1. Field of the Invention
This invention relates generally to programmable logic devices (PLDs), and more particularly to security protection of internal configuration information of PLDs.
2. Description of the Prior Art
A PLD usually includes multiple configurable logic blocks, I/O blocks and an interconnect network. FIG. 1 shows one enlarged configurable logic block in a PLD device, including a programmable configuration element area A, where programmable configuration elements 11 are located in a row-column array, and an area B, where the AND array, and hence the AND programmable element array are located. A typical contains several such blocks. It is to be understood that the AND array B is only an example; area B can be any other programmable logic array. The programmable configuration elements in area A control multiplexers, gates, tri-state buffers, etc. to configure the block into different internal configurations, while the AND programmable elements in area B are for programming the AND array to specify different combinatorial logic functions. In addition, programmable elements are also included in the interconnect network to determine routing between the blocks. In most cases, all these programmable elements are identical for a given PLD. They la9 be fuses, anti-fuses, EPROM or EEPROM elements or other programmable memory elements.
Programing of a PLD is accomplished by programing each of the programmable elements. However, the most important information defining a user's chip design of the block is contained in the programmable configuration element array in area A because the programing of these elements 11 determines the basic circuit structure the block assumes. Normally the state pattern of these programmable elements programmed into a PLD can, like a PROM, be read and displayed by use of programming hardware to allow a user to verify his design. Therefore, if no security steps are taken, a user's design implemented by such programmed PLDs can easily be reverse-engineered (copied) since the state pattern of the programmable configuration elements programmed into a PLD determines the internal configuration, hence the operation, of the device. Therefore, a single security element configuration bit 12 as shown in FIG. 1 is often provided in PLDs, and disables this read function when bit 12 is in a set state. This somewhat secures the user's design from attempts to copy or reverse engineer it. However, no special consideration is given as to the location of bit 12, and it has even in some cases been physically isolated in some chips, making its location easily discovered. In any case, if a reverse engineer carefully examines the chip and sees what gates control the reading operation and what disables the reading operation, he may find the security bit 12 and restore it to its unset or original state, and then the internal configuration information can easily be read out again.
Erasable CMOS PLDs, commonly called EPLDs, are considerably more secure than the above described electrically programmable devices. EPLDs are fabricated by a technology similar to that of EPROMs, and have a quartz window in the chip package for UV-erasing programmed data, and are reprogrammable. As described above, EPROM-based PLDs have a "security bit" 12 in configuration area A as shown in FIG. 1, which, if set by the programmer, disables reading of the internal configuration information. For such a device, the security bit can be erased by exposure of the chip to ultraviolet light, although in such a case, all the configuration information in area A is erased as well, hence ensuring the security of the design. However, the security bit can sometimes be defeated by a diligent "reverse engineer" who carefully examines the chip and determines approximately where in the chip the single security bit is located, and can erase just the area immediately surrounding the security bit, while leaving much of the other EPROM region unerased. In this case, the bulk of the configuration information can still be read out, easing the task of reverse engineering.