DevSecOps and FPGA Certification in Aerospace

Reading Time: 7-9 minutes - June 2026

Cybersecurity has become a key concern for safety‑critical aerospace systems. With the introduction of the ED‑203A standard, certification authorities now require cyber risks to be addressed from the earliest design stages, in the same way as safety concerns.

In this context, FPGA components play a strategic role. Widely used to implement sensitive functions such as encryption, data filtering, and secure communications, FPGAs rely on HDL code (VHDL/Verilog) that can contain exploitable vulnerabilities. Yet traditional approaches derived from DO‑254, which focus primarily on safety, do not explicitly address cyber threats.

The reference article demonstrates that a hardware-oriented DevSecOps approach, combined with static analysis and formal methods, provides an effective way to meet ED‑203A cybersecurity objectives while significantly improving the robustness of FPGA designs.

The DO‑254 standard provides a solid framework for demonstrating the safety of complex electronic hardware. However, it does not explicitly cover cybersecurity threat scenarios targeting the internal logic of FPGA designs.

The article highlights several categories of risks that are typically overlooked:

• Out-of-bounds memory or vector accesses leading to corruption or unintended execution
• Unreachable states or dead code potentially hiding design errors or backdoors
• Finite State Machines exhibiting dead states, livelocks, or ambiguous behaviors
• Violations of secure coding rules (signal initialization, state management, critical combinatorial logic)

Such weaknesses may escape conventional verification activities and become exploitable once the component is deployed.

This clearly calls for a complementary cybersecurity-focused approach, fully integrated into FPGA development workflows.

To address ED‑203A requirements effectively, the article proposes an innovative methodology based on three complementary pillars.

Secure by Design with DevSecOps

• Continuous detection of vulnerabilities as HDL code is written
• Native integration of security controls into FPGA design flows
• Automated checks triggered at each change through hardware-oriented CI/CD pipelines

Independent and Traceable Reviews

• Systematic use of Pull / Merge Requests
• Enforcement of independent reviews as required by certification standards
• Preservation of review evidence (checklists, findings, corrections, approvals)

Full Traceability and Certification Evidence

• Direct linkage between security rules, source code, analysis results, and fixes
• Automatic generation of auditable evidence supporting ED‑203A objectives (EASA, DGA)

This approach makes it possible to reconcile cybersecurity, regulatory compliance, and development agility, avoiding the trade-offs typically imposed by traditional processes.

Linty at the Core of the Approach

Linty is an advanced static analysis tool dedicated to VHDL code, specifically designed for safety‑ and security‑critical environments. Integrated directly into development environments (e.g. VS Code), it enables real-time detection of hardware-level vulnerabilities.

Automated Detection of HDL Vulnerabilities

Linty identifies, among others:

• Out-of-range memory or index accesses
• Unconnected, constant, or non-registered output ports
• Dead code, unreachable branches, and suspicious logic patterns
• Violations of secure coding rules

Making Formal Methods Accessible

One of Linty’s key contributions is democratizing the use of formal methods for FPGA designers:

• Automatic generation of mathematical assertions
• Proofs of absence of critical vulnerabilities (e.g. arithmetic overflows, FSM flaws)
• Formal detection of dead states, unreachable states, livelocks, and redundant states

The result is mathematically sound evidence, naturally integrated into a DevSecOps workflow.

The practical application of this approach—particularly on the CNES Athena X‑IFU project—resulted in:

• A drastic reduction in residual defects within the VHDL code
• Early identification of hardware cybersecurity vulnerabilities
• A dramatic acceleration of validation, verification, and certification cycles (up to 300%)
• Improved continuity between DO‑254 (safety) and ED‑203A (cybersecurity) processes

Beyond civil aerospace, this methodology is fully transferable to other safety‑critical domains, including defense, space, automotive, rail, medical, and nuclear industries.