PLDs are a well-known type of integrated circuit that may be programmed to perform specified logic functions. One type of PLD, the Field Programmable Gate Array (FPGA), typically includes an array of programmable tiles. These programmable tiles can include, for example, Input/Output Blocks (IOBs), Configurable Logic Blocks (CLBs), dedicated Random Access Memory Blocks (BRAM), multipliers, Digital Signal Processing blocks (DSPs), processors, clock managers, Delay Lock Loops (DLLs), Multi-Gigabit Transceivers (MGTs) and so forth.
Each programmable tile typically includes both programmable interconnect and programmable logic. The programmable interconnect typically includes a large number of interconnect lines of varying lengths interconnected by Programmable Interconnect Points (PIPs). The programmable logic implements the logic of a user design using programmable elements that may include, for example, function generators, registers, arithmetic logic, and so forth.
The programmable interconnect and the programmable logic are typically programmed by loading a stream of configuration data into internal configuration memory cells that define how the programmable elements are configured. The configuration data may be read from memory (e.g., from an external PROM) or written into the FPGA by an external device. The collective states of the individual memory cells then determine the function of the FPGA.
Another type of PLD is the Complex Programmable Logic Device, or CPLD. A CPLD includes two or more “function blocks” connected together and to Input/Output (I/O) resources by an interconnect switch matrix. Each function block of the CPLD includes a two-level AND/OR structure similar to those used in Programmable Logic Arrays (PLAs) and Programmable Array Logic (PAL) devices. In some CPLDs, configuration data is stored on-chip in non-volatile memory. In other CPLDs, configuration data is stored on-chip in non-volatile memory, then downloaded to volatile memory as part of an initial configuration sequence.
For all of these PLDs, the functionality of the device is controlled by data bits provided to the device for that purpose. The data bits can be stored in volatile memory (e.g., static memory cells, as in FPGAs and some CPLDs), in non-volatile memory (e.g., FLASH memory, as in some CPLDs), or in any other type of memory cell.
Some PLDs, such as the Xilinx Virtex® FPGA, can be programmed to incorporate blocks with pre-designed functionalities, i.e., “cores”. A core can include a predetermined set of configuration bits that program the FPGA to perform one or more functions. Alternatively, a core can include source code or schematics that describe the logic and connectivity of a design. Typical cores can provide, but are not limited to, DSP functions, memories, storage elements, and math functions. Some cores include an optimally floor planned layout targeted to a specific family of FPGAs. Cores can also be parameterizable, i.e., allowing the user to enter parameters to activate or change certain core functionality.
PLDs, however, may be susceptible to configuration data attacks, whereby the configuration data stream used to configure the PLDs may be intercepted without authorization by a hostile entity. Once intercepted, the configuration data stream may then be downloaded into the hostile entities' PLD and used to configure the PLD to perform the logic function defined by the intercepted configuration data stream.
One countermeasure that may be used to prevent the unauthorized use of the intercepted configuration data stream, is to encrypt the configuration data stream prior to transmission to the PLD. The PLD may then decrypt the configuration data stream to internally recreate the intended configuration. In order for the PLD to decrypt the configuration data stream, however, decryption keys are required by the internal decryptor.
The decryption keys may typically be stored in a few hundred bits of volatile random access memory (RAM) and may be maintained in the volatile RAM through the use of an external battery to enhance security. That is to say, for example, that security is enhanced by providing the ability to remove the connection to the external battery, thus allowing the stored contents within the volatile RAM to be passively erased. Such decryption key protection is typically known as passive zeroization, whereby memory contents within the volatile RAM are allowed to “bleed away” when battery power is removed, but may not provide the level of protection required by today's PLD users. Conventional zeroization techniques such as this do not, however, provide protection of the decryption keys under all phases of operation. Accordingly, efforts continue to decrease the susceptibility to attack during all phases of PLD operation. Such efforts should strive to minimize the cost of protection, through the use of a minimum number of additional external pins on the PLD.