867 Gigabit PHYs
• NXP Kinetis K02 Microcontroller with ARM Cortex M4 core
• Micron SPI ROM

The figure below shows the Lattice Diamond IDE with the Physical Viewer window enabled. This viewer shows the routing of an instantiation of Private Island™ with one of the wires of the Ethernet rx_data bus highlighted.

The next figure shows the Lattice Diamond Reveal Analyzer active with a trace of the Ethernet receive path. This gives new meaning to the concept of packet inspection and enables developers to see packets within their FPGA as it traverses their device.

Submitting Patches

Please submit all Git patches to privateisland@mindchasers.com. An acceptable flow is defined below:

1. Unless the patch is trivial or documentation related, make sure the changes are tested and describe the tests within your commit.
2. Install git-email. See git-scm.com reference
3. Set up necessary Git config records for user (e.g., name) and sendemail (e.g., smtpserver)
4. Create your commit in your local clone against the most recent commit of the master branch.
5. Within your commit, clearly state what has been changed, why it was necessary, and how it was tested. Follow best Git practices (references to be added).
6. The first line of commit should provide a clear summary using the following template: "<module>: changes to <module>" (e.g., switch: optimize tx prioritization)
7. On the command line, execute: git format-patch -1 --subject-prefix='private-island][PATCH'. The prefix will add the following to the commit subject line: [private-island][PATCH]
8. email patch using "git send-email" as shown in the example below.

$ git send-email --to privateisland@mindchasers.com --suppress-cc=all <commit subject>.patch 

If you have questions about the process on patching the Private Island repo, please email us at privateisland@mindchasers.com and prefix the subject with "[private-island][Question]"