Private Island: Open Source FPGA-Based Network Processor for Privacy, Security, and AI Applications

Overview

Private Island ^® is an open source FPGA-based project for Ethernet networking. It's primary purpose is for building an open, trustworthy, and extensible foundation for packet processing, machine learning, IoT, and test & measurement applications. The open FPGA-based architecture supports numerous, highly parallel functions implemented at 1G and 10G Ethernet line rates.

When the FPGA filters or detects specific addresses, ports, protocols, and data, we are able to confirm at the hardware layer that this has been accomplished. This is in stark contrast to off-the-shelf SoC implementations, which require developers & users to make assumptions of multiple layers (typically opaque) being free of bugs, back doors, and resident spies / spyware.

This FPGA-based approach provides a new meaning to zero-trust networking.

The source code is hosted here, and the focus of the Master branch currently is to create a small, simple template implementation for our Betsy™ maker board.

Note that we are currently deploying custom implementations on the Altera Cyclone 10 GX, Cyclone 5 GX, Agilex 3, and Lattice Certus-NX. The initial development was on the Lattice ECP5UM, but this is no longer active.

Ongoing project documentation is here.

Project Highlights

The figure below shows a block diagram of the FPGA Verilog modules comprising a typical Private Island instantiation. Note that the SERDES/PCS may be provided by a hard macrocell inside an FPGA. The receive (rx) path is into the soft Ethernet switch, and the transmit path is out of the switch.

An alternative implementation using RGMII for the PHY interface is used for Betsy.

Project Goals

The figure below shows the Lattice Diamond IDE with the Physical Viewer window enabled. This viewer shows the routing of an instantiation of Private Island ^® with one of the wires of the Ethernet rx_data bus highlighted.

The next figure shows Altera's Signal Tap Logic Analyzer after a trigger of Ethernet RGMII MAC receive start of frame using Betsy. This gives new meaning to the concept of packet inspection and conveys that developers are able to see and manipulate raw packets within their FPGA as they traverse their device.

Submitting Patches

Please submit all Git patches to opensource@privateisland.tech. An acceptable flow is defined below:

1. Unless the patch is trivial or documentation related, make sure the changes are tested and describe the tests within your commit.
2. Install git-email. See git-scm.com reference
3. Set up necessary Git config records for user (e.g., name) and sendemail (e.g., smtpserver)
4. Create your commit in your local clone against the most recent commit of the master branch.
5. Within your commit, clearly state what has been changed, why it was necessary, and how it was tested. Follow best Git practices (references to be added).
6. The first line of commit should provide a clear summary using the following template: "<module>: changes to <module>" (e.g., switch: optimize tx prioritization)
7. On the command line, execute: git format-patch -1 --subject-prefix='private-island][PATCH'. The prefix will add the following to the commit subject line: [private-island][PATCH]
8. email patch using "git send-email" as shown in the example below.

$ git send-email --to opensource@privateisland.tech --suppress-cc=all <commit subject>.patch 

If you have questions about the process on patching the Private Island repo, please email us at opensource@privateisland.tech and prefix the subject with "[private-island][Question]"