The shift toward chiplets and multi-die assemblies is forcing big changes in the global supply chain, including much tighter cooperation between companies and governments in ensuring the authenticity and quality of various components.

The chip industry has been focused on digital certificates as the best means for reducing counterfeiting and ensuring consistent quality for some time. The problem is that it requires buy-in from governments, manufacturers, and assembly houses, not all of which share the same willingness to invest in the necessary infrastructure and technology needed to share digital certificates. That has since changed, due partly to the exponential growth in high-performance compute (HPC) multi-die products, which fuel AI-driven applications. Equally important is the shift motivated by governments’ need for authenticated non-HPC devices used in critical infrastructure and defense applications.

Over the past five years, industry consortia and various nations have established forums for discussing technical investments and economic incentives, and in some cases, they have passed legislation that both regulates and invests in the semiconductor industry. But to be successful in closing supply chain loopholes requires filling what gaps remain, eliminating conflicts between standards and regulations, removing barriers between suppliers and their customers, and establishing agreed-upon business and technical frameworks.

This is not a novel idea. The software industry has been creating and using digital certificates for years. The chip industry, in contrast, has been far less successful. Several consortia have defined how to make this work using physical IDs possessing immutability, third-party certificate authorities, and integration with factory data automation systems. But implementation has been spotty, at best.

Fig. 1: Trusted supply chain relies upon device IDs attached to asset certificates during electronics manufacturing process. Source: Archon Design Systems

What has been noticeably missing is a compelling economic reason for design houses and factories to invest in the enabling technology and agree to an open eco-system. Concerns about counterfeit products certainly provide a clear incentive and have long raised awareness, and the availability of manufacturing data traceable to specific semiconductor components presents an additional economic motivation. What finally seems to have tipped the scales are new government policies and regulations that mandate suppliers have the necessary infrastructure to make all this work if they want to do business with these entities.

“Counterfeit microelectronic parts are a structural symptom of a fragmented and opaque supply chain,” said Daniel DiMase, CEO of Aerocyonics. “Overproduction and test rejects can originate from legitimate manufacturing streams, but re-enter commerce without verified provenance (a.k.a. gray market devices [1]). The absence of standardized chip-level identity allows these parts to masquerade as authentic product, compromising safety-critical systems and undermining intellectual property and manufacturing investments. Industry sources suggest the global financial impact extends well beyond the annual $7 billion to $10 billion counterfeit loss estimates [2]. The real cost, when including requalification, program delays, and security risk, is an order of magnitude higher.”

That cost impacts both sellers and buyers of chips. “At a previous company, we had RMAs for a device, and it turned out these devices were gray market,” said Nitza Basoco, mobility business unit manager at Teradyne. “They were binned out as fails at some point in the supply chain, then somehow made it into customers’ hands because somebody else picked them up and distributed them. We had to do a deep dive to identify this issue.”

Still, adding another layer of technical and business processes comes at a cost, and it raises questions about whether customers really are willing to pay more for trusted devices.

“Several industries are prepared to pay for trusted supply chain devices,” said Lee Harrison, director of Tessent IC solutions at Siemens EDA. “Obviously, defense finds this very valuable. Automotive is big into this. And because of silent data corruption (SDC), all the hyperscaler data center operators (e.g., Meta, AWS) want to pay for this. Rightly or wrongly, they see this as giving them some traceability to resolve identified SDC fails.”

Others concur that the high-performance computing sector and government entities — for both defense and critical infrastructure — will be key drivers of adoption.

“The U.S. government clearly desires the capabilities to have an end-to-end trusted supply chain,” said John Carulli, director of emerging technologies ecosystem development at Advantest America. “This is one motivating force. The top fabless/fab-lite companies have enabled various levels of customized traceability infrastructure approaches for years for the purpose of improved yield, reliability, quality, performance matching, and supply chain management/resiliency. But in the end, it likely will be economic factors overall that drive implementation — possibly with advanced packaging driven by HPC applications pushing this capability to mainstream standardization.”

Aligning with enablers, standards, regulations Overlapping standards, a lack of compelling economic incentives, as well as inconsistent regulations from different countries, collectively make this a complicated vision to implement. It requires a concerted effort by the chip industry and participating governments to support the technical and business infrastructure.

“Achieving a verifiable and interoperable semiconductor traceability framework requires coordination across technical, organizational, and policy domains,” said Tom Katsioulas, CEO of Archon Design Systems. “While technologies and standards exist, adoption hinges on aligned incentives, harmonized policies, and interoperable data frameworks that connect value chains. Barriers such as proprietary data silos, high integration costs, and inconsistent regulatory frameworks can be mitigated through shared governance and coordinated policy.”

The enablers and barriers in figures 2 and 3 (below) outline the key forces and show how fragmented supply chains can be virtually re-aggregated into a verifiable federated trust fabric.

Fig. 2: Enablers for reaggregating fragmented supply chains with a federated trust infrastructure. Source: Archon Design Systems

Fig. 3: Barriers to reaggregating fragmented supply chains with a federated trust infrastructure. Source: Archon Design Systems

Standards for traceability and more For product yield and quality control, fab and fabless companies both have implemented some form of traceability covering a portion of the supply chain. But most of these implementations are customized solutions, which typically do not enable sharing of data across the whole supply chain (i.e. fab to end application). Standards are in place to address this. For instance, SEMI E142, a specification for substrate mapping [3], documents a basic set of requirements that tie manufacturing data to a device’s position on a substrate. This standard specifically applies to assembly and test of semiconductor devices, but due to tight profit margins, OSATs have been reluctant to implement it.

This is beginning to change, however. “If you’re trying to optimize an assembly process, you need to understand which dies are picked up, placed, and aggregated into different products,” said Dave Huntley, business development director at PDF Solutions. The standard has nothing to do with PUFs, just simply x,y location on the wafer, placement on the package, and record this information in an E142-compatible data system. Today, we’ve got several customers that have been told they need to be E142-compliant, and we are providing the data system. And quite honestly, it’s shocking to me how long it’s taken for people to implement E142’s basic set of requirements. There are now hard numbers behind the fact that they need to be compliant. Companies are losing business because they haven’t got it.”

Fig. 4:** Illustration of a SEMI E142-compliant system. Source: PDF Solutions-**

At the tail end of the supply chain lie the end electronic systems that require trusted devices and trusted software. Here, too, a number of standards already exist.

“IEEE 802.1AR is foundational,” said Mike Borza, scientist at Synopsys. [4,5] “From the Trusted Computing Group (TCG), people use the DICE protocol in commercial and non-commercial applications [6]. OCP as an organization is bringing this to datacenter compute, and that’s likely to be picked up elsewhere. In addition, NIST and SEMI are both developing standards and techniques to enhance semiconductor supply chain assurance.”

Existing and pending standards can connect semiconductor devices from the inception of a design all the way through the manufacturing process and into end applications.

Fig. 5: How pervasive standards can facilitate trusted supply chain digitalization and economic security. Source: Archon Design Systems

The table below lists standards that form the backbone for a trusted semiconductor supply chain. Together they establish the ability to link traceability, cyber-physical security, and cross-border regulatory compliance.

Fig 6: Global standards defining provenance, Security, and interoperability. Source: Archon Design Systems

Regulatory, policy and consortium drivers While the highlighted standards, government regulations, and associated policies can enable a trusted supply chain, it’s still not perfect. There are gaps in existing standards and regulations, as well as conflicts and overlaps between standards and regulations. All of those inhibit adoption. Addressing the gaps and conflicts falls to semiconductor industry consortiums and government regulatory bodies to sort out. And given the global nature of semiconductor manufacturing, these organizations need to be talking with each other. It’s an all-hands-on-deck scenario.

The move to chiplet-based designs, due to the reticle size limitations of a single die, adds a sense of urgency, as well. “Standardization will help a lot,” Synopsys’ Borza said. “The basic techniques are well known. But getting many suppliers and consumers at different stages of the supply chain to use those in a consistent way has been a challenge. Organizations like the UCIe Consortium recognize this and are tackling it head-on [7]. The result will be a high level of commonality in the identification protocols among suppliers and consumers of chiplets for advanced high-density device packaging solutions.”

This is more complicated than it sounds. UCIe directs the design connections between the chiplets for digital circuit products with high-density interconnects. Mobile phones and public safety radios, in contrast, require RF devices, DSPs and other mixed-signal functionality. And medical equipment for hospitals and wearable health devices (e.g., insulin pumps) includes MEMS, sensors, and mixed-signal devices. These electronic systems also need security, traceability, and regulatory compliance.

In addition, IC design-driven efforts do not necessarily address the myriad manufacturing processes, data automation, and disparate data lakes. To take it to the next level, IC design standards and security regulators need to be in concert with other portions of the semiconductor production chain.

SEMI recently started a Phase 0 initiative focused on traceability. The goal is to create an international governance framework for harmonized chip ID and business ID infrastructure by adopting the necessary industry standards. Supported by both U.S. and European counterparts, such a framework could align provenance practices across borders and link data via digital certificates, thereby resulting in a fabric of metadata.

“In our industry we work with national and international standards that can be regulatory in nature,” explained Melissa Grupen-Shemanky, CTO of SEMI. “Also, we adhere to quality standards that define safety and reliability criteria. Lastly, industry standards are enablers for processes, products, services, and integration. Industry standards typically evolve within the technology or product development cycle. This is the case for traceability. Some traceability standards exist and continue to be refined particularly in the areas of device ID content, device authentication structures, and labeling. However, additional standards depend upon the traceability infrastructure being globally implemented. With this in mind, before identifying gaps in standards, the first task in Phase 0 is to agree upon traceability objectives and identify gaps in the traceability structure itself.”

In parallel, multiple government legislative acts and regulations are creating the environment in which trusted semiconductor devices are no longer optional.

“Regulators are moving in step,” said Aerocyonics’ DiMase. “The NDAA 5949 provisions [9] — the CHIPS and Science Act, and the EU’s Cyber Resilience Act [10] and Digital Product Passport [11] — all point toward a future where traceability is no longer optional. The opportunity before us is to build the connective tissue, technical, regulatory, and economic, that makes ‘trusted supply’ measurable and enforceable across the entire semiconductor value chain. When the chip itself can prove where it came from, every subsequent system gains that trust by inheritance.”

Mandating trusted devices directly addresses the identification of counterfeit parts. It also creates new revenue opportunities.

“Beyond compliance, traceability also establishes a new layer of economic intelligence — authenticated lifecycle data that can be monetized through yield optimization, predictive maintenance, and data-driven services such as hardware-as-a-service or digital-twin analytics,” DiMase said. “Provenance is not merely a cost of doing business. It becomes a source of competitive advantage and recurring value creation across the ecosystem.”

Customer demand will drive adoption Together, consortiums and regulatory bodies will create a climate that requires larger system developers to buy from trusted suppliers with verifiable evidence. This requirement then migrates upstream to the various electronics manufacturers and design houses. The strongest economic driver will be purchasers of HPC devices. In addition, government-purchased systems for defense and critical infrastructure, such as water and power plants, eventually will require verifiable trusted devices from their supplier. Put simply, customers will demand it.

More than a decade ago, OEMs began asking their IC suppliers for identifiers they can read, pushing requirements upstream. Teradyne’s Basoco recalled her experience at a previous company. “At first, we didn’t provide a solution due to concerns about sharing internal access/data. But then it became a requirement from our customer.” explained Basoco. “When we sought to figure out who was setting these requirements, we found it was the end-product / system customer. And as that requirement was broken down throughout the supply chain, it meant if we wanted to sell product, we needed to enable this capability – it was no longer an option.”

Others agree that customer demand will drive the investment to fully enable a trusted supply chain for chips. “Manufacturers build what their customers demand and pay them to do,” said Synopsys’ Borza. “There’s no doubt that adding the necessary pieces to an IC to support this adds cost and some complexity, including to the manufacturing flow. And those costs will need to be passed on to their customers. For end-user product manufacturers, the incentive is continued access to customers in regulated markets — and in some cases, to avoid liability for selling products that are deemed to be not fit for purpose in some more free-wheeling markets. IC manufacturers are suppliers to those companies, and like the semiconductor manufacturers, they build products to meet the needs of their customers.”

An additional driver lies in the promise of new business opportunities based upon the connection of data associated with trusted devices.

“Beyond authentication, this linkage enables the secure retention of manufacturing and test data within the fab’s trusted domain, allowing that data to be delivered as a service for digital twinning, yield optimization, and lifecycle analytics,” said Aerocyonics’ DiMase. “When extended through OSAT, OEM, and system integration stages, this provenance chain transforms raw test data into a living trust fabric, connecting component-level integrity to system-level assurance.”

Fig. 7: **A trusted supply chain enables digital marketplaces for trusted digital twins and data analytics. Source: Archon Design Systems **

Conclusion Implementing a trusted semiconductor supply chain would significantly reduce counterfeit devices and create new business revenues. However, it only will be realized if there is agreement across the semiconductor industry on implementation, and corresponding alignment with the existing impending government regulations and policies is achieved.

References

1. https://en.wikipedia.org/wiki/Grey_market
2. https://www.semiconductors.org/wp-content/uploads/2018/06/ACTF-Whitepaper-Counterfeit-One-Pager-Final.pdf
3. https://store-us.semi.org/products/e14200-semi-e142-specification-for-substrate-mapping
4. https://en.wikipedia.org/wiki/IEEE_802.1
5. https://1.ieee802.org/
6. https://www.microsoft.com/en-us/research/project/dice-device-identifier-composition-engine/?msockid=1998fe415e8d6b9e02d5e8295fa06a67
7. https://trustedcomputinggroup.org/work-groups/dice-architectures/
8. https://www.uciexpress.org/post/securing-the-new-frontier-chiplets-hardware-security-challenges
9. NDDA https://www.federalregister.gov/documents/2024/05/03/2024-08735/federal-acquisition-regulation-prohibition-on-certain-semiconductor-products-and-services
10. https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng
11. https://data.europa.eu/en/news-events/news/eus-digital-product-passport-advancing-transparency-and-sustainability

Related Reading Chiplet Security Risks Underestimated The magnitude of the security challenges for commercial chiplets is daunting. Chip Security Now Depends On Widening Supply Chain How tighter HW-SW integration and increasing government involvement are changing the security landscape for chips and systems. Infusing Trust Into The Supply Chain Why another layer of tracking is needed to transform traceability into trustability. Removing Barriers For End-To-End Analytics What’s needed to effectively share data across the supply chain. Fingerprinting Chips For Traceability Diverse identifier technologies enable fingerprinting for all device types. Plugging Gaps In The IC Supply Chain Consistent unique identifiers, from die to final end-system, open the door for new analytic workflows that can improve reliability and traceability.